Metasploit mailing list archives

Re: Meterpreter Reverse HTTPS Issue

From: Florian Roth <Neo.X () web de>
Date: Sun, 16 May 2010 10:04:16 +0200


As you already noticed - I suppose the problem resides in the network or
transport layer as everything works out fine if you are on the same
network with the target machine. 

You should check with wireshark or tcpdump, if there is some network
activity - first on the target site and then at your attacker system. 

What I would expect to see is:
- DNS queries without valid response on the target system
- TCP resets coming form your router
- ICMP destination unreachable originating from a router 

So - install a wireshark on the target machine, start capturing and then
start your meterpreter payload. 

Regards

On Sat, 2010-05-15 at 18:27 -0500, mickylee () hushmail com wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I'm running a multi handler in msfconsole and having an issue with
meterpreter where it hangs on the following:

[*] Patching Target ID Vkev into DLL (obviously target id will be
different)

I generated a meterpreter reverse https payload using msfpayload
and ran it on a target VM running Windows XP. After a while the
meterpreter process will finally just die on the target system.
Does anyone have an idea what would be causing this?

I only seem to notice this when I run the meterpreter executable in
my VM and I'm on a network other than my home network. In both
cases I have set LHOST to my routers external IP and LPORT to 443.
I am forwarding all traffic to a NAT host on my internal network.
As I said, it only seems to hang on that when I'm on someone else's
network, but never when I'm on my own.


Thanks for any ideas on what's causing this!
-----BEGIN PGP SIGNATURE-----
Charset: UTF8
Version: Hush 3.0
Note: This signature can be verified at https://www.hushtools.com/verify

wpwEAQMCAAYFAkvvLeoACgkQybI6BH2T11ZSZgP7BxeMwxSdNS+xvnQ3J6FUNIu4+cus
88pG52i7zLT1n9r0nM+kX3dAPWAzQYd0jhLm8OtPzJqDw/Tp/WXshLAslU1tvJXzmnW7
TwkevsDOxSznNs0eqM35RAC+frK+gqw7mRu6lBaW1JUIAABdzZLNN2cDTL3eBV1Hpr2y
7w1+2fk=
=3A3B
-----END PGP SIGNATURE-----

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework


-- 
Sincerely
Saludos cordiales
Mit freundlichen Grüßen
Florian Roth

Tel:    +49 06251 - 827 9402
Mobil:  +49 175 - 7240 363       
Fax:    +49 12125 - 11699510
eMail:  Florian.Roth () email de

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

Current thread:

Meterpreter Reverse HTTPS Issue mickylee (May 15)
- Re: Meterpreter Reverse HTTPS Issue Terrence (May 15)
- Re: Meterpreter Reverse HTTPS Issue Florian Roth (May 16)
  - Re: Meterpreter Reverse HTTPS Issue Robert Portvliet (May 16)