Connecting to a Non-Existent Pipe in Meterpreter Will Cause the Session To Crash - Needs Better RPC handling #626
Comments
|
Can you provide steps for reproducing the error you're running into? Are you for example disabling the EFS service then running |
|
@smcintyre-r7 Sure. Install a Windows 11 22H2 distro. Create an account and then type This is also detailed in more detail on the comments on #625 |
|
Since #625 is switching to use This issue however makes it sound like a lack of checking for pipe availability is currently a wide spread issue in the current code base. If that's the case, can you provide steps to reproduce that error other than related to the missing check that should be added in #625. |
Currently Meterpreter does not check whether or not a Windows pipe exists prior to connecting to it. Whilst testing #625 I determined that trying to exist to the nonexistent pipe
\pipe\efsrpc, a pipe that doesn't start unless the EFS service has started, will crash the Meterpreter session. Similarly any RPC connection errors such as the RPC server not being available or the pipe not being available will cause the Meterpreter session to crash.Overall I question why we haven't added better error handling for something like this. RPC is a fiddly beast and its easy to get something wrong, yet we seem to be acting as though this isn't the case and blindly trusting things, which looks like an error to me, particularly if its crashing sessions. Given exceptions are thrown though I'm wondering if we need to have better exception handlers as unhandled exceptions seem to crash the session given the stack traces we have been looking at thus far.
Anyway just wanted to post this here as its highly likely we will run into this again in other work as well.
The text was updated successfully, but these errors were encountered: