Metasploit-framework: Auxiliary failed: SocketError getaddrinfo: nodename nor servname provided, or not known

Created on 23 Sep 2018  路  4Comments  路  Source: rapid7/metasploit-framework

Steps to reproduce

How'd you do it?

msf5 auxiliary(scanner/http/apache_activemq_source_disclosure) > use admin/http/joomla_registration_privesc
msf5 auxiliary(admin/http/joomla_registration_privesc) > options

Module options (auxiliary/admin/http/joomla_registration_privesc):

   Name       Current Setting        Required  Description
   ----       ---------------        --------  -----------
   EMAIL      [email protected]  yes       Email to receive the activation code for the account
   PASSWORD   expl0it3r              yes       Password for the username
   Proxies                           no        A proxy chain of format type:host:port[,type:host:port][...]
   RHOSTS     10.181.0.122/24        yes       The target address range or CIDR identifier
   RPORT      80                     yes       The target port (TCP)
   SSL        false                  no        Negotiate SSL/TLS for outgoing connections
   TARGETURI  /                      yes       The relative URI of the Joomla instance
   USERNAME   expl0it3r              yes       Username that will be created
   VHOST                             no        HTTP server virtual host

msf5 auxiliary(admin/http/joomla_registration_privesc) > set verbose true
verbose => true
msf5 auxiliary(admin/http/joomla_registration_privesc) > run

Expected behavior

Works well.

Current behavior

[-] Auxiliary failed: SocketError getaddrinfo: nodename nor servname provided, or not known
[-] Call stack:
[-]   /Users/green/.rvm/gems/ruby-2.5.1@metasploit-framework/gems/rex-socket-0.1.15/lib/rex/socket.rb:189:in `gethostbyname'
[-]   /Users/green/.rvm/gems/ruby-2.5.1@metasploit-framework/gems/rex-socket-0.1.15/lib/rex/socket.rb:189:in `getaddresses'
[-]   /Users/green/.rvm/gems/ruby-2.5.1@metasploit-framework/gems/rex-socket-0.1.15/lib/rex/socket.rb:173:in `getaddress'
[-]   /Users/green/.rvm/gems/ruby-2.5.1@metasploit-framework/gems/rex-socket-0.1.15/lib/rex/socket.rb:263:in `resolv_nbo'
[-]   /Users/green/.rvm/gems/ruby-2.5.1@metasploit-framework/gems/rex-socket-0.1.15/lib/rex/socket.rb:277:in `resolv_nbo_i'
[-]   /Users/green/.rvm/gems/ruby-2.5.1@metasploit-framework/gems/rex-socket-0.1.15/lib/rex/socket/switch_board.rb:233:in `best_comm'
[-]   /Users/green/.rvm/gems/ruby-2.5.1@metasploit-framework/gems/rex-socket-0.1.15/lib/rex/socket/switch_board.rb:127:in `best_comm'
[-]   /Users/green/.rvm/gems/ruby-2.5.1@metasploit-framework/gems/rex-socket-0.1.15/lib/rex/socket/parameters.rb:195:in `initialize'
[-]   /Users/green/.rvm/gems/ruby-2.5.1@metasploit-framework/gems/rex-socket-0.1.15/lib/rex/socket/parameters.rb:38:in `new'
[-]   /Users/green/.rvm/gems/ruby-2.5.1@metasploit-framework/gems/rex-socket-0.1.15/lib/rex/socket/parameters.rb:38:in `from_hash'
[-]   /Users/green/.rvm/gems/ruby-2.5.1@metasploit-framework/gems/rex-socket-0.1.15/lib/rex/socket/tcp.rb:28:in `create'
[-]   /Users/green/msfdev/metasploit-framework/lib/rex/proto/http/client.rb:177:in `connect'
[-]   /Users/green/msfdev/metasploit-framework/lib/rex/proto/http/client.rb:244:in `send_request'
[-]   /Users/green/msfdev/metasploit-framework/lib/rex/proto/http/client.rb:229:in `_send_recv'
[-]   /Users/green/msfdev/metasploit-framework/lib/rex/proto/http/client.rb:210:in `send_recv'
[-]   /Users/green/msfdev/metasploit-framework/lib/msf/core/exploit/http/client.rb:367:in `send_request_cgi'
[-]   /Users/green/msfdev/metasploit-framework/modules/auxiliary/admin/http/joomla_registration_privesc.rb:45:in `check'
[-]   /Users/green/msfdev/metasploit-framework/modules/auxiliary/admin/http/joomla_registration_privesc.rb:79:in `run'
[*] Auxiliary module execution completed
msf5 auxiliary(admin/http/joomla_registration_privesc) >

