metasploit-framework icon indicating copy to clipboard operation
metasploit-framework copied to clipboard

Published 20 hours ago verified publisher icon rapid7

How to create unstaged payloads from staged?

Open fastchain opened this issue 2 years ago • 5 comments

Reason

Staged payloads can't handle reconnect properly: on reconnect server sends stages to client, that already staged. So sessions can not be reestablished after a network glitch.

Summary

Is there any guide or description how to create unstaged payloads from staged? It seems to be not a rocket sience, but since I can't find low-level tech description of payloads architecture, it's getting tough. I would like to make unstaged version of windows/x64/meterpreter/reverse_tcp_rc4

Thank you!

Relevant information

Example of unstaged payload:

windows/x64/meterpreter_reverse_tcp

Example of staged payload:

windows/x64/meterpreter/reverse_tcp_rc4 (can't handle reconnects)

fastchain avatar Oct 30 '22 05:10 fastchain

Staged payloads can't handle reconnect properly: on reconnect server sends stages to client, that already staged. So sessions can not be reestablished after a network glitch.

Meterpreter payloads should be able to reconnect and reestablish their connection if the transports were configured correctly. If that's not the case then I think this is a regression.

smcintyre-r7 avatar Nov 07 '22 14:11 smcintyre-r7

@smcintyre-r7 thank you for your comment, I'll try to reproduce once more. Also may be you know how to create unstaged payloads? Or recommend direction for research?

fastchain avatar Nov 10 '22 07:11 fastchain

The payload that are named meterpreter_ (as opposed to meterpreter/) are not staged. So if you want the unstaged version of windows/meterpreter/reverse_tcp you'd use windows/meterpreter_reverse_tcp etc.

Not all payloads have an unstaged equivalent, but Meterpreter's coverage is pretty good IIRC.

smcintyre-r7 avatar Nov 10 '22 21:11 smcintyre-r7

@smcintyre-r7 thank you! I would like to have stageless reverse_tcp_rc4 . Is it possible somehow?

fastchain avatar Nov 29 '22 12:11 fastchain

Hi!

This issue has been left open with no activity for a while now.

We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here. If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.

github-actions[bot] avatar Dec 30 '22 15:12 github-actions[bot]

Hi again!

It’s been 60 days since anything happened on this issue, so we are going to close it. Please keep in mind that I’m only a robot, so if I’ve closed this issue in error please feel free to reopen this issue or create a new one if you need anything else.

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.

github-actions[bot] avatar Jan 30 '23 15:01 github-actions[bot]