-
Notifications
You must be signed in to change notification settings - Fork 13.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Using meterpreter_reverse_http Payload for pivoting #18950
Comments
I'm thinking there's a configuration error here. Would it be possible for you to:
|
Hi Spencer, Here is the configuration of the VMS:
And here is the copied text from the msfconsole with the payload options:
Thank you for your support :) |
What's the output of the If all that's in place, you should check that Debian 1 doesn't have any kind of firewall or anything that'd be preventing the connection from the second target. It looks like everything you've setup is correct but checking those things can help eliminate some common problems. |
Hello, bumping it since I have similar problem with
MSF is listening on 10.9.254.6 (Kali) and listener is also set up on first victim (pivot) on 10.10.123.102 on port 6666. Trying to spawn session on server 10.10.122.30, but session is dying while downloading from stager. I have tried with other HTTP payload which was |
Yeah, I still can't reproduce any issues here. In my lap setup .128 is my system running Metasploit, .10 is one Windows target and .40 is another. I'm able to open my first Meterpreter session to .10 and then a second to .40 by having Metasploit start a listener on .10. I tried with the reverse_http, reverse_https and reverse_winhttp stagers. All of them worked.
I recommend you try to simplify your setup as I did by not using the |
Hi! This issue has been left open with no activity for a while now. We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here. As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request. |
Hi,
I'm testing some attack scenarios in my home lab. To gain initial access to the first machine, I am utilizing the linux/x64/meterpreter_reverse_http payload. Subsequently, I am employing the same payload to facilitate lateral movement to the second machine.
Scenario: Kali ->(metrpreter_reverse_http)->First target (Debian) ->(metrpreter_reverse_http)->Second target (Debian)
While the first session works fine without any problems, when I set up the listener for the second session and run the second payload on the second target VM, it doesn't open the second session.
I do recieve the request to the handler but no session is opened..
[First Session works]
[Second Session not opening]
I've also tested the scenario:
Kali ->(linux/x64/metrpreter_reverse_http)->First target (Debian) ->(windows/metrpreter_reverse_http)->Second target (windows)
In this case, both sessions work without any problem.
So, my question is: Why can't the second session be opened in the first scenario?
I would greatly appreciate any assistance or guidance from anyone who can help.
Thank you :)
The text was updated successfully, but these errors were encountered: