Support for session and job ID ranges in Metasploit console – Faded Lab

Skip to content

Faded Lab

Skip to content

Faded Lab

Information Security thoughts, tools, and toys

Information Security, Metasploit

Support for session and job ID ranges in Metasploit console

Posted on December 16, 2014May 23, 2015 by Tom Sellers in Information Security, Metasploit

When I am working on Metasploit related projects I often end up with a ton of shells during testing.  Some of these and some just need to be killed off.  To help with this at the end of October I submitted a pull request [1] to the Metasploit GitHub repo that added the ability to kill multiple sessions at a time in one command.  The basic syntax looks like this:

sessions -k  
sessions -k 1,3,5-8

Here is an example that demonstrates using the syntax to try to kill a single session, a range, and an invalid session ID.

msf exploit(psexec) > sessions 

Active sessions
===============

  Id  Type                   Information                    Connection
  --  ----                   -----------                    ----------
  1   meterpreter x86/win32  NT AUTHORITY\SYSTEM @ WINDC01 192.168.180.102:8343 ->192.168.190.210:49526 (192.168.190.210)
  2   meterpreter x86/win32  NT AUTHORITY\SYSTEM @ WINDC01 192.168.180.102:8343 ->192.168.190.210:49528 (192.168.190.210)
  3   meterpreter x86/win32  NT AUTHORITY\SYSTEM @ WINDC01 192.168.180.102:8343 ->192.168.190.210:49529 (192.168.190.210)
  4   meterpreter x86/win32  NT AUTHORITY\SYSTEM @ WINDC01 192.168.180.102:8343 ->192.168.190.210:49530 (192.168.190.210)
  5   meterpreter x86/win32  NT AUTHORITY\SYSTEM @ WINDC01 192.168.180.102:8343 ->192.168.190.210:49532 (192.168.190.210)
  6   meterpreter x86/win32  NT AUTHORITY\SYSTEM @ WINDC01 192.168.180.102:8343 ->192.168.190.210:49533 (192.168.190.210)

msf exploit(psexec) > sessions -k 1,3-5,7
[*] Killing the following session(s): [1, 3, 4, 5, 7]
[*] Killing session 1
[*]192.168.190.210 - Meterpreter session 1 closed.
[*] Killing session 3
[*]192.168.190.210 - Meterpreter session 3 closed.
[*] Killing session 4
[*]192.168.190.210 - Meterpreter session 4 closed.
[*] Killing session 5
[*]192.168.190.210 - Meterpreter session 5 closed.
[-] Invalid session identifier: 7
msf exploit(psexec) > sessions 

Active sessions
===============

  Id  Type                   Information                    Connection
  --  ----                   -----------                    ----------
  2   meterpreter x86/win32  NT AUTHORITY\SYSTEM @ WINDC01 192.168.180.102:8343 ->192.168.190.210:49528 (192.168.190.210)
  6   meterpreter x86/win32  NT AUTHORITY\SYSTEM @ WINDC01 192.168.180.102:8343 ->192.168.190.210:49533 (192.168.190.210)

Joshua Smith ( @kernelsmith ) and William Vu ( @wvuuuuuuuuuuuuu ) jumped in to review and provided feedback which ultimately turned into a ton of house cleaning on  command_dispatcher/core.rb and the expansion of the changes to add support for using ranges with jobs and commands.

In the end, you can now do the following using multiple session IDs or ranges:

Run OS commands

sessions -c hostname -i 1,3-4

Run scripts

sessions -s checkvm -i 1,3-4

Detach sessions

sessions -d 1,3-4

Kill jobs

jobs -k 6,8-10

Hopefully the changes will be useful to both users and developers.

Thanks to @kernelsmith and @wvuuuuuuuuuuuuu for the critical eye, recommendations, code changes, and inability to tolerate substandard code!


Reference:

1. Metasploit PR 4063: [github.com]

The ’20 additions’ on the file changed tab is deceptive. One of kernelsmith’s PRs to my repo had 237 additions and 250 deletions as part of code quality improvements to core.rb

Advertisements

Share this:

Like this:

Like Loading...

Leave a Reply Cancel reply

%d bloggers like this: