msf tips: session is not valid and will be closed

本地可绑定IP与外网IP不一致时
LHOST LPORT用来帮助信标找到服务器
ReverseListenerBindHost 是绑定地址
另外需要关闭AutoVerifySession(原因未知)

问题:
https://github.com/rapid7/metasploit-framework/issues/6799
参见:
https://github.com/rapid7/metasploit-framework/wiki/Debugging-Dead-Meterpreter-Sessions

You have set LHOST to your internal LAN IP in your handler. This is wrong. The value needs to be the same as what you put in the payload. IE. Your public IP.

It doesn’t matter if it can’t bind to the public IP, it will fallback to 0.0.0.0, and will work anyway. The point is that LHOST must be the public IP, as this is the IP address that Meterpreter will try to callback to MSF on.

发表评论

邮箱地址不会被公开。 必填项已用*标注