Metasploit-framework: during msfvenom, "running msfupdate" suggestion should be send to stderr and not stdout
The following message is printed to stdout instead of stderr, _silently_ breaking out the raw version of the shellcode, when the output of msfvenom is piped to additional commands , or redirected to a file.
"This copy of metasploit-framework is more than two weeks old.
Consider running 'msfupdate' to update to the latest version."
Steps to reproduce
root@linux:~# msfvenom -p <payload> -f raw <options> | my_selfmade_encoder.sh
or
root@linux:~# msfvenom -p <payload> -f raw <options> > /tmp/payload.raw
The raw shellcode is affected by this suggested message (and I have personally wasted 2 hours trying to figure out why my payload wasn't working any more :D )
root@linux:~# hexdump -C /tmp/payload.raw
00000000 54 68 69 73 20 63 6f 70 79 20 6f 66 20 6d 65 74 |This copy of met|
00000010 61 73 70 6c 6f 69 74 2d 66 72 61 6d 65 77 6f 72 |asploit-framewor|
00000020 6b 20 69 73 20 6d 6f 72 65 20 74 68 61 6e 20 74 |k is more than t|
00000030 77 6f 20 77 65 65 6b 73 20 6f 6c 64 2e 0a 20 43 |wo weeks old.. C|
00000040 6f 6e 73 69 64 65 72 20 72 75 6e 6e 69 6e 67 20 |onsider running |
00000050 27 6d 73 66 75 70 64 61 74 65 27 20 74 6f 20 75 |'msfupdate' to u|
00000060 70 64 61 74 65 20 74 6f 20 74 68 65 20 6c 61 74 |pdate to the lat|
00000070 65 73 74 20 76 65 72 73 69 6f 6e 2e 0a 48 31 c9 |est version..H1.|
00000080 48 81 e9 b1 ff ff ff 48 8d 05 ef ff ff ff 48 bb |H......H......H.|
00000090 21 9a f0 09 d9 59 b5 dc 48 31 58 27 48 2d f8 ff |!....Y..H1X'H-..|
000000a0 ff ff e2 f4 dd d2 73 ed 29 b1 79 dc 21 9a b1 58 |......s.).y.!..X|
000000b0 98 09 e7 8d 77 d2 c1 db bc 11 3e 8e 41 d2 7b 5b |....w.....>.A.{[|
000000c0 c1 11 3e 8e 01 d2 7b 7b 89 11 ba 6b 6b d0 bd 38 |..>...{{...kk..8|
000000d0 10 11 84 1c 8d a6 91 75 db 75 95 9d e0 53 fd 48 |.......u.u...S.H|
000000e0 d8 98 57 31 73 db a1 41 52 0b 95 57 63 a6 b8 08 |..W1s..AR..Wc...|
Expected behavior
The following message should be sent to stderr
"This copy of metasploit-framework is more than two weeks old.
Consider running 'msfupdate' to update to the latest version."
Current behavior
The following message is currently sent to stdout
"This copy of metasploit-framework is more than two weeks old.
Consider running 'msfupdate' to update to the latest version."
System stuff
Metasploit version
metasploit-framework 4.13.10-0kali1 amd64
I installed Metasploit with:
- [X ] Kali package via apt
- [ ] Omnibus installer (nightly)
- [ ] Commercial/Community installer (from http://www.rapid7.com/products/metasploit/download.jsp)
- [ ] Source install (please specify ruby version)
OS
Kali linux
funoverip
All 8 comments
Oh, yuck.
wvu-r7
on 7 Feb 2017
My gut instinct was to check our Omnibus package. Looks like a problem with msfwrapper.erb. cc @bcook-r7
wvu-r7
on 7 Feb 2017
well sure, that's the point. However we fix this, you will still have to 'Consider running 'msfupdate' to update to the latest version."'
busterb
on 7 Feb 2017
See https://github.com/rapid7/metasploit-omnibus/pull/14/files for instance to find those wrapper script templates.
busterb
on 7 Feb 2017
@funoverip: Consider using msfvenom -o for now.
wvu-r7
on 7 Feb 2017
Fix above ^
busterb
on 7 Feb 2017
Awesome ! (Well, I did upgrade in the meantime but... )
funoverip
on 7 Feb 2017
Thanks, sorry for the surprising behavior and ensuing goose chase!
busterb
on 8 Feb 2017
Related issues
wvu-r7
路
3Comments
fluit105
路
3Comments
jecoliho
路
3Comments
verapex
路
3Comments
miholtz
路
3Comments
Most helpful comment
Oh, yuck.