You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Using the Python payload on modern installations of metaploit will send a compressed payload to the LAN turtle. It is expected that the payload with be un-base64'd and then Python's zlib module used to decompress the payload before executing (see rapid7/metasploit-framework#8387)
The workaround, currently, is to generate a mipsbe payload (payloads/linux/mipsbe/meterpreter_reverse_https) and replace /etc/turtle/meterpreter/met-https-shell with it. The sshfs module helps with this process.
Furthermore, the command ps | grep -w -q [/]etc/turtle/meterpreter/met-https-worker found here will always return false and replacing it with "met-https-worker" will also return false as the output of ps will truncate to {met-https-worke}. This causes the turtle module to think that it was never started, which means stopping the module needs to happen manually by running kill $(pgrep -f met-https-worker) in the shell.
The text was updated successfully, but these errors were encountered:
Using the Python payload on modern installations of metaploit will send a compressed payload to the LAN turtle. It is expected that the payload with be un-base64'd and then Python's
zlibmodule used to decompress the payload before executing (see rapid7/metasploit-framework#8387)The Python
zlibmodule doesn't work on the LAN turtle (missingctypesmodule, see https://gist.github.com/colinmarc/2152055)The workaround, currently, is to generate a
mipsbepayload (payloads/linux/mipsbe/meterpreter_reverse_https) and replace/etc/turtle/meterpreter/met-https-shellwith it. Thesshfsmodule helps with this process.Furthermore, the command
ps | grep -w -q [/]etc/turtle/meterpreter/met-https-workerfound here will always return false and replacing it with "met-https-worker" will also return false as the output of ps will truncate to{met-https-worke}. This causes the turtle module to think that it was never started, which means stopping the module needs to happen manually by runningkill $(pgrep -f met-https-worker)in the shell.The text was updated successfully, but these errors were encountered: