Metasploit-framework: No --encrypt option in msfvenom
Steps to reproduce
Install the latest version metasploit by apt-get update; apt install metasploit-framework.
Run
msfvenom -p windows/meterpreter/reverse_tcp LHOST=127.0.0.1 --encrypt rc4 --encrypt-key thisisakey -f c
and got a error:
Error: Invalid option
But in the msf5 the option existed.
relevant: #9869 #10480 #10029
Expected behavior
msf5
root@sssss-debian-tor1:~/msf_dev/metasploit-framework# ./msfvenom -h
MsfVenom - a Metasploit standalone payload generator.
Also a replacement for msfpayload and msfencode.
Usage: ./msfvenom [options] <var=val>
Example: ./msfvenom -p windows/meterpreter/reverse_tcp LHOST=<IP> -f exe -o payload.exe
Options:
-l, --list <type> List all modules for [type]. Types are: payloads, encoders, nops, platforms, encrypt, formats, all
-p, --payload <payload> Payload to use (--list payloads to list, --list-options for arguments). Specify '-' or STDIN for custom
--list-options List --payload <value>'s standard, advanced and evasion options
-f, --format <format> Output format (use --list formats to list)
-e, --encoder <encoder> The encoder to use (use --list encoders to list)
--smallest Generate the smallest possible payload using all available encoders
--encrypt <value> The type of encryption or encoding to apply to the shellcode (use --list encrypt to list)
--encrypt-key <value> A key to be used for --encrypt
--encrypt-iv <value> An initialization vector for --encrypt
-a, --arch <arch> The architecture to use for --payload and --encoders
--platform <platform> The platform for --payload (use --list platforms to list)
-o, --out <path> Save the payload to a file
-b, --bad-chars <list> Characters to avoid example: '\x00\xff'
-n, --nopsled <length> Prepend a nopsled of [length] size on to the payload
-s, --space <length> The maximum size of the resulting payload
--encoder-space <length> The maximum size of the encoded payload (defaults to the -s value)
-i, --iterations <count> The number of times to encode the payload
-c, --add-code <path> Specify an additional win32 shellcode file to include
-x, --template <path> Specify a custom executable file to use as a template
-k, --keep Preserve the --template behaviour and inject the payload as a new thread
-v, --var-name <value> Specify a custom variable name to use for certain output formats
-t, --timeout <second> The number of seconds to wait when reading the payload from STDIN (default 30, 0 to disable)
-h, --help Show this message
Current behavior
No --encrypt option.
Verison: Framework Version: 4.17.6-dev-
root@sssss-debian-tor1:~# msfvenom -p windows/meterpreter/reverse_tcp LHOST=127.0.0.1 --encrypt rc4 --encrypt-key thisisakey -f c
Error: Invalid option
MsfVenom - a Metasploit standalone payload generator.
Also a replacement for msfpayload and msfencode.
Usage: /opt/metasploit-framework/bin/../embedded/framework/msfvenom [options] <var=val>
Options:
-l, --list <type> List all modules for [type]. Types are: payloads, encoders, nops, platforms, formats, all
-p, --payload <payload> Payload to use (--list payloads to list, --list-options for arguments). Specify '-' or STDIN for custom
--list-options List --payload <value>'s standard, advanced and evasion options
-f, --format <format> Output format (use --list formats to list)
-e, --encoder <encoder> The encoder to use (use --list encoders to list)
--smallest Generate the smallest possible payload using all available encoders
-a, --arch <arch> The architecture to use for --payload and --encoders
--platform <platform> The platform for --payload (use --list platforms to list)
-o, --out <path> Save the payload to a file
-b, --bad-chars <list> Characters to avoid example: '\x00\xff'
-n, --nopsled <length> Prepend a nopsled of [length] size on to the payload
-s, --space <length> The maximum size of the resulting payload
--encoder-space <length> The maximum size of the encoded payload (defaults to the -s value)
-i, --iterations <count> The number of times to encode the payload
-c, --add-code <path> Specify an additional win32 shellcode file to include
-x, --template <path> Specify a custom executable file to use as a template
-k, --keep Preserve the --template behaviour and inject the payload as a new thread
-v, --var-name <value> Specify a custom variable name to use for certain output formats
-t, --timeout <second> The number of seconds to wait when reading the payload from STDIN (default 30, 0 to disable)
-h, --help Show this message
System stuff
Metasploit version
Verison: Framework Version: 4.17.6-dev-
I installed Metasploit with:
- [x] Kali package via apt
- [ ] Omnibus installer (nightly)
- [ ] Commercial/Community installer (from http://www.rapid7.com/products/metasploit/download.jsp)
- [ ] Source install (please specify ruby version)
OS
Linux sssss-debian-tor1 4.15.12-041512-generic #201803211230 SMP Wed Mar 21 12:32:19 UTC 2018 x86_64 GNU/Linu
@wvu-r7 @jmartin-r7
Green-m
All 9 comments
It appears that #10029 was not labeled msf5, but #9869 was an msf5 PR. We really need a better way to track these discrepancies! I think this is the second bug from these two PRs alone.
wvu-r7
on 21 Aug 2018
Argh, I could have sworn I ported out the --encrypt segments of #10029 when cherry-picking to 4.x I will address this.
@Green-m, @wvu-r7 is correct that --encrypt is not supported and should not be offered in 4.x
jmartin-r7
on 21 Aug 2018
Turns out I had fixed this in #10153 for options that were 4.x only. Closing this issue as current intended function of msfvenom in the 4.x environment.
jmartin-r7
on 21 Aug 2018
Thank you, @jmartin-r7!
wvu-r7
on 21 Aug 2018
@jmartin-r7
Thank you very much!
So the reason --encrypt not in the msf4 is just because this feature is not stable enough?
I thought that the msf5 is a development version of msf4, but now I became a little confused about the difference between the both.
Since there are some function and feature distinguish, is there a good way to track these discrepancies?
I do not mean to be offensive and annoying, just want to correct my opinion.
Green-m
on 22 Aug 2018
4.x is our stable branch this is what our Nightly Omnibus publisher consumes and what distributions like Kali have been asked to make available to new users. New features that are being experimented with are going into master which has been deemed msf5.
Functionality delivered for expert testing or master branch only consumption is tagged msf5 on the PRs
For context https://blog.rapid7.com/2018/01/19/metasploit-wrapup-24/
This allows for features that are not quite stable to be shared with the community while not breaking every user.
In the case of --encrypt that feature was merged in a partial stated, the where only source segments for payloads currently take advantage of it using the methods offered in the blog post. The ability to create ready to use payloads is just not in place for that option so exposure has been limited to users that are obtaining framework as development source on the master branch.
jmartin-r7
on 22 Aug 2018
@jmartin-r7
Thanks for your patient reply. I got it.
Green-m
on 23 Aug 2018
Is there a release package for msf5? or the only way is to git clone branch:master?
evandrix
on 10 Dec 2018
Is there a release package for
msf5? or the only way is togit clonebranch:master?
For now, msf5 only support for git clone to install.
Green-m
on 10 Dec 2018
Related issues
bugshere
路
3Comments
fluit105
路
3Comments
idetest41
路
3Comments
Acidical
路
3Comments
verapex
路
3Comments