I'm having an issue when working on a Mac victim with Meterpreter.
Whenever i ask for a shell, or execute a module, a new /dev/ttys file is open on the victim machine, but it never closes; meaning that if i execute multiple commands eventually all ttys files will be taken and no more commands can be executed (at this point, terminal isn't accessible on the victim machine anymore).
Here are a few screenshots to illustrate the issue (run the command : lsof |grep ttys on victim terminal to see open ttys files):
Meterpreter open, no shell launched:
The only open ttys file (/dev/ttys000) is the one opened by the running terminal.
1 shell launched :
An other /dev/ttys file has been open (normal i guess, the shell is running) We can see that /dev/ttys001 is open in sh (3359) and in Python (3306)
sh process has been killed, but we can see that /dev/ttys001 is still open in Python process !!
After opening and closing multiple shells:
Python keeps the /dev/ttys files open. Of course, by simply opening shells it will take some time until we are blocked. But i am writing a script in which i execute multiple commands. Eventually i'm getting blocked because all possible ttys files are taken. Is there a way to fix this ?
I've been looking around the session.sys.process commands but gotta be honest, I don't get all of it. For what i understood, it looks like process.channel.close works fine, but process.close does nothing (maybe i'm completely wrong on that).
Anyway, if anyone knows how to free those ttys files, please let me know.