Forum Thread: Meterpreter on Mac Victim, Free Ttys

Hi guys,

I'm having an issue when working on a Mac victim with Meterpreter.

Whenever i ask for a shell, or execute a module, a new /dev/ttys file is open on the victim machine, but it never closes; meaning that if i execute multiple commands eventually all ttys files will be taken and no more commands can be executed (at this point, terminal isn't accessible on the victim machine anymore).

Here are a few screenshots to illustrate the issue (run the command : lsof |grep ttys on victim terminal to see open ttys files):

Meterpreter open, no shell launched:

The only open ttys file (/dev/ttys000) is the one opened by the running terminal.

1 shell launched :

An other /dev/ttys file has been open (normal i guess, the shell is running) We can see that /dev/ttys001 is open in sh (3359) and in Python (3306)

shell closed:

sh process has been killed, but we can see that /dev/ttys001 is still open in Python process !!

After opening and closing multiple shells:

Python keeps the /dev/ttys files open. Of course, by simply opening shells it will take some time until we are blocked. But i am writing a script in which i execute multiple commands. Eventually i'm getting blocked because all possible ttys files are taken. Is there a way to fix this ?

I've been looking around the session.sys.process commands but gotta be honest, I don't get all of it. For what i understood, it looks like works fine, but process.close does nothing (maybe i'm completely wrong on that).

Anyway, if anyone knows how to free those ttys files, please let me know.

Never Miss a Hacking or Security Guide

Get new Null Byte guides every week.

Be the First to Respond

Share Your Thoughts

  • Hot
  • Active