metasploit-framework icon indicating copy to clipboard operation
metasploit-framework copied to clipboard
verified publisher icon rapid7

NamedPipe connections failure in lateral movement

Open zerobytes999 opened this issue 3 years ago • 2 comments

Steps to reproduce

How'd you do it?

  1. Create reverse https payload and run it on machine 1
  2. Create pivot listener with pivot command on machine 1 with pipe name msf-pipe
  3. Create reverse named pipe payload with msfvenom to connect to machine 1 msf-pipe
  4. Run payload on machine 2
  5. Create pivot listener with pivot command on machine 2 with pipe name msf-pipe
  6. Create reverse named pipe payload with msfvenom to connect to machine 2 msf-pipe
  7. Run payload on machine 3

Machine 1 OS: Windows 10 pro Machine 2 OS: Windows server 2019 Machine 3 OS: Windows 10 pro Payloads tried in x64 and x86 architecture - EXE format

Expected behavior

Running the first named connects smoothly. Running the 2nd named pipe to connect to the first named pipe using reverse named pipe payload should open a session

Current behavior

Running 2nd named pipe to connect to the first named pipe fails, on TLV logging i see that the new pivot session command is received but never continues

Metasploit version

Metasploit v6.2.2

zerobytes999 avatar Jun 16 '22 20:06 zerobytes999

Hi!

This issue has been left open with no activity for a while now.

We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here. If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.

github-actions[bot] avatar Jul 21 '22 15:07 github-actions[bot]

issue still exists

zerobytes999 avatar Jul 25 '22 17:07 zerobytes999

Hi!

This issue has been left open with no activity for a while now.

We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here. If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.

github-actions[bot] avatar Aug 25 '22 15:08 github-actions[bot]