-
Notifications
You must be signed in to change notification settings - Fork 13.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hard Limit on available Sessions? #8839
Comments
edited: fixed markdown formatting. I see a thread exception, too many files open there. I know when I've been on a big network with MANY ssh creds, ~300 or so sessions in they'll start bombing because of too many files open (i think on |
Am 18.08.2017 02:18 schrieb "h00die" <notifications@github.com>:
edited: fixed markdown formatting.
I see a thread exception, too many files open there. I know when I've been
on a big network with MANY ssh creds, ~300 or so sessions in they'll start
bombing because of too many files open (i think on known_hosts file).
Pending this is the true root of the problem, its an OS issue, possibly try
https://askubuntu.com/questions/181215/too-many-open-files-how-to-find-the-
culprit
While I like my ESXi home setup, i can't spin up 1k nodes on the network.
even 250 would strain the limits.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#8839 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AdCUcxIJa2ZBKpCpkYrqFh2TQ41wws-yks5sZNhOgaJpZM4O5Jmv>
.
|
Thanks for fixing the markup. Following the article, I looked to see what my available open file handles were with 'ulimit -a', and it was 400600; I'd think this would be enough for what I'm doing and is far more than the article you linked to listed, even so, I followed the advice in the article and upped the max files in /proc/sys/fs/file-max to 1M and ran the test again. It failed at the same point with the same exception type. I'm currently re-running the test, as I did not get lsof output at the point of the hang, and will also try running this on a physical system to see if the fact that this is a VMware image makes a difference. |
The code involved is how Rex sockets pivot. A sockpair is created having a listening and binding sock. One half of the pair gets replaced with abstraction which provides socket compatible methods. |
This may not help anyone but I found the fix. I was using Metasploit + SOCKS proxying running the smb_login module over AWS and got the error "too many open files...port 0 localhost" and the fix for me was to increase the limits for the user account running Metasploit by editing /etc/security/limits.conf more details here - https://linuxhint.com/increase-open-file-limit-ubuntu/ reboot once you are done then your new hard and soft limits should be high enough so you don't encounter that error anymore. |
Closing this as it's an environment issue which can be resolved by configuring I'm not against a PR to have a hard session limit, which we could cross-reference with the user set |
Thanks for your contribution to Metasploit Framework! We've looked at this issue, and unfortunately we do not currently have the bandwidth to prioritize this issue. We've labeled this as |
Steps to reproduce
Expected behavior
Exploit should complete and session be delivered for each host in list not just the first 250.
Current behavior
After 250 sessions have been received and backgrounded, no further sessions are completed:
Eventually, waiting several hours, yields the following messages:
Opening another metasploit-framework instance and running the same exploit/payload combo completes successfully.
What I think might be the relevant stack trace is below:
System stuff
VMware workstation VM
uname -a-
Linux hostname 4.9.0-kali4-amd64 test #1 SMP Debian 4.9.30-2kali1 (2017-06-22) x86_64 GNU/Linux
lscpu -
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Byte Order: Little Endian
CPU(s): 4
On-line CPU(s) list: 0-3
Thread(s) per core: 1
Core(s) per socket: 2
Socket(s): 2
NUMA node(s): 1
Vendor ID: GenuineIntel
CPU family: 6
Model: 44
Model name: Intel(R) Xeon(R) CPU X5675 @ 3.07GHz
Stepping: 2
CPU MHz: 3058.045
BogoMIPS: 6118.00
Hypervisor vendor: VMware
Virtualization type: full
L1d cache: 32K
L1i cache: 32K
L2 cache: 256K
L3 cache: 12288K
NUMA node0 CPU(s): 0-3
Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts mmx fxsr sse sse2 ss ht syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts nopl tsc_reliable nonstop_tsc aperfmperf eagerfpu pni pclmulqdq ssse3 cx16 sse4_1 sse4_2 popcnt aes hypervisor lahf_lm epb dtherm ida arat
Metasploit version
Framework: 4.14.28-dev
Console : 4.14.28-dev
I installed Metasploit with:
OS
Kali Linux
The text was updated successfully, but these errors were encountered: