Bug #1180

Meterpreter session changes tab completion on load, not interact

Added by Nelson LeBlanc almost 2 years ago. Updated over 1 year ago.

Status:Closed Start date:03/18/2010
Priority:High Due date:
Assignee:James Lee % Done:

100%
Category:meterpreter - win32
Target version:Metasploit 3.4.0
Resolution: Release Note:

Description

Whenever several sessions are opened, stuff starts to break. This was happening yesterday while using a multi/handler for reverse_tcp and manual exploitation, but I could not reproduce. Today with autopwn:

resource (/root/.msf3/rc/psexecall.rc)> db_autopwn -p -e -m psexec
[*] (1/32 [0 sessions]): Launching exploit/windows/smb/psexec against 192.168.1.15:445...
[*] (2/32 [0 sessions]): Launching exploit/windows/smb/psexec against 192.168.1.155:445...
[*] (3/32 [0 sessions]): Launching exploit/windows/smb/psexec against 192.168.1.156:445...
[*] (4/32 [0 sessions]): Launching exploit/windows/smb/psexec against 192.168.1.160:445...
[*] (5/32 [0 sessions]): Launching exploit/windows/smb/psexec against 192.168.1.165:445...
[*] Job limit reached, waiting on modules to finish...
[*] Meterpreter session 1 opened (192.168.2.59:33914 -> 192.168.1.15:40131)
[*] Meterpreter session 2 opened (192.168.2.59:50779 -> 192.168.1.155:38263)
[*] Meterpreter session 3 opened (192.168.2.59:39783 -> 192.168.1.156:25903)
[*] (6/32 [3 sessions]): Launching exploit/windows/smb/psexec against 192.168.1.166:445...
[*] Job limit reached, waiting on modules to finish...
[*] (7/32 [3 sessions]): Launching exploit/windows/smb/psexec against 192.168.1.176:445...
[*] Job limit reached, waiting on modules to finish...
[*] (8/32 [3 sessions]): Launching exploit/windows/smb/psexec against 192.168.1.177:445...
[*] Job limit reached, waiting on modules to finish...
[*] (9/32 [3 sessions]): Launching exploit/windows/smb/psexec against 192.168.1.179:445...
[*] Job limit reached, waiting on modules to finish...

  1. At this point, no more jobs are opened so I ^C out. Autocomplete is broken and msfconsole seems to think I'm in a session when I clearly am not.
    msf > sessions -l

Active sessions ===============

Id  Type         Information                        Connection
  --  ----         -----------                        ----------
  1   meterpreter  NT AUTHORITY\SYSTEM  BLAHBLAH1    192.168.1.59:51517 -> 192.168.1.15:11131
  2   meterpreter                                     192.168.1.59:56796 -> 192.168.1.155:7621
  3   meterpreter  NT AUTHORITY\SYSTEM  BLAHBLAH2    192.168.1.59:54801 -> 192.168.1.165:15117
  4   meterpreter  NT AUTHORITY\SYSTEM @ BLAHBLAH3    192.168.1.59:55501 -> 192.168.1.160:29013

msf > use
use espia use espia.x64 use incognito use incognito.x64 use priv.x64 use sniffer use stdapi.x64
msf > use

  1. The only exceptions I can find in framework.log (with loglevel 5):

[03/18/2010 07:54:14] [e(0)] core: Exception raised from BindTcp.handle_connection: SQLite3::SQLException: library routine called out of sequence: SELECT * FROM "workspaces" WHERE ("workspaces"."name" = 'default') LIMIT 1
[03/18/2010 07:54:17] [e(0)] core: Exception raised from BindTcp.handle_connection: SQLite3::SQLException: library routine called out of sequence: SELECT * FROM "workspaces" WHERE ("workspaces"."name" = 'default') LIMIT 1
[03/18/2010 07:54:17] [e(0)] core: Exception raised from BindTcp.handle_connection: SQLite3::SQLException: library routine called out of sequence: SELECT * FROM "workspaces" WHERE ("workspaces"."name" = 'default') LIMIT 1

Related issues

related to Metasploit Framework - Bug #1723: r9113 broke tools/metasm_shell Closed 04/24/2010
related to Metasploit Framework - Bug #1359: some exit paths for meterpreter sessions leave the tab co... Assigned 03/26/2010

Associated revisions

Revision 4243ce5b
Added by James Lee almost 2 years ago

preliminary fix for the meterpreter-breaks-tab-completion bug pending some testing, see #1180

git-svn-id: file:///home/svn/framework3/trunk@9113 4d416f70-5f16-0410-b530-b9f4589650da

Revision 15cee53b
Added by James Lee over 1 year ago

move tab completion setup out of init_ui. fixes #1180

git-svn-id: file:///home/svn/framework3/trunk@9332 4d416f70-5f16-0410-b530-b9f4589650da

History

#1
Updated by Nelson LeBlanc almost 2 years ago

Sorry the .59 IP addresses do not match, just a scrubbing error.

#2
Updated by Joshua J. Drake almost 2 years ago

Nelson,

Try using mysql or postgres. The SQLite db driver isn't very robust when it comes to autopwn or anything massively multi-threaded...

#3
Updated by Nelson LeBlanc almost 2 years ago

That got autopwn working, but the bug that breaks autocomplete is still there. If no session exists, I don't know of a way to fix autocomplete without restarting msfconsole.

#4
Updated by HD Moore almost 2 years ago

  • Category set to meterpreter - win32
  • Assignee set to James Lee
  • Target version set to Metasploit 3.4.0

The readline code sets up tab completion on the session even before its ready, so the console's own tab completion goes away. We need to not initialize meterpreter tabs on init and instead initialize on interact

#5
Updated by HD Moore almost 2 years ago

  • Subject changed from meterpreter sessions breaking stuff to Meterpreter session changes tab completion on load, not interact

#6
Updated by James Lee almost 2 years ago

r9113 broke tools/metasm_shell

#7
Updated by James Lee almost 2 years ago

  • Status changed from New to Resolved

#8
Updated by James Lee almost 2 years ago

  • Status changed from Resolved to New

The fix for this causes output to be lost when the session is backgrounded. Occurs when running 'sessions -u' for example

#9
Updated by James Lee over 1 year ago

  • Priority changed from Normal to High

#10
Updated by James Lee over 1 year ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

Applied in changeset r9332.

#11
Updated by Jonathan Cran over 1 year ago

  • Status changed from Resolved to Closed

resolved -> closed

Also available in: Atom PDF