New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

exploit/multi/handler always runs as a job #8982

Closed
Rogdham opened this Issue Sep 19, 2017 · 47 comments

Comments

Projects
None yet
@Rogdham
Copy link
Contributor

Rogdham commented Sep 19, 2017

Steps to reproduce

In msfconsole, run exploit/multi/handler

Expected behavior

As in Kali live (kali-linux-2016.2-amd64.iso), version 4.12.22-dev:

msf > use exploit/multi/handler
msf exploit(handler) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(handler) > set lhost 0.0.0.0
lhost => 0.0.0.0
msf exploit(handler) > exploit

[*] Started reverse TCP handler on 0.0.0.0:4444 
[*] Starting the payload handler...

…at which point it waits for an incoming connexion.

Edit: it worked also on kali-linux-2017.1-amd64.iso, version 4.14.10-dev.

Current behavior

The exploit runs as a background job, although the -j flag was not given to the exploit command

msf > use exploit/multi/handler
msf exploit(handler) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(handler) > set lhost 0.0.0.0
lhost => 0.0.0.0
msf exploit(handler) > exploit
[*] Exploit running as background job 0.

[*] Started reverse TCP handler on 0.0.0.0:4444 
msf exploit(handler) > jobs

Jobs
====

  Id  Name                    Payload                          Payload opts
  --  ----                    -------                          ------------
  0   Exploit: multi/handler  windows/meterpreter/reverse_tcp  tcp://0.0.0.0:4444

msf exploit(handler) > 

System stuff

Metasploit version

  • 4.16.6-dev, Kali rolling via apt
  • 4.16.6-dev, Kali LiveCD kali-linux-2017.2-amd64.iso
  • 4.16.7-dev, Arch Linux via pacman
@Chiggins

This comment has been minimized.

Copy link
Contributor

Chiggins commented Sep 20, 2017

This was a change made about a few months ago. Ended up changing the default behavior since it seemed a majority of people use exploit -j anyway.

@Rogdham

This comment has been minimized.

Copy link
Contributor

Rogdham commented Sep 20, 2017

When I teach metasploit to new people, I usually start with exploit/multi/handler. At that point I am already introducing concepts of exploit and payloads. Now I will have to introduce the concept of jobs and sessions at the same time, plus how to see and kill jobs, how to see and interact with sessions. I would do that anyway, but it just adds a lot at the same time to learn.

Anyways, for me it would be confusing to keep that as a default, for the following reasons:

  • not the same default as with other exploits
  • is not coherent with the help of the exploit command: exploit -h says that -j runs as a job, but it's already the case without -j
  • is not clear how to run it not in the context of a job
  • with bind payloads, it does not seem to have a lot of sense to run in the context of a job

Currently, is there a way to disable this default behaviour (like a setting or something)?

@Rogdham

This comment has been minimized.

Copy link
Contributor

Rogdham commented Sep 20, 2017

It seems to me that the previous behaviour (i.e. requiring -j) has been restored in 66a4ea4 and reverted after in edbe8d7.

I just find the PR #8853 where there has been some discussion already.

However, it seems that the consensus was to require -j, so why was that PR reverted later on?

Tagging @bcook-r7 @wvu-r7

@harshil2105

This comment has been minimized.

Copy link

harshil2105 commented Sep 20, 2017

@Rogdham

This comment has been minimized.

Copy link
Contributor

Rogdham commented Sep 20, 2017

Set ExitOnSession true

Hmm, does not seems to do it:

msf > use exploit/multi/handler
msf exploit(handler) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(handler) > set lhost 0.0.0.0
lhost => 0.0.0.0
msf exploit(handler) > set ExitOnSession true
ExitOnSession => true
msf exploit(handler) > exploit
[*] Exploit running as background job 0.
msf exploit(handler) > 
[*] Started reverse TCP handler on 0.0.0.0:4444 

msf exploit(handler) > jobs

Jobs
====

  Id  Name                    Payload                          Payload opts
  --  ----                    -------                          ------------
  0   Exploit: multi/handler  windows/meterpreter/reverse_tcp  tcp://0.0.0.0:4444

msf exploit(handler) > 

As a temporary solution, I think I will edit the modules/exploits/multi/handler.rb file locally to remove 'Stance' => Msf::Exploit::Stance::Passive.

