meterpreter-https module broken since ~2017 #47
Description
Using the Python payload on modern installations of metaploit will send a compressed payload to the LAN turtle. It is expected that the payload with be un-base64'd and then Python's zlib module used to decompress the payload before executing (see rapid7/metasploit-framework#8387)
The Python zlib module doesn't work on the LAN turtle (missing ctypes module, see https://gist.github.com/colinmarc/2152055)
The workaround, currently, is to generate a mipsbe payload (payloads/linux/mipsbe/meterpreter_reverse_https) and replace /etc/turtle/meterpreter/met-https-shell with it. The sshfs module helps with this process.
Furthermore, the command ps | grep -w -q [/]etc/turtle/meterpreter/met-https-worker found here will always return false and replacing it with "met-https-worker" will also return false as the output of ps will truncate to {met-https-worke}. This causes the turtle module to think that it was never started, which means stopping the module needs to happen manually by running kill $(pgrep -f met-https-worker) in the shell.