Metasploit-framework: Exploit freesshd_authbypass - Exploit failed: Errno::ENOENT No such file or directory @ rb_sysopen - /usr/share/metasploit-framework/data/exploits/cmdstager/vbs_b64

Created on 11 Mar 2017  路  9Comments  路  Source: rapid7/metasploit-framework

Steps to reproduce

  1. use exploit/windows/ssh/freesshd_authbypass
  2. set RHOST, RPORT, USERNAME
  3. exploit

msf exploit(freesshd_authbypass) > exploit

[] Started reverse TCP handler on 192.168.1.104:4444
[] 192.168.1.103:45 - Trying username 'user'
[] 192.168.1.103:45 - Uploading payload, this may take several minutes...
[-] 192.168.1.103:45 - Exploit failed: Errno::ENOENT No such file or directory @ rb_sysopen - /usr/share/metasploit-framework/data/exploits/cmdstager/vbs_b64
[] Exploit completed, but no session was created.

Expected behavior

Should have attempted to open a meterpreter shell with the target

Current behavior

Returns error: Exploit failed: Errno::ENOENT No such file or directory @ rb_sysopen - /usr/share/metasploit-framework/data/exploits/cmdstager/vbs_b64

OS

Kali Linux Rolling

Metasploit version

Framework: 4.14.1-dev
Console : 4.14.1-dev

bug module
Source
picture pentesterd

Most helpful comment

Thanks, @pentesterd. The fix has been merged into master.

picture wvu-r7 on 12 Mar 2017
👍2

All 9 comments

I'm able to reproduce, definitely looks like the decoder file isn't being generated as-expected.

pbarry-r7 picture pbarry-r7 on 11 Mar 2017

It appears that the module is failing to correctly locate vbs_b64 because it's not using the Exploit::CmdStager mixin, which knows that this file no longer lives in MSF's data/exploits/cmdstager/ directory but rather in the rex-exploitation gem.

I need to drop off for a bit, but I'll have a small PR when I get back if you're available to test that it works, @pentesterd...

pbarry-r7 picture pbarry-r7 on 11 Mar 2017

I should be available to test it in about 7 hours :-) Hitting the bed now. You can post instructions. I'll test it when I am back up.

pentesterd picture pentesterd on 11 Mar 2017
👍1

Hey @pentesterd, I'd be interested if the following steps work for you:

  1. mkdir -p /root/.msf4/modules/exploits/windows/ssh
  2. curl https://raw.githubusercontent.com/pbarry-r7/metasploit-framework/4e32c80e8ed9c5714a5fcb2f7bc4a237d155fa86/modules/exploits/windows/ssh/freesshd_authbypass.rb > /root/.msf4/modules/exploits/windows/ssh/freesshd_authbypass.rb
  3. start msfconsole and use the module as described in the the issue description
  4. verify it works as-expected

Thx!

pbarry-r7 picture pbarry-r7 on 12 Mar 2017
👍1

@pbarry-r7 Tested this and can confirm that this works

pentesterd picture pentesterd on 12 Mar 2017
🎉1

@pentesterd: Please see #8095. Thanks!

wvu-r7 picture wvu-r7 on 12 Mar 2017
👍1

Appreciate the feedback, @pentesterd. That module ended up needing a few more changes than what I had made, and I just merged in some updates from @wvu-r7 if you'd be interested/willing to try them out. Would be the same steps as I gave above, with a slight change to the second step:

  1. curl https://raw.githubusercontent.com/pbarry-r7/metasploit-framework/bc9aa141531cc5ea8f9d4d496d39df262456c33e/modules/exploits/windows/ssh/freesshd_authbypass.rb > /root/.msf4/modules/exploits/windows/ssh/freesshd_authbypass.rb

Thx!

pbarry-r7 picture pbarry-r7 on 12 Mar 2017

@pbarry-r7 Tried the revised module. Works as expected.

pentesterd picture pentesterd on 12 Mar 2017
🎉1 👍1

Thanks, @pentesterd. The fix has been merged into master.

wvu-r7 picture wvu-r7 on 12 Mar 2017
👍2
Was this page helpful?
0 / 5 - 0 ratings

Related issues

XSecr3t picture XSecr3t  路  3Comments
idetest41 picture idetest41  路  3Comments
felipee07 picture felipee07  路  3Comments
bcoles picture bcoles  路  3Comments
verapex picture verapex  路  3Comments