Metasploit mailing list archives
Re: windows/meterepreter/reverse_https handler hangs
From: Miguel Rios <miguelrios35 () yahoo com>
Date: Wed, 15 Dec 2010 03:36:38 -0800 (PST)
Thanks for your reply. I didn't know this was a known issue already. It's strange because in this case there was no proxy between the target (XP) and the listener, so I doubt that was the issue in this case. I agree that we could use a better way for meterpreter sessions to egress when behind restrictive firewall and/or proxies. I'd like to see the reverse_all_ports idea ported to a working windows/meterepreter/reverse_https payload with dns resolution. Maybe it could go through a preset list of ports and hosts to try and if that fails then it could do a slow brute force approach trying the rest of the ports and hosts. I know this would make it a lot larger payload but sometimes it maybe the only way to get out of very restrictive corporate environments. Thoughts? --- On Mon, 12/13/10, Tom Van de Wiele <tom.vandewiele () gmail com> wrote: From: Tom Van de Wiele <tom.vandewiele () gmail com> Subject: Re: [framework] windows/meterepreter/reverse_https handler hangs To: "Miguel Rios" <miguelrios35 () yahoo com> Date: Monday, December 13, 2010, 6:46 PM Hi, A known problem, no real solution. Traversing a proxy usually works, traversing a proxy that requires authentication usually results in stage 1 working but stage 2 failing. There's been a few occurrences of this problem on the mailing list. I think we should work towards payloads that work with a particular proxy which can be fingerprinted after some enumeration. A payload that will work for ISA, Bluecoat, etc. Not sure if this is the solution but we are going to have to do something if we want to pwn clients ;-/ There is some material on the web on doing reverse connections over DNS tunneling but the hosts were hardcoded in the ASM shellcode so it might need tinkering. My 2 cents -- T. On Mon, Dec 13, 2010 at 4:33 PM, Miguel Rios <miguelrios35 () yahoo com> wrote: Did anyone ever figure out why the windows/meterepreter/reverse_https handler started to hang? I remember seeing something in the list awhile ago but I don't recall seeing any solution. i just tried it again and it once again seems to hang as its patching the dll? [*] [2010.12.10-16:28:33] Started HTTPS reverse handler on https://0.0.0.0:443/ [*] [2010.12.10-16:28:33] Starting the payload handler... msf exploit(handler) > [*] [2010.12.10-16:29:41] xx.xx.xx.xx:48430 Request received for /A6xFN... [*] [2010.12.10-16:29:41] xx.xx.xx.xx:48430 Staging connection for target 6xFN received... [*] [2010.12.10-16:29:41] Patching Target ID 6xFN into DLL Any ideas why it's no longer working? The regular reverse_tcp works fine, but I rather use https to traverse firewalls and what not. thanks _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- windows/meterepreter/reverse_https handler hangs Miguel Rios (Dec 13)
- <Possible follow-ups>
- Re: windows/meterepreter/reverse_https handler hangs Miguel Rios (Dec 15)