Re: meterpreter flaky

[k41zen <k41zen () me com>]

I have tried a reverse_https payload yes and have the same issue. Funny thing is this machine started behaving 
perfectly from 15:00 yesterday right up until 12:00 today and then has started playing up again. My meterpreter 
sessions have been failing to it this morning but I've managed to connect back and all was good. Around 12 it died 
again and I reconnected back and have the same issue of "Unknown Command" again when I try to use ps and ls.

I've just upload a new reverse_https.exe to the target and connected fine but have the same issue again with "Unknown 
Command". It eventually gave me an error of "Failed to load extension: No response was received to the core_loadlib 
request".

This is a wireless client and is showing 2 bars out of 5 on the wireless signal indicator which I thought may be the 
problem. 

The target is a Windows7 SP1 box and I'm running a BT5R3 machine using the 4.5.0 dev of Metasploit.



On 5 Dec 2012, at 16:14, Sherif El-Deeb <archeldeeb () gmail com> wrote:

> Did you try any other payload? reverse_http for instance?
> also more details will help, like OS, architecture “of both the handler and the target”, console output, the command 
> lines you type ... and if you feel really, really generous, a PCAP of the handler and the target might not be a bad 
> idea. 
>  
> Sherif Eldeeb.
>  
> From: k41zen <k41zen () me com>
> Sent: December 5, 2012 7:07 PM
> To: framework () spool metasploit com
> Subject: Re: [framework] meterpreter flaky
>  
> Have created a meterpreter/reverse_tcp exe and upload this to the same target in an effort to gain persistence 
> through the "run persistence" command instead of metsvc. Listener is all good but when I execute the .exe on the 
> target metasploit sits there saying "Sending Stage" and sits there forever.
>
> Any ideas?
>
> On 5 Dec 2012, at 11:46, Matt Gardenghi <mtgarden () gmail com> wrote:
>
> > As I recall metsvc is depreciated. Try "run persistence" instead.
> >
> > Matt Gardenghi
> >
> > On Dec 5, 2012, at 6:39, k41zen <k41zen () me com> wrote:
> >
> > > Grateful for any help someone can offer on this please.
> > >
> > > I've successfully got a meterpreter/metsvc_bind_tcp service running on a Windows7 host, however, I can rarely 
> > > interact with the session. AV and the FW are disabled. When I connect and execute commands such as ls and ps I 
> > > receive the error "Unknown Command".
> > >
> > > Sometimes when I connect, the metsvc-server.exe crashes. Restarting the metsvc service on the target and 
> > > reconnecting doesn't seem to make a difference. Rebooting the target and starting my msfconsole session from 
> > > scratch makes little difference too. Uninstalling the service with "metsvc remove-service" and re-installing with 
> > > "metsvc install-service" makes also no difference.
> > >
> > > I tried something completely different last night and created a new payload via a USB stick and executed that. 
> > > This gave me a meterpreter/reverse_tcp shell and through that I was then able to install the service again using 
> > > "run metsvc". I instantly connected and could interact with the session without issue. However I came in this 
> > > morning and have exactly the same issues of "Unknown command".
> > >
> > > Can anyone help?
> > >
> > >
> > >
> > > _______________________________________________
> > > https://mail.metasploit.com/mailman/listinfo/framework
>
> _______________________________________________
> https://mail.metasploit.com/mailman/listinfo/framework

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework