Re: windows/meterepreter/reverse_https handler hangs

[Miguel Rios <miguelrios35 () yahoo com>]

Thanks for your reply.

I didn't know this was a known issue already.
It's strange because in this case there was no proxy between the target (XP) and the listener, so I doubt that was the 
issue in this case.

I agree that we could use a better way for meterpreter sessions to egress when behind restrictive firewall and/or 
proxies. I'd like to see the reverse_all_ports idea ported to a working windows/meterepreter/reverse_https payload with 
dns resolution. Maybe it could go through a preset list of ports and hosts to try and if that fails then it could do a 
slow brute force approach trying the rest of the ports and hosts.

I know this would make it a lot larger payload but sometimes it maybe the only way to get out of very restrictive 
corporate environments.

Thoughts?

--- On Mon, 12/13/10, Tom Van de Wiele <tom.vandewiele () gmail com> wrote:

From: Tom Van de Wiele <tom.vandewiele () gmail com>
Subject: Re: [framework] windows/meterepreter/reverse_https handler hangs
To: "Miguel Rios" <miguelrios35 () yahoo com>
Date: Monday, December 13, 2010, 6:46 PM

Hi,
A known problem, no real solution. Traversing a proxy usually works, traversing a proxy that requires authentication 
usually results in stage 1 working but stage 2 failing. There's been a few occurrences of this problem on the mailing 
list. I think we should work towards payloads that work with a particular proxy which can be fingerprinted after some 
enumeration. A payload that will work for ISA, Bluecoat, etc. Not sure if this is the solution but we are going to have 
to do something if we want to pwn clients ;-/


There is some material on the web on doing reverse connections over DNS tunneling but the hosts were hardcoded in the 
ASM shellcode so it might need tinkering.
My 2 cents


-- T.

 

On Mon, Dec 13, 2010 at 4:33 PM, Miguel Rios <miguelrios35 () yahoo com> wrote:




Did anyone ever figure out why the windows/meterepreter/reverse_https 
handler started to hang? I remember seeing something in the list awhile 
ago but I don't recall seeing any solution.
i just tried it again and it once again seems to hang as its patching the dll? 

[*] [2010.12.10-16:28:33] Started HTTPS reverse handler on https://0.0.0.0:443/


[*] [2010.12.10-16:28:33] Starting the payload handler...
msf exploit(handler) > [*] [2010.12.10-16:29:41] xx.xx.xx.xx:48430 Request received for /A6xFN...
[*] [2010.12.10-16:29:41] xx.xx.xx.xx:48430 Staging connection for target 6xFN received...


[*] [2010.12.10-16:29:41] Patching Target ID 6xFN into DLL

Any
 ideas why it's no longer working? The regular reverse_tcp works fine, 
but I rather use https to traverse firewalls and what not.

thanks


      
_______________________________________________

https://mail.metasploit.com/mailman/listinfo/framework







_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework