Metasploit-framework: exploit/multi/handler always runs as a job

This was a change made about a few months ago. Ended up changing the default behavior since it seemed a majority of people use exploit -j anyway.

When I teach metasploit to new people, I usually start with exploit/multi/handler. At that point I am already introducing concepts of exploit and payloads. Now I will have to introduce the concept of jobs and sessions at the same time, plus how to see and kill jobs, how to see and interact with sessions. I would do that anyway, but it just adds a lot at the same time to learn.

Anyways, for me it would be confusing to keep that as a default, for the following reasons:

• not the same default as with other exploits
• is not coherent with the help of the exploit command: exploit -h says that -j runs as a job, but it's already the case without -j
• is not clear how to run it not in the context of a job
• with bind payloads, it does not seem to have a lot of sense to run in the context of a job

Currently, is there a way to disable this default behaviour (like a setting or something)?

It seems to me that the previous behaviour (i.e. requiring -j) has been restored in 66a4ea4f0b0e5489a5b5fe567769eb98274ba845 and reverted after in edbe8d73c25c369e2469c34bddef05f2318aae67.

I just find the PR #8853 where there has been some discussion already.

However, it seems that the consensus was to require -j, so why was that PR reverted later on?

Tagging @bcook-r7 @wvu-r7

Set ExitOnSession true

On Sep 20, 2017 11:07 AM, "Rogdham" notifications@github.com wrote:

It seems to me that the previous behaviour (i.e. requiring -j) has been
restored in 66a4ea4
https://github.com/rapid7/metasploit-framework/commit/66a4ea4f0b0e5489a5b5fe567769eb98274ba845
and reverted after in edbe8d7
https://github.com/rapid7/metasploit-framework/commit/edbe8d73c25c369e2469c34bddef05f2318aae67
.

I just find the PR #8853
https://github.com/rapid7/metasploit-framework/pull/8853 where there
has been some discussion already.

However, it seems that the consensus was to require -j, so why was that
PR reverted later on?

Tagging @bcook-r7 https://github.com/bcook-r7 @wvu-r7
https://github.com/wvu-r7

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
https://github.com/rapid7/metasploit-framework/issues/8982#issuecomment-330750211,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AUS-2MD9i2IURGaWd74DnLYmB4QseCM4ks5skKSzgaJpZM4Pc9VB
.

Set ExitOnSession true

Hmm, does not seems to do it:

msf > use exploit/multi/handler
msf exploit(handler) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(handler) > set lhost 0.0.0.0
lhost => 0.0.0.0
msf exploit(handler) > set ExitOnSession true
ExitOnSession => true
msf exploit(handler) > exploit
[*] Exploit running as background job 0.
msf exploit(handler) > 
[*] Started reverse TCP handler on 0.0.0.0:4444 

msf exploit(handler) > jobs

Jobs
====

  Id  Name                    Payload                          Payload opts
  --  ----                    -------                          ------------
  0   Exploit: multi/handler  windows/meterpreter/reverse_tcp  tcp://0.0.0.0:4444

msf exploit(handler) > 

As a temporary solution, I think I will edit the modules/exploits/multi/handler.rb file locally to remove 'Stance' => Msf::Exploit::Stance::Passive.

Use rexploit and even in Android exploitation it runs in background as a
job and keeps on gaining new shell and does not give time to interact with
present shell

Rodgham i did your temporary fix but now i can't use the handler i mean i get active sessions but how do i control the sessions? Sorry not so skilled i am new

Ahh thanks i set ExitOnSession true and that fixed it ☺

Yes, you're right, I've found as a temporary fix to do both:

• edit modules/exploits/multi/handler.rb to remove 'Stance' => Msf::Exploit::Stance::Passive
• set ExitOnSession to true

Sorry for that, I see that it was not clear in my last comment.

can you please help ,me with it i have tried my internal ip my external ip every port but i am not getting any active session please help me i am beginner

Explain because I'm a little confused on why I'm getting these emails with
main frames about landing... land what?

