Portfwd in a java meterpreter session works for a few seconds, then ultimately hangs. Deleting and re-adding the forwarding rule does not seem to resolve the issue.
Channel 1 is created after I actually use the local portfwd:
msf6 exploit(multi/handler) > exploit
[*] Started bind TCP handler against 87.206.90.102:4444
[*] Sending stage (58037 bytes) to 87.206.90.102
[*] Meterpreter session 4 opened (192.168.0.102:45363 -> 87.206.90.102:4444) at 2024-11-11 15:41:32 -0500
meterpreter > channel -l
No active channels.
meterpreter > portfwd add -l 8000 -r 172.16.0.10 -p 80
[*] Forward TCP relay created: (local) :8000 -> (remote) 172.16.0.10:80
meterpreter > channel -l
No active channels.
meterpreter > channel -l
Id Class Type
-- ----- ----
1 1 stdapi_net_tcp_client
Eventually the following error appears on the java bind shell payload:
admin@www:~$ /opt/jdk8u181-b13-jre/bin/java -jar msf.jar
java.lang.IllegalArgumentException: Channel 1 does not exist.
at com.metasploit.meterpreter.Meterpreter.getChannel(Unknown Source)
at com.metasploit.meterpreter.stdapi.stdapi_net_socket_tcp_shutdown.execute(Unknown Source)
at com.metasploit.meterpreter.CommandManager.executeCommand(Unknown Source)
at com.metasploit.meterpreter.TcpTransport.dispatch(Unknown Source)
at com.metasploit.meterpreter.Meterpreter.startExecuting(Unknown Source)
at com.metasploit.meterpreter.Meterpreter.<init>(Unknown Source)
at com.metasploit.meterpreter.Meterpreter.<init>(Unknown Source)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at javapayload.stage.Meterpreter.start(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at metasploit.Payload.bootstrap(Unknown Source)
at metasploit.Payload.main(Unknown Source)
The channel remains open even after flushing portfwd rules
meterpreter > portfwd list
Active Port Forwards
====================
Index Local Remote Direction
----- ----- ------ ---------
1 0.0.0.0:8000 172.16.0.10:80 Forward
1 total active port forwards.
meterpreter > portfwd flush
[*] Successfully stopped TCP relay on 0.0.0.0:8000
[*] Successfully flushed 1 rules
meterpreter > channel -l
Id Class Type
-- ----- ----
1 1 stdapi_net_tcp_client
Framework Version: 6.4.34-dev msfpc Version: 1.4.5-0kali3 Java Version: jdk8u181-b13-jre
Portfwd in a java meterpreter session works for a few seconds, then ultimately hangs. Deleting and re-adding the forwarding rule does not seem to resolve the issue.
Channel 1 is created after I actually use the local portfwd:
Eventually the following error appears on the java bind shell payload:
The channel remains open even after flushing portfwd rules