Forum Thread: Meterpreter on Mac Victim, Free Ttys

Hi guys,

I'm having an issue when working on a Mac victim with Meterpreter.

Whenever i ask for a shell, or execute a module, a new /dev/ttys file is open on the victim machine, but it never closes; meaning that if i execute multiple commands eventually all ttys files will be taken and no more commands can be executed (at this point, terminal isn't accessible on the victim machine anymore).

Here are a few screenshots to illustrate the issue (run the command : lsof |grep ttys on victim terminal to see open ttys files):

Meterpreter open, no shell launched:

The only open ttys file (/dev/ttys000) is the one opened by the running terminal.

1 shell launched :

An other /dev/ttys file has been open (normal i guess, the shell is running) We can see that /dev/ttys001 is open in sh (3359) and in Python (3306)

shell closed:

sh process has been killed, but we can see that /dev/ttys001 is still open in Python process !!

After opening and closing multiple shells:

Python keeps the /dev/ttys files open. Of course, by simply opening shells it will take some time until we are blocked. But i am writing a script in which i execute multiple commands. Eventually i'm getting blocked because all possible ttys files are taken. Is there a way to fix this ?

I've been looking around the session.sys.process commands but gotta be honest, I don't get all of it. For what i understood, it looks like process.channel.close works fine, but process.close does nothing (maybe i'm completely wrong on that).

Anyway, if anyone knows how to free those ttys files, please let me know.

Be the First to Respond

Share Your Thoughts

  • Hot
  • Active