metasploit-framework July 2010 archive
Main Archive Page > Month Archives  > metasploit-framework archives
metasploit-framework: Re: [framework] Meterpreter unexpectedly c

Re: [framework] Meterpreter unexpectedly closes

From: Alex Polychronopoulos <tweakier_at_nospam>
Date: Sat Jul 10 2010 - 08:28:38 GMT
To: Miguel Rios <miguelrios35@yahoo.com>

Meterpreter is designed to not persistently trying to connect back to the
handler, it tries once and then dies, so you're not doing something wrong.
What you can do here is try the msfencode -t loop_vbs option which converts
the payload into a vbscript and runs it every 5 seconds by default (you can
change this by editing the generated .vbs file).

On Sat, Jul 10, 2010 at 3:33 AM, Miguel Rios <miguelrios35@yahoo.com> wrote:

> Hi list,
> I've msfencoded a meterpreter reverse https payload using a win binary as a
> template. Everything seems to work fine when I test it in my XP SP3. I see
> the outbound connection and the process running, but after about a minute or
> so the process dies if there's no listener configured on the receiving end
> and doesn't respawn.
> What am I doing wrong here? I must be missing something obvious. Is there a
> timeout option for this reverse shell or a way to keep the process always
> running, even if it can't connect to the listener? Or is this due to
> msfencoding the payload somehow breaks it? I have tested that it does work
> properly when the listener is waiting for it, it's just the fact it timesout
> so quickly that is a pain.
>
> Also, saw the reverse_tcp allports payload and was wondering if there's a
> similar one for reverse meterpreter https. Ideally one could configure
> default ports to try 1st and then keep trying randomly the other 65000 or so
> to evade IDS. I know this would increase the payload size but it would be
> pretty stealth egress wise.
>
> Thanks. I do really love metasploit and the whole community behind it. You
> all rock.
>
> Miguel
>
>
> _______________________________________________
> https://mail.metasploit.com/mailman/listinfo/framework
>
>

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework