Metasploit-framework: Linux meterpreter payload to_handler fails with invalid opcode arguments error

Created on 15 Apr 2018 · 9Comments · Source: rapid7/metasploit-framework

Steps to reproduce

The linux/x64/meterpreter/reverse_tcp payload fails to start a handler when issued the to_handler command. The exception it throws is invalid opcode arguments (see below). The output then (incorrectly) states that a job has been started.

Reproduce with the following steps

Start msfconsole
use payload/linux/x64/meterpreter/reverse_tcp
set LHOST x.x.x.x
to_handler

Expected behavior

The to_handler command should start a handler for the specified payload.

Current behavior

metasploit-framework (S:0 J:1) payload(python/meterpreter/reverse_tcp) > use payload/linux/x64/meterpreter/reverse_tcp
metasploit-framework (S:0 J:1) payload(linux/x64/meterpreter/reverse_tcp) > show options 

Module options (payload/linux/x64/meterpreter/reverse_tcp):

   Name   Current Setting  Required  Description
   ----   ---------------  --------  -----------
   LHOST                   yes       The listen address
   LPORT  4444             yes       The listen port

metasploit-framework (S:0 J:1) payload(linux/x64/meterpreter/reverse_tcp) > set LHOST 192.168.254.130 
LHOST => 192.168.254.130
metasploit-framework (S:0 J:1) payload(linux/x64/meterpreter/reverse_tcp) > to_handler 

[-] [2018.04.14-17:59:58] Exploit failed: invalid opcode arguments "push", allowed : [[:reg], [:modrm], [:i], [:i8], [:seg3A]] near "push" at "\"<unk>\"" line 17
[*] Payload Handler Started as Job 
metasploit-framework (S:0 J:1) payload(linux/x64/meterpreter/reverse_tcp) >

System stuff

Metasploit version

Commit 47a324815d57d11989d2bbf5d0704e3bb096f3cb.

I installed Metasploit with:

[ ] Kali package via apt
[ ] Omnibus installer (nightly)
[ ] Commercial/Community installer (from http://www.rapid7.com/products/metasploit/download.jsp)
[X] Source install (Ruby version 2.5.1)

OS

Fedora 27 x64

bug

Source

zeroSteiner

👍1

Most helpful comment

I'll bisect (tired after walking all day on the beach :)

busterb on 18 Apr 2018

😄2

All 9 comments

I've encountered a similar issue with Linux x64 Meterpreter.

Selecting Linux x64 Meterpreter payload and running the module will work the first time. Running the module a second time, without changing anything, will raise invalid opcode arguments "push".

bcoles on 15 Apr 2018

Total guess but I wonder if one of the arguments to push end up as nil: e.g
https://github.com/rapid7/metasploit-framework/blob/47a324815d57d11989d2bbf5d0704e3bb096f3cb/lib/msf/core/payload/linux/x64/reverse_tcp.rb#L108
I can dig deeper tomorrow (on mobile).

timwr on 15 Apr 2018

I ran into this a few days ago. Not necessarily with to_handler, but I can confirm this error is coming up.

wvu-r7 on 16 Apr 2018

I had quick play with this and retry_count is indeed nil. If it's just this payload we could just duct tape fix it (set it to 0 if nil), but I'm not sure why it's not being set yet.

timwr on 16 Apr 2018

Anyone wanna git bisect this? Seems like a regression from recent-ish payload work.

wvu-r7 on 17 Apr 2018

This is biting me right now while testing #9876.

wvu-r7 on 17 Apr 2018

I'll bisect (tired after walking all day on the beach :)

busterb on 18 Apr 2018

😄2

Yep definitely an issue since db2e3f2ddd2c7db9dcd8ba533427ee4aa1a03ee3 . I should have caught that 8 months ago. @bwatters-r7 / @jmartin-r7 could you make sure this is in the payload test matrix?

busterb on 18 Apr 2018

👍1

Thanks all.

busterb on 27 Apr 2018

❤1

Was this page helpful?

0 / 5 - 0 ratings