- 
                Notifications
    You must be signed in to change notification settings 
- Fork 14.6k
Meterpreter Debugging Meterpreter Sessions
        adfoster-r7 edited this page Apr 20, 2022 
        ·
        10 revisions
      
    There are currently two main ways to debug Meterpreter sessions:
- Log all networking requests between msfconsole and Meterpreter, i.e. TLV Packets
- Generate a custom Meterpreter debug build with extra logging present
This can be enabled for any Meterpreter session, and does not require a debug Metasploit build:
msf6 > setg SessionTlvLogging true
SessionTlvLogging => true
Allowed values:
- 
setg SessionTlvLogging true- Enable network logging, defaulting to console
- 
setg SessionTlvLogging false- Disable all network logging
- 
setg SessionTlvLogging console- Log to the current msfconsole instance
- 
setg SessionTlvLogging file:/tmp/session.txt- Write the network traffic logs to an arbitrary file
Example output:
meterpreter > getenv USER
SEND: #<Rex::Post::Meterpreter::Packet type=Request         tlvs=[
  #<Rex::Post::Meterpreter::Tlv type=COMMAND_ID      meta=INT        value=1052 command=stdapi_sys_config_getenv>
  #<Rex::Post::Meterpreter::Tlv type=REQUEST_ID      meta=STRING     value="73717259684850511890564936718272">
  #<Rex::Post::Meterpreter::Tlv type=ENV_VARIABLE    meta=STRING     value="USER">
]>
RECV: #<Rex::Post::Meterpreter::Packet type=Response        tlvs=[
  #<Rex::Post::Meterpreter::Tlv type=UUID            meta=RAW        value="Q\xE63_onC\x9E\xD71\xDE3\xB5Q\xE24">
  #<Rex::Post::Meterpreter::Tlv type=COMMAND_ID      meta=INT        value=1052 command=stdapi_sys_config_getenv>
  #<Rex::Post::Meterpreter::Tlv type=REQUEST_ID      meta=STRING     value="73717259684850511890564936718272">
  #<Rex::Post::Meterpreter::Tlv type=RESULT          meta=INT        value=0>
  #<Rex::Post::Meterpreter::GroupTlv type=ENV_GROUP       tlvs=[
    #<Rex::Post::Meterpreter::Tlv type=ENV_VARIABLE    meta=STRING     value="USER">
    #<Rex::Post::Meterpreter::Tlv type=ENV_VALUE       meta=STRING     value="demo_user">
  ]>
]>
Environment Variables
=====================
Variable  Value
--------  -----
USER      demo_user
The following options can be specified when generating Meterpreter payloads:
- 
MeterpreterDebugBuild- When set totrue, the generated Meterpreter payload will have additional logging present
- 
MeterpreterDebugLogging- Configure he file path where logfiles will be written to on the remote machine. Only used ifMeterpreterDebugBuildis set to true. Example value:setg rpath:/tmp/meterpreter_log.txt
- 
MeterpreterTryToFork- When set totruethe Meterpreter payload will try to fork from the currently running process. Setting tofalseis useful to see anystdoutlogging that occurs
The debug build will have additional log statements, which can be easily detected. These debug builds are useful for scenarios where A/V is not running, in local labs for learning purposes, or raising Metasploit issue reports etc.
use payload/python/meterpreter_reverse_tcp
generate -o shell.py -f raw lhost=127.0.0.1 MeterpreterDebugBuild=true MeterpreterTryToFork=false
to_handler
python3 shell.py
use payload/php/meterpreter_reverse_http
generate -o shell.php -f raw lhost=127.0.0.1 MeterpreterDebugBuild=true
to_handler
php shell_http.php
Not yet implemented
- Home Welcome to Metasploit!
- Using Metasploit A collection of useful links for penetration testers.
- 
Setting Up a Metasploit Development Environment From apt-get installtogit push.
- CONTRIBUTING.md What should your contributions look like?
- Landing Pull Requests Working with other people's contributions.
- Using Git All about Git and GitHub.
- Contributing to Metasploit Be a part of our open source community.
- Meterpreter All about the Meterpreter payload.