@harshil2105

This comment has been minimized.

Copy link

harshil2105 commented Sep 20, 2017

@goran908

This comment has been minimized.

Copy link

goran908 commented Oct 5, 2017

Rodgham i did your temporary fix but now i can't use the handler i mean i get active sessions but how do i control the sessions? Sorry not so skilled i am new

@goran908

This comment has been minimized.

Copy link

goran908 commented Oct 5, 2017

Ahh thanks i set ExitOnSession true and that fixed it ☺

@Rogdham

This comment has been minimized.

Copy link
Contributor

Rogdham commented Oct 6, 2017

Yes, you're right, I've found as a temporary fix to do both:

  • edit modules/exploits/multi/handler.rb to remove 'Stance' => Msf::Exploit::Stance::Passive
  • set ExitOnSession to true

Sorry for that, I see that it was not clear in my last comment.

@naimish10

This comment has been minimized.

Copy link

naimish10 commented Oct 7, 2017

screenshot from 2017-10-07 18-24-57
can you please help ,me with it i have tried my internal ip my external ip every port but i am not getting any active session please help me i am beginner

@missmistie37

This comment has been minimized.

Copy link

missmistie37 commented Oct 7, 2017

@Rogdham

This comment has been minimized.

Copy link
Contributor

Rogdham commented Oct 8, 2017

can you please help ,me with it i have tried my internal ip my external ip every port but i am not getting any active session please help me i am beginner

Hello @naimish10, and wellcome to Github! I believe your problem is not revelant to this specific issue. In the future, could you try to create your own issue when you are facing with a problem of your own?

Also, for the Metasploit Framework, Github issues are used when users find a bug, or want a feature implemented. If you need held using the Metasploit Framework, I suggest looking into the following ressources instead:

Hope this helps!

@Sharik7

This comment has been minimized.

Copy link

Sharik7 commented Oct 8, 2017

i have got the same issue there is no payload handler start command after * started tcp handler on lhost and lport*......
so how to connect with payload handler....

@Rogdham

This comment has been minimized.

Copy link
Contributor

Rogdham commented Oct 8, 2017

Explain because I'm a little confused on why I'm getting these emails with main frames about landing... land what?

Hello @missmistie37!

I'm really not sure what your questions is. From the text under your message, it seems that you subscribed to this issue on Github. When someone posts a message on this thread, you get an email notification.

If you are not happy about this, you can do the following:

  • You can click on the “mute the thread” link in the emails messages you receive
  • Follow this guide to disable receiving notifications by email.

Hepe this helps!

@naimish10

This comment has been minimized.

Copy link

naimish10 commented Oct 8, 2017

I have been trying from 3 days i have tried to hack into my android using ngrok also but it shows session opened but no meterpreter session open and after 20 second it shows session died

@Rogdham

This comment has been minimized.

Copy link
Contributor

Rogdham commented Oct 8, 2017

i have got the same issue there is no payload handler start command after * started tcp handler on lhost and lport*......
so how to connect with payload handler....

can you please help ,me with it i have tried my internal ip my external ip every port but i am not getting any active session please help me i am beginner

Hello @Sharik7, and wellcome to Github! I believe your problem is different from the one in this specific issue. Indeed, this issue is specific to a change in the default behaviour of the exploit command in the exploit/multi/handler module.

I suggest trying one of the following:

  • If you believe this is an issue with the Metasploit Framework (i.e. you do not need help using the framework, you think there is a bug), please create your own issue.
  • If you need help with the framework, I suggest asking on the proper place

Other ressources that could be useful:

Hope this helps!

@Rogdham

This comment has been minimized.

Copy link
Contributor

Rogdham commented Oct 8, 2017

I have been trying from 3 days i have tried to hack into my android using ngrok also but it shows session opened but no meterpreter session open and after 20 second it shows session died

Hello again @naimish10!

As I said, this is not the proper place to discuss this. Please create your own issue or ask for help on this forum where people will be willing to help you.

@Anonymousismyname

This comment has been minimized.

Copy link

Anonymousismyname commented Oct 15, 2017

im getting the same issue.
i even did edit modules/exploits/multi/handler.rb to remove 'Stance' => Msf::Exploit::Stance::Passive
set ExitOnSession to true
exploit -j
still same prob
how did the temporary fix worked?

@goran908

This comment has been minimized.

Copy link

goran908 commented Oct 15, 2017

Do exploit , not exploit -j

@Anonymousismyname

This comment has been minimized.

Copy link

Anonymousismyname commented Oct 15, 2017

Yes i did exploit, run, exploit - j, run - j but still iys same

@goran908

This comment has been minimized.

Copy link

goran908 commented Oct 15, 2017

No no type exploit instead of exploit -j

@Anonymousismyname

This comment has been minimized.

Copy link

Anonymousismyname commented Oct 15, 2017

I got you at fst time
I tried using just exploit
it didnt work
Then i tried exploit - j
But still nothing.

@Rogdham

This comment has been minimized.

Copy link
Contributor

Rogdham commented Oct 16, 2017

how did the temporary fix worked?

I just tested again on 4.16.11-dev:

  • remove the line 'Stance' => Msf::Exploit::Stance::Passive in modules/exploit/multi/handler.rb,
  • set ExitOnSession true

Like so:

msf > use exploit/multi/handler
msf exploit(handler) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(handler) > set LHOST 0.0.0.0
LHOST => 0.0.0.0
msf exploit(handler) > set ExitOnSession true
ExitOnSession => true
msf exploit(handler) > exploit

[*] Started reverse TCP handler on 0.0.0.0:4444 
[*] Sending stage (179267 bytes) to <redacted>
[*] Meterpreter session 1 opened (<redacted>:4444 -> <redacted>:49158) at 2017-10-16 10:29:54 +0200

meterpreter > 
@Anonymousismyname

This comment has been minimized.

Copy link

Anonymousismyname commented Oct 16, 2017

Ok it worked after rebooting.thanx

@Rogdham

This comment has been minimized.

Copy link
Contributor

Rogdham commented Nov 7, 2017

Just confirming #9178 fixes the issue 😃

I agree that having it passive is usually convenient for regular/advanced users, but for newcomers it is definitively a drawback as I explained above. Thank you @busterb!

@MrValioBg

This comment has been minimized.

Copy link

MrValioBg commented Dec 6, 2017

I got connected to my session but meterpreter>> dont appear..
Anyway i tried to wait for about 30 minutes and nothing happen..

@MrValioBg

This comment has been minimized.

Copy link

MrValioBg commented Dec 6, 2017

image Just like that.... i dont have meterpreter>>

@Khaleell

This comment has been minimized.

Copy link

Khaleell commented Dec 13, 2017

Hellp me

[] Started reverse TCP handler on 0.0.0.0:4444
Pleas hellp
[
] Started reverse TCP handler on 0.0.0.0:4444

@Khaleell

This comment has been minimized.

Copy link

Khaleell commented Dec 13, 2017

Helloo 🤗 frinds

[*] Started reverse TCP handler on 0.0.0.0:4444

☹☹

@rapid7 rapid7 deleted a comment from discoweasel Dec 13, 2017

@javedumer

This comment has been minimized.

Copy link

javedumer commented Dec 13, 2017

msf > use exploit/multi/handler
msf exploit(handler) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(handler) > set lhost 0.0.0.0
lhost => 0.0.0.0
msf exploit(handler) > exploit
[*] Exploit running as background job 0.

[*] Started reverse TCP handler on 0.0.0.0:4444
(help me how can i resolve it.i am a new comer)

@javedumer

This comment has been minimized.

Copy link

javedumer commented Dec 13, 2017

I got you at fst time
I tried using just exploit
it didnt work
Then i tried exploit - j
But still nothing.

@javedumer

This comment has been minimized.

Copy link

javedumer commented Dec 13, 2017

msf > use exploit/multi/handler
msf exploit(handler) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(handler) > set LHOST 0.0.0.0
LHOST => 0.0.0.0
msf exploit(handler) > set ExitOnSession true
ExitOnSession => true
msf exploit(handler) > exploit
(also not working)

@Khaleell

This comment has been minimized.

Copy link

Khaleell commented Dec 13, 2017

ماهذه المشكلة اجلبو خبير لكي يرا الحل اتعبتني المشكلة سوف احذف الكالي واعيد تثبيته ؟؟؟

@busterb

This comment has been minimized.

Copy link
Contributor

busterb commented Dec 13, 2017

مجرد الترقية إلى أحدث إصدار من ميتاسبلويت

@busterb

This comment has been minimized.

Copy link
Contributor

busterb commented Dec 13, 2017

If you set LHOST to 0.0.0.0, it tells your payload to connect back to 0.0.0.0. Does this make any sense to you?

@Khaleell

This comment has been minimized.

Copy link

Khaleell commented Dec 13, 2017

@unknownuseer

This comment has been minimized.

Copy link

unknownuseer commented Jan 8, 2018

Hello @Rogdham
You wrote that we have just to edit modules/exploits/multi/handler.rb to remove 'Stance' => Msf::Exploit::Stance::Passive. But how do i do that?

@busterb

This comment has been minimized.

Copy link
Contributor

busterb commented Jan 8, 2018

You don't have to do that. We changed the behavior back months ago. Just update to the latest version of Metasploit framework, at least as of November.

@unknownuseer

This comment has been minimized.

Copy link

unknownuseer commented Jan 9, 2018

@busterb
Thank you for the answer, but the problem is that im new, can you tell me how i update Metasploit?

@busterb

This comment has been minimized.

Copy link
Contributor

busterb commented Jan 9, 2018

how did you install metasploit?

@suraj9648

This comment has been minimized.

Copy link

suraj9648 commented Jan 18, 2018

After session start, use this command...
sessions -l
Then
sessions -i
sessions -i 2, if id is 2
sessions -i 3, if id is 3
sessions -i 4, if id is 4......

@busterb

This comment has been minimized.

Copy link
Contributor

busterb commented Jan 18, 2018

sessions -i -1 will interact with the last opened session, regardless of the id

@suraj9648

This comment has been minimized.

Copy link

suraj9648 commented Jan 18, 2018

@javedumer
@MrValioBg
After session start, First press enter key
New line look like this "msf exploit(handler)>"
Than use this command
sessions -l
Then
sessions -i id
sessions -i 2, if id is 2
sessions -i 3, if id is 3
sessions -i 4, if id is 4
Then press enter

@coconutmilkshake

This comment has been minimized.

Copy link

coconutmilkshake commented Jan 20, 2018

Hi, after doing "msf exploit(handler) > exploit" the "meterpreter >" is not launching, as it is running as a background job, i'm only a beginner so i do not really understand much, could someone please explain how i can resolve this? thank you

@wvu-r7

This comment has been minimized.

Copy link
Contributor

wvu-r7 commented Jan 22, 2018

@coconutmilkshake: See the responses above... If you update your Metasploit, we've reverted that change. A background job means exactly what it sounds like. You'll have to interact with the session manually, but it's still there. Use sessions -i with a session ID. Good luck!

@stuffi27

This comment has been minimized.

Copy link

stuffi27 commented Mar 7, 2018

I use multi/handler

The same. No solution in web are helpfull. Handler fail bind to 0.0.0.0
All updates are installed. this is the problem I think. I use the new update from kali and all driver are 100% from 07.03.2018. It doesn't work !!! I use local network with VPN. My target sytems are in virtualbox (local area network) newest update. I think the handler wants to use tun0 with IP 10.:.. primary. But i use eth0 with 192-168..* I am not sure meta will use lo: flags?!. Any one on earth must be able to fix that!!! so many people have the problem, so many posts on the net. But no right solution is available.

I do not know what to do anymore, 5 days working with every imaginable solution from the net including reinstalling. but nothing works

Please can anybody help me? or fix thix???

I really tried everything from the Internet.

@busterb

This comment has been minimized.

Copy link
Contributor

busterb commented Mar 7, 2018

Did you try checking what else is listening on that port? Do you know how to use netstat?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment