Problem with session_waiter_event.notify()

[Ron <ron () skullsecurity net>]

Hey,

I hate asking for help publicly, but I'm stuck on a problem and don't know what to do. I'm hoping one of the Metasploit 
devs can help me out. 

Basically, if I try to call Handler#create_session() twice within the same handler (but for different sockets), it 
doesn't return. I traced the problem down to this line:

session_waiter_event.notify

Which, at least in the version I'm working at, is right near the bottom of lib/msf/core/handler.rb (line 231). It 
simply doesn't return the second time it's called. If I comment out the line, things obviously fail spectacularly. But, 
if I wrap my create_session() call in a Thread.new() call, everything works fine:

    def on_connect(session)
        puts(">> entering on_connect")

        session['session'] = ReverseDnsChannel.new()

        Thread.new() {
            create_session(session['session'].lsock)
        }

        puts("<< leaving on_connect")
    end

That clearly isn't the ideal solution, though. I've tried looking at how PassiveX does it, but I'm not sure how, if at 
all, it handlers multiple connections from one handler. 

I suspect this has to do with wait_for_session() only being called the first time. If nothing has called 
wait_for_session(), then the session fails because it's not in the waiting state. 

Any advice would be appreciated. Thanks!

-- 
Ron Bowes
http://www.skullsecurity.org
http://www.twitter.com/iagox86

Attachment: _bin
Description:

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework