Metasploit-framework: Meterpreter load stdapi failed because of the missing of ext_server_stdapi.x64.dll

Created on 16 Apr 2017 · 11Comments · Source: rapid7/metasploit-framework

Steps to reproduce

How'd you do it?

Use msfvenom create a windows/x64/meterpreter/reverse_tcp payload dll file
Run the dll in RHOST(Windows 2008 SP1 x64), use ETERNALBLUE backdoor
Run multi/handler in msf, get a meterpreter shell successfully

Expected behavior

Auto load stdapi, everything work like a charm.

Current behavior

Auto load stdapi failed; Manual load failed too:

msf exploit(handler) > exploit 

[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
[*] Started reverse TCP handler on 127.0.0.1:7777 
[*] Starting the payload handler...
[*] Sending stage (1189423 bytes) to 127.0.0.1
[*] Meterpreter session 2 opened (127.0.0.1:7777 -> 127.0.0.1:49886) at 2017-04-16 20:04:17 +0800

meterpreter > [-] Failed to load extension: No module of the name ext_server_stdapi.x64.dll found

meterpreter > load stdapi
Loading extension stdapi...
[-] Failed to load extension: No module of the name ext_server_stdapi.x64.dll found
meterpreter >

(The LHOST and RHOST become 127.0.0.1 is because I'm using ngrok tcp tunnel)

And I did some check, it seems that this file is really missing in my system:

[i7sdream][/o/m/e/l/r/g/2/g/m/d/meterpreter][]$ pwd
/opt/metasploit-framework/embedded/lib/ruby/gems/2.3.0/gems/metasploit-payloads-1.2.23/data/meterpreter
[i7sdream][/o/m/e/l/r/g/2/g/m/d/meterpreter][]$ ll ext_server_stdapi*
-rw-r--r-- 1 root root  41270 4月  15 17:52 ext_server_stdapi.jar
-rwxr-xr-x 1 root root 222032 4月  15 17:52 ext_server_stdapi.lso
-rwxr-xr-x 1 root root  39910 4月  15 17:52 ext_server_stdapi.php
-rw-r--r-- 1 root root  79815 4月  15 17:52 ext_server_stdapi.py
-rw-r--r-- 1 root root 389120 4月  15 17:52 ext_server_stdapi.x86.dll

(Only has x86.dll)

And I check the deb package, x64.dll is also missing:

[i7sdream][/o/m/e/l/r/g/2/g/m/d/meterpreter][]$ dpkg-query -L metasploit-framework | grep ext_server_stdapi
/opt/metasploit-framework/embedded/lib/ruby/gems/2.3.0/gems/metasploit-payloads-1.2.23/data/meterpreter/ext_server_stdapi.php
/opt/metasploit-framework/embedded/lib/ruby/gems/2.3.0/gems/metasploit-payloads-1.2.23/data/meterpreter/ext_server_stdapi.x86.dll
/opt/metasploit-framework/embedded/lib/ruby/gems/2.3.0/gems/metasploit-payloads-1.2.23/data/meterpreter/ext_server_stdapi.lso
/opt/metasploit-framework/embedded/lib/ruby/gems/2.3.0/gems/metasploit-payloads-1.2.23/data/meterpreter/ext_server_stdapi.py
/opt/metasploit-framework/embedded/lib/ruby/gems/2.3.0/gems/metasploit-payloads-1.2.23/data/meterpreter/ext_server_stdapi.jar

System stuff

Metasploit version

Framework: 4.14.12-dev-
Console : 4.14.12-dev-

deb version: 4.14.12+20170415092921~1rapid7-1

I installed Metasploit with:

apt srouce:

deb http://downloads.metasploit.com/data/releases/metasploit-framework/apt sid main

OS

Deepin Linux, Based on Debian Sid

Linux Flex 4.9.0-deepin2-amd64 #1 SMP Deepin 4.9.8-1 (2017-01-27) x86_64 GNU/Linux

Source

7sDream

All 11 comments

bah, I know what the problem is, fix incoming.

busterb on 16 Apr 2017

👍1

it should be fixed now. Our automated builder has a bug in that it will release packages even if the windows binaries failed. I'll work on fixing this next.

busterb on 16 Apr 2017

Strange. How come the build failed anyway? :(

On Apr 16, 2017 23:56, "Brent Cook" notifications@github.com wrote:

it should be fixed now. Our automated builder has a bug in that it will
release packages even if the windows binaries failed. I'll work on fixing
this next.

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
https://github.com/rapid7/metasploit-framework/issues/8247#issuecomment-294353058,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AABw4E8k0op9n-8WgLp7PVo9IfRCeNJYks5rwh4KgaJpZM4M-nMv
.

OJ on 16 Apr 2017

missing cast in 64-bit version that caused a warning -> error -> no binaries

busterb on 17 Apr 2017

the error reminded me that I needed fix winpmem as well, then I had a sad

busterb on 17 Apr 2017

Yeah i had that the other day too. It's messy :(

On Apr 17, 2017 09:21, "Brent Cook" notifications@github.com wrote:

the error reminded me that I needed fix winpmem as well, then I had a sad

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/rapid7/metasploit-framework/issues/8247#issuecomment-294379957,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AABw4AS-nMzFCTcCAL22OWNJg1vu7nB0ks5rwqJkgaJpZM4M-nMv
.

OJ on 17 Apr 2017

@busterb

Thanks for your quick response and code working!

I found there is a update of msf, new version is 4.14.12+20170416092901~1rapid7-1, but the file is still missing.

So, is there any place I can download this DLL from to make it work?

Or old version deb package of msf without this bug to re-install?

7sDream on 17 Apr 2017

The package with the fix hasn't finished building yet - it will be finished in a few hours.

In the mean time, older packages are available at https://apt.metasploit.com or https://rpm.metasploit.com

wget http://apt.metasploit.com/pool/main/m/metasploit-framework/metasploit-framework_4.14.11%2B20170414093135~1rapid7-1_amd64.deb
sudo dpkg -i metasploit-framework_4.14.11+20170414093135~1rapid7-1_amd64.deb

busterb on 17 Apr 2017

❤1

@busterb

Nice (temporary) solution. It's very kind of you. :)

7sDream on 17 Apr 2017

You're welcome. Nice avatar btw.

busterb on 18 Apr 2017

❤1

@busterb Man I could not find the file.But I found this link.It's helpful too :)
https://github.com/rapid7/metasploit-framework/wiki/Downloads-by-Version