reading/downloading big files in metasploit module

Question

I am writing a post exploitation module that supports meterpreter sessions.

For my module to work, I need to read/download some files from the victim machine that may be small or bigger. I am having troubles when the file is bigger than 2MB. I start to get all kinds of exceptions when I try the read_file method or when I try to download the file with client.fs.file.download

I have isolated the issue to this after hours of testing. It just happens with bigger files. Is there some kind of limit on how the big the files can be? If so, how can I work around it so I can read/download files from the victims machine?

I get different errors without without any specific pattern. The most common one is reflected in this stacktrace:

[-] Post failed: TypeError can't convert nil into String [-] Call stack: [-] /home/yowie/git/metasploit-framework/lib/msf/core/post/file.rb:343:in _read_file_meterpreter' [-] /home/yowie/git/metasploit-framework/lib/msf/core/post/file.rb:227:inread_file' [-] /home/yowie/git/metasploit-framework/modules/post/multi/gather/lastpass_creds.rb:43:in block in run' [-] /home/yowie/git/metasploit-framework/modules/post/multi/gather/lastpass_creds.rb:39:ineach' [-] /home/yowie/git/metasploit-framework/modules/post/multi/gather/lastpass_creds.rb:39:in each_with_index' [-] /home/yowie/git/metasploit-framework/modules/post/multi/gather/lastpass_creds.rb:39:inrun'

It happens when I try to read a sqlite database in the victims machine. Specifically in line:

data = read_file(db_path)

The other error I have seeing is the following:

[-] Post failed: SocketError getaddrinfo: Name or service not known [-] Call stack: [-] /home/yowie/git/metasploit-framework/lib/rex/socket.rb:181:in gethostbyname' [-] /home/yowie/git/metasploit-framework/lib/rex/socket.rb:181:ingetaddresses' [-] /home/yowie/git/metasploit-framework/lib/rex/socket.rb:165:in getaddress' [-] /home/yowie/git/metasploit-framework/lib/msf/core/db.rb:6096:innormalize_host' [-] /home/yowie/git/metasploit-framework/lib/msf/core/auxiliary/report.rb:222:in store_loot' [-] /home/yowie/git/metasploit-framework/modules/post/multi/gather/lastpass_creds.rb:51:inblock in run' [-] /home/yowie/git/metasploit-framework/modules/post/multi/gather/lastpass_creds.rb:46:in each' [-] /home/yowie/git/metasploit-framework/modules/post/multi/gather/lastpass_creds.rb:46:ineach_with_index' [-] /home/yowie/git/metasploit-framework/modules/post/multi/gather/lastpass_creds.rb:46:in `run'

This one happens in the line: loot_path = store_loot(...)

The different errors are triggered when I run more than 3 times this line: files = client.fs.dir.entries(path)

Somehow the meterpreter session gets corrupted after the loop executes the above line for the 4th time or more.

Could you please [edit] to include some example exceptions that you get? — TildalWave, Sep 15 '14 at 08:57
Just updated the question with and included the stacktrace and more info. Sorry about that — martinvigo, Sep 18 '14 at 04:57

score 1 · Answer 1 · answered Sep 15 '14 at 21:01

This is no hard limit on downloads in any of the meterpreters, but if you are using PHP meterpreter it will have to conform to the PHP.ini that is running on the server that it was installed on.

You may also be running into other connectivity or lag issues. Can you perform downloads of similar sizes over similar protocols?

reading/downloading big files in metasploit module

1 Answers1