System stuff

Metasploit version

msf5 auxiliary(admin/http/joomla_registration_privesc) > version
Framework: 5.0.0-dev-5ddbf6fd11
Console  : 5.0.0-dev-5ddbf6fd11

I installed Metasploit with:

  • [ ] Kali package via apt
  • [ ] Omnibus installer (nightly)
  • [ ] Commercial/Community installer (from http://www.rapid7.com/products/metasploit/download.jsp)
  • [x] Source install (please specify ruby version)
$ ruby -v
ruby 2.5.1p57 (2018-03-29 revision 63029) [x86_64-darwin17]

OS

What OS are you running Metasploit on?
macos 13.6

Dig it

I have drilled it down, the exception occurred at:

File: lib/msf/core/exploit/tcp.rb

      nsock = Rex::Socket::Tcp.create(
        'PeerHost'      =>  opts['RHOST'] || rhost,
        'PeerPort'      => (opts['RPORT'] || rport).to_i,
        'LocalHost'     =>  opts['CHOST'] || chost || "0.0.0.0",
        'LocalPort'     => (opts['CPORT'] || cport || 0).to_i,
        'SSL'           =>  dossl,
        'SSLVersion'    =>  opts['SSLVersion'] || ssl_version,
        'SSLVerifyMode' =>  opts['SSLVerifyMode'] || ssl_verify_mode,
        'SSLCipher'     =>  opts['SSLCipher'] || ssl_cipher,
        'Proxies'       => proxies,
        'Timeout'       => (opts['ConnectTimeout'] || connect_timeout || 10).to_i,
        'Context'       =>
          {
            'Msf'        => framework,
            'MsfExploit' => self,
          })

The method Rex::Socket::Tcp.create would call the method Socket.gethostbyname:

From: /Users/green/.rvm/gems/ruby-2.5.1@metasploit-framework/gems/rex-socket-0.1.15/lib/rex/socket.rb @ line 189 Rex::Socket.getaddresses:

    184: def self.getaddresses(hostname, accept_ipv6 = true)
    185:   if hostname =~ MATCH_IPV4 || (accept_ipv6 && hostname =~ MATCH_IPV6)
    186:     return [hostname]
    187:   end
    188:
 => 189:   res = ::Socket.gethostbyname(hostname)
    190:   return [] if not res
    191:

Socket.gethostbyname cannot accept RHOSTS, which is like 1.1.1.1/24, so it would throw the exception.

[13] pry(main)> Socket.gethostbyname("8.8.8.8")
=> ["8.8.8.8", [], 2, "\b\b\b\b"]
[14] pry(main)> Socket.gethostbyname("8.8.8.8/24")
SocketError: getaddrinfo: nodename nor servname provided, or not known
from (pry):36:in `gethostbyname'

I guess there are many modules exist this issue, which include Msf::Exploit::Remote::Tcp and Msf::Exploit::Remote::HttpClient.

Maybe related #9246.

bug library
Source
picture Green-m

Most helpful comment

This happens when RHOST isn't set among other things. I'll bet I need a similar patch to #10688

picture busterb on 25 Sep 2018
👍2

All 4 comments

Can confirm that non-scanner aux modules using HttpClient are all affected.

wvu-r7 picture wvu-r7 on 24 Sep 2018

This happens when RHOST isn't set among other things. I'll bet I need a similar patch to #10688

busterb picture busterb on 25 Sep 2018
👍2

Hmm, 'check' works as expected, but 'run' does not. lib/msf/ui/console/command_dispatcher/auxiliary.rb does not even defined 'check', so does it get defined somewhere else?

busterb picture busterb on 25 Sep 2018

@busterb
I think cmd_check is defined in lib/msf/ui/console/module_command_dispatcher.rb, which call check_simple to run actually check.

Green-m picture Green-m on 26 Sep 2018
Was this page helpful?
0 / 5 - 0 ratings

Related issues

sunlewuyou picture sunlewuyou  路  48Comments
kontenbonker picture kontenbonker  路  26Comments
kali64amd picture kali64amd  路  39Comments
esfomeado picture esfomeado  路  35Comments
anthraxx picture anthraxx  路  31Comments