You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Using the Python payload on modern installations of metaploit will send a compressed payload to the LAN turtle. It is expected that the payload with be un-base64'd and then Python's zlib module used to decompress the payload before executing (see rapid7/metasploit-framework#8387)
The workaround, currently, is to generate a mipsbe payload (payloads/linux/mipsbe/meterpreter_reverse_https) and replace /etc/turtle/meterpreter/met-https-shell with it. The sshfs module helps with this process.
Furthermore, the command ps | grep -w -q [/]etc/turtle/meterpreter/met-https-worker found here will always return false and replacing it with "met-https-worker" will also return false as the output of ps will truncate to {met-https-worke}. This causes the turtle module to think that it was never started, which means stopping the module needs to happen manually by running kill $(pgrep -f met-https-worker) in the shell.
The text was updated successfully, but these errors were encountered:
Using the Python payload on modern installations of metaploit will send a compressed payload to the LAN turtle. It is expected that the payload with be un-base64'd and then Python's
zlib
module used to decompress the payload before executing (see rapid7/metasploit-framework#8387)The Python
zlib
module doesn't work on the LAN turtle (missingctypes
module, see https://gist.github.com/colinmarc/2152055)The workaround, currently, is to generate a
mipsbe
payload (payloads/linux/mipsbe/meterpreter_reverse_https
) and replace/etc/turtle/meterpreter/met-https-shell
with it. Thesshfs
module helps with this process.Furthermore, the command
ps | grep -w -q [/]etc/turtle/meterpreter/met-https-worker
found here will always return false and replacing it with "met-https-worker" will also return false as the output of ps will truncate to{met-https-worke}
. This causes the turtle module to think that it was never started, which means stopping the module needs to happen manually by runningkill $(pgrep -f met-https-worker)
in the shell.The text was updated successfully, but these errors were encountered: