Information Security, Metasploit

Support for session and job ID ranges in Metasploit console

Posted on by Tom Sellers in Information Security, Metasploit

When I am working on Metasploit related projects I often end up with a ton of shells during testing.  Some of these and some just need to be killed off.  To help with this at the end of October I submitted a pull request [1] to the Metasploit GitHub repo that added the ability to kill multiple sessions at a time in one command.  The basic syntax looks like this:

sessions -k  
sessions -k 1,3,5-8

Here is an example that demonstrates using the syntax to try to kill a single session, a range, and an invalid session ID.

msf exploit(psexec) > sessions 

Active sessions
===============

  Id  Type                   Information                    Connection
  --  ----                   -----------                    ----------
  1   meterpreter x86/win32  NT AUTHORITY\SYSTEM @ WINDC01 192.168.180.102:8343 ->192.168.190.210:49526 (192.168.190.210)
  2   meterpreter x86/win32  NT AUTHORITY\SYSTEM @ WINDC01 192.168.180.102:8343 ->192.168.190.210:49528 (192.168.190.210)
  3   meterpreter x86/win32  NT AUTHORITY\SYSTEM @ WINDC01 192.168.180.102:8343 ->192.168.190.210:49529 (192.168.190.210)
  4   meterpreter x86/win32  NT AUTHORITY\SYSTEM @ WINDC01 192.168.180.102:8343 ->192.168.190.210:49530 (192.168.190.210)
  5   meterpreter x86/win32  NT AUTHORITY\SYSTEM @ WINDC01 192.168.180.102:8343 ->192.168.190.210:49532 (192.168.190.210)
  6   meterpreter x86/win32  NT AUTHORITY\SYSTEM @ WINDC01 192.168.180.102:8343 ->192.168.190.210:49533 (192.168.190.210)

msf exploit(psexec) > sessions -k 1,3-5,7
[*] Killing the following session(s): [1, 3, 4, 5, 7]
[*] Killing session 1
[*]192.168.190.210 - Meterpreter session 1 closed.
[*] Killing session 3
[*]192.168.190.210 - Meterpreter session 3 closed.
[*] Killing session 4
[*]192.168.190.210 - Meterpreter session 4 closed.
[*] Killing session 5
[*]192.168.190.210 - Meterpreter session 5 closed.
[-] Invalid session identifier: 7
msf exploit(psexec) > sessions 

Active sessions
===============

  Id  Type                   Information                    Connection
  --  ----                   -----------                    ----------
  2   meterpreter x86/win32  NT AUTHORITY\SYSTEM @ WINDC01 192.168.180.102:8343 ->192.168.190.210:49528 (192.168.190.210)
  6   meterpreter x86/win32  NT AUTHORITY\SYSTEM @ WINDC01 192.168.180.102:8343 ->192.168.190.210:49533 (192.168.190.210)

Joshua Smith ( @kernelsmith ) and William Vu ( @wvuuuuuuuuuuuuu ) jumped in to review and provided feedback which ultimately turned into a ton of house cleaning on  command_dispatcher/core.rb and the expansion of the changes to add support for using ranges with jobs and commands.

In the end, you can now do the following using multiple session IDs or ranges:

Run OS commands

sessions -c hostname -i 1,3-4

Run scripts

sessions -s checkvm -i 1,3-4

Detach sessions

sessions -d 1,3-4

Kill jobs

jobs -k 6,8-10

Hopefully the changes will be useful to both users and developers.

Thanks to @kernelsmith and @wvuuuuuuuuuuuuu for the critical eye, recommendations, code changes, and inability to tolerate substandard code!

Reference:

1. Metasploit PR 4063: https://github.com/rapid7/metasploit-framework/pull/4063

The ’20 additions’ on the file changed tab is deceptive. One of kernelsmith’s PRs to my repo had 237 additions and 250 deletions as part of code quality improvements to core.rb

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s