Metasploit mailing list archives
Re: Meterpreter unexpectedly closes
From: "5.K1dd" <5.k1dd () austinhackers org>
Date: Fri, 09 Jul 2010 23:57:26 -0500
If you are using an exploit of a 3rd party app, like Adobe, this can happen. This is because the exploit causes the app to hang, but eventually windows will close the hung app and thus kill the shellcode running inside. I think some internal windows exploits may do the same thing, when the exploited process simply dies and is respawned by the OS. Just normal crash handling behavior for the OS. You need to connect to the session quickly and migrate to a non-hung process that will not be killed by the OS.
Hi list, I've msfencoded a meterpreter reverse https payload using a win binary as a template. Everything seems to work fine when I test it in my XP SP3. I see the outbound connection and the process running, but after about a minute or so the process dies if there's no listener configured on the receiving end and doesn't respawn. What am I doing wrong here? I must be missing something obvious. Is there a timeout option for this reverse shell or a way to keep the process always running, even if it can't connect to the listener? Or is this due to msfencoding the payload somehow breaks it? I have tested that it does work properly when the listener is waiting for it, it's just the fact it timesout so quickly that is a pain. Also, saw the reverse_tcp allports payload and was wondering if there's a similar one for reverse meterpreter https. Ideally one could configure default ports to try 1st and then keep trying randomly the other 65000 or so to evade IDS. I know this would increase the payload size but it would be pretty stealth egress wise. Thanks. I do really love metasploit and the whole community behind it. You all rock. Miguel ------------------------------------------------------------------------ _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Meterpreter unexpectedly closes Miguel Rios (Jul 09)
- Re: Meterpreter unexpectedly closes 5.K1dd (Jul 09)
- Re: Meterpreter unexpectedly closes Alex Polychronopoulos (Jul 10)
- Re: Meterpreter unexpectedly closes Miguel Rios (Jul 10)
- Re: Meterpreter unexpectedly closes Carlos Perez (Jul 10)
- Re: Meterpreter unexpectedly closes Miguel Rios (Jul 10)
- Re: Meterpreter unexpectedly closes Carlos Perez (Jul 10)
- Re: uploadexec and kitrap0d Miguel Rios (Jul 10)
- Re: uploadexec and kitrap0d Carlos Perez (Jul 10)
- Re: uploadexec and kitrap0d Devin Kinch (Jul 11)
- Re: uploadexec and kitrap0d Rob Fuller (Jul 12)
- Re: uploadexec and kitrap0d Carlos Perez (Jul 12)
- Re: Meterpreter unexpectedly closes Miguel Rios (Jul 10)