mailing list archives
Re: Meterpreter Reverse HTTPS Issue
From: Florian Roth <Neo.X () web de>
Date: Sun, 16 May 2010 10:04:16 +0200
As you already noticed - I suppose the problem resides in the network or
transport layer as everything works out fine if you are on the same
network with the target machine.
You should check with wireshark or tcpdump, if there is some network
activity - first on the target site and then at your attacker system.
What I would expect to see is:
- DNS queries without valid response on the target system
- TCP resets coming form your router
- ICMP destination unreachable originating from a router
So - install a wireshark on the target machine, start capturing and then
start your meterpreter payload.
On Sat, 2010-05-15 at 18:27 -0500, mickylee () hushmail com wrote:
-----BEGIN PGP SIGNED MESSAGE-----
I'm running a multi handler in msfconsole and having an issue with
meterpreter where it hangs on the following:
[*] Patching Target ID Vkev into DLL (obviously target id will be
I generated a meterpreter reverse https payload using msfpayload
and ran it on a target VM running Windows XP. After a while the
meterpreter process will finally just die on the target system.
Does anyone have an idea what would be causing this?
I only seem to notice this when I run the meterpreter executable in
my VM and I'm on a network other than my home network. In both
cases I have set LHOST to my routers external IP and LPORT to 443.
I am forwarding all traffic to a NAT host on my internal network.
As I said, it only seems to hang on that when I'm on someone else's
network, but never when I'm on my own.
Thanks for any ideas on what's causing this!
-----BEGIN PGP SIGNATURE-----
Version: Hush 3.0
Note: This signature can be verified at https://www.hushtools.com/verify
-----END PGP SIGNATURE-----
Mit freundlichen Grüßen
Tel: +49 06251 - 827 9402
Mobil: +49 175 - 7240 363
Fax: +49 12125 - 11699510
eMail: Florian.Roth () email de