On Oct 7, 2017 10:14 AM, "naimish10" notifications@github.com wrote:

[image: screenshot from 2017-10-07 18-24-57]
https://user-images.githubusercontent.com/32594661/31309210-2e048068-aba0-11e7-92f1-4709de4ba8ae.png
can you please help ,me with it i have tried my internal ip my external ip
every port but i am not getting any active session please help me i am
beginner

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
https://github.com/rapid7/metasploit-framework/issues/8982#issuecomment-334942111,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AI-BohBf16xxUdwPpKpRAD0W4l3m-rL2ks5sp5VggaJpZM4Pc9VB
.

can you please help ,me with it i have tried my internal ip my external ip every port but i am not getting any active session please help me i am beginner

Hello @naimish10, and wellcome to Github! I believe your problem is not revelant to this specific issue. In the future, could you try to create your own issue when you are facing with a problem of your own?

Also, for the Metasploit Framework, Github issues are used when users find a bug, or want a feature implemented. If you need held using the Metasploit Framework, I suggest looking into the following ressources instead:

• A full guide: Metasploit Unleashed
• The usuals questions
• To ask your own questions and reach for help

Hope this helps!

i have got the same issue there is no payload handler start command after * started tcp handler on lhost and lport*......
so how to connect with payload handler....

Explain because I'm a little confused on why I'm getting these emails with main frames about landing... land what?

Hello @missmistie37!

I'm really not sure what your questions is. From the text under your message, it seems that you subscribed to this issue on Github. When someone posts a message on this thread, you get an email notification.

If you are not happy about this, you can do the following:

• You can click on the “mute the thread” link in the emails messages you receive
• Follow this guide to disable receiving notifications by email.

Hepe this helps!

I have been trying from 3 days i have tried to hack into my android using ngrok also but it shows session opened but no meterpreter session open and after 20 second it shows session died

i have got the same issue there is no payload handler start command after * started tcp handler on lhost and lport*......
so how to connect with payload handler....

can you please help ,me with it i have tried my internal ip my external ip every port but i am not getting any active session please help me i am beginner

Hello @Sharik7, and wellcome to Github! I believe your problem is different from the one in this specific issue. Indeed, this issue is specific to a change in the default behaviour of the exploit command in the exploit/multi/handler module.

I suggest trying one of the following:

• If you believe this is an issue with the Metasploit Framework (i.e. you do not need help using the framework, you think there is a bug), please create your own issue.
• If you need help with the framework, I suggest asking on the proper place

Other ressources that could be useful:

• A full guide: Metasploit Unleashed
• The usuals questions
• To ask your own questions and reach for help

Hope this helps!

I have been trying from 3 days i have tried to hack into my android using ngrok also but it shows session opened but no meterpreter session open and after 20 second it shows session died

Hello again @naimish10!

As I said, this is not the proper place to discuss this. Please create your own issue or ask for help on this forum where people will be willing to help you.

im getting the same issue.
i even did edit modules/exploits/multi/handler.rb to remove 'Stance' => Msf::Exploit::Stance::Passive
set ExitOnSession to true
exploit -j
still same prob
how did the temporary fix worked?

Do exploit , not exploit -j

Yes i did exploit, run, exploit - j, run - j but still iys same

No no type exploit instead of exploit -j

I got you at fst time
I tried using just exploit
it didnt work
Then i tried exploit - j
But still nothing.

how did the temporary fix worked?

I just tested again on 4.16.11-dev:

• remove the line 'Stance' => Msf::Exploit::Stance::Passive in modules/exploit/multi/handler.rb,
• set ExitOnSession true

Like so:

msf > use exploit/multi/handler
msf exploit(handler) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(handler) > set LHOST 0.0.0.0
LHOST => 0.0.0.0
msf exploit(handler) > set ExitOnSession true
ExitOnSession => true
msf exploit(handler) > exploit

[*] Started reverse TCP handler on 0.0.0.0:4444 
[*] Sending stage (179267 bytes) to <redacted>
[*] Meterpreter session 1 opened (<redacted>:4444 -> <redacted>:49158) at 2017-10-16 10:29:54 +0200

meterpreter > 

Ok it worked after rebooting.thanx

Just confirming #9178 fixes the issue :smiley:

I agree that having it passive is usually convenient for regular/advanced users, but for newcomers it is definitively a drawback as I explained above. Thank you @busterb!

I got connected to my session but meterpreter>> dont appear..
Anyway i tried to wait for about 30 minutes and nothing happen..

Just like that.... i dont have meterpreter>>

Hellp me

[] Started reverse TCP handler on 0.0.0.0:4444
Pleas hellp
[] Started reverse TCP handler on 0.0.0.0:4444

Helloo 🤗 frinds

[*] Started reverse TCP handler on 0.0.0.0:4444

☹☹

msf > use exploit/multi/handler
msf exploit(handler) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(handler) > set lhost 0.0.0.0
lhost => 0.0.0.0
msf exploit(handler) > exploit
[*] Exploit running as background job 0.

[*] Started reverse TCP handler on 0.0.0.0:4444
(help me how can i resolve it.i am a new comer)

I got you at fst time
I tried using just exploit
it didnt work
Then i tried exploit - j
But still nothing.

msf > use exploit/multi/handler
msf exploit(handler) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(handler) > set LHOST 0.0.0.0
LHOST => 0.0.0.0
msf exploit(handler) > set ExitOnSession true
ExitOnSession => true
msf exploit(handler) > exploit
(also not working)

ماهذه المشكلة اجلبو خبير لكي يرا الحل اتعبتني المشكلة سوف احذف الكالي واعيد تثبيته ؟؟؟

مجرد الترقية إلى أحدث إصدار من ميتاسبلويت

If you set LHOST to 0.0.0.0, it tells your payload to connect back to 0.0.0.0. Does this make any sense to you?

شكرا لك كنت متوقع ذالك اشكرك من كل قلبي

بتاريخ ١٣‏/١٢‏/٢٠١٧ ١١:٠٢ م، كتب "Brent Cook" notifications@github.com:
>

مجرد الترقية إلى أحدث إصدار من ميتاسبلويت

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or mute the thread.

Hello @Rogdham
You wrote that we have just to edit modules/exploits/multi/handler.rb to remove 'Stance' => Msf::Exploit::Stance::Passive. But how do i do that?

You don't have to do that. We changed the behavior back months ago. Just update to the latest version of Metasploit framework, at least as of November.

@busterb
Thank you for the answer, but the problem is that im new, can you tell me how i update Metasploit?

how did you install metasploit?

After session start, use this command...
sessions -l
Then
sessions -i
sessions -i 2, if id is 2
sessions -i 3, if id is 3
sessions -i 4, if id is 4......

sessions -i -1 will interact with the last opened session, regardless of the id

@javedumer
@MrValioBg
After session start, First press enter key
New line look like this "msf exploit(handler)>"
Than use this command
sessions -l
Then
sessions -i id
sessions -i 2, if id is 2
sessions -i 3, if id is 3
sessions -i 4, if id is 4
Then press enter

Hi, after doing "msf exploit(handler) > exploit" the "meterpreter >" is not launching, as it is running as a background job, i'm only a beginner so i do not really understand much, could someone please explain how i can resolve this? thank you

@coconutmilkshake: See the responses above... If you update your Metasploit, we've reverted that change. A background job means exactly what it sounds like. You'll have to interact with the session manually, but it's still there. Use sessions -i with a session ID. Good luck!

I use multi/handler

The same. No solution in web are helpfull. Handler fail bind to 0.0.0.0
All updates are installed. this is the problem I think. I use the new update from kali and all driver are 100% from 07.03.2018. It doesn't work !!! I use local network with VPN. My target sytems are in virtualbox (local area network) newest update. I think the handler wants to use tun0 with IP 10.:.. primary. But i use eth0 with 192-168..* I am not sure meta will use lo: flags?!. Any one on earth must be able to fix that!!! so many people have the problem, so many posts on the net. But no right solution is available.

I do not know what to do anymore, 5 days working with every imaginable solution from the net including reinstalling. but nothing works

Please can anybody help me? or fix thix???

I really tried everything from the Internet.

Did you try checking what else is listening on that port? Do you know how to use netstat?