Metasploit-framework: Got error while exploit BadBlue 2.72.
I'm getting this error while exploiting BadBlue service on windows 10 which is install in vbox.
I updated my metasploit to the latest version also but still it's not working.
I scanned the victim machine using nmap and got BadBlue service running on port 8888.
I used following steps to exploit the BadBlue service.
msf5 > use exploit/windows/http/badblue_passthru
msf5 exploit(windows/http/badblue_passthru) > set rhost 192.168.31.190
rhost => 192.168.31.190
msf5 exploit(windows/http/badblue_passthru) > set lhost 192.168.31.126
lhost => 192.168.31.126
msf5 exploit(windows/http/badblue_passthru) > exploit
[-] Exploit failed: NoMethodError undefined method `get_service' for #
Did you mean? get_msf_version
[*] Exploit completed, but no session was created.
In Above Case
My IP: 192.168.31.126
Victim IP : 192.168.31.190
## Expected behavior
It should open session.
## Current behavior (Last Error in Log File)
[e(0)] core: windows/meterpreter/reverse_tcp: iteration 1: Broken encoder x86/xor_dynamic: Bad character found in stub for the Dynamic key XOR Encoder encoder.
[e(0)] core: windows/meterpreter/reverse_tcp: iteration 1: Broken encoder x86/fnstenv_mov: No valid set instruction could be created!
[i(0)] core: windows/meterpreter/reverse_tcp: iteration 1: Successfully encoded with encoder x86/call4_dword_xor (size is 392)
[e(0)] core: Exploit failed (windows/http/badblue_passthru): NoMethodError undefined method `get_service' for #
### Metasploit version
metasploit v5.0.30-dev-
### I installed Metasploit with:
- [1 ] Kali package via apt
### OS
What OS are you running Metasploit on?
Kali GNU/Linux Rolling
Release: 2019.2
codeh4ck3r
All 11 comments
I modified exploit.rb to show a bit more information. Confirmed.
msf5 exploit(windows/http/badblue_passthru) > exploit
[-] Call stack:
/home/msfdev/git/metasploit-framework/lib/metasploit/framework/data_service/proxy/core.rb:136:in `method_missing'
/home/msfdev/git/metasploit-framework/lib/msf/core/exploit/http/client.rb:678:in `block in lookup_http_fingerprints'
/home/msfdev/.rvm/gems/ruby-2.6.2@metasploit-framework/gems/activerecord-4.2.11.1/lib/active_record/connection_adapters/abstract/connection_pool.rb:292:in `with_connection'
/home/msfdev/git/metasploit-framework/lib/msf/core/exploit/http/client.rb:674:in `lookup_http_fingerprints'
/home/msfdev/git/metasploit-framework/lib/msf/core/exploit/http/client.rb:721:in `http_fingerprint'
/home/msfdev/git/metasploit-framework/lib/msf/core/exploit/http/client.rb:115:in `validate_fingerprint'
/home/msfdev/git/metasploit-framework/lib/msf/core/exploit/http/client.rb:94:in `setup'
/home/msfdev/git/metasploit-framework/lib/msf/core/exploit_driver.rb:210:in `job_run_proc'
/home/msfdev/git/metasploit-framework/lib/msf/core/exploit_driver.rb:169:in `run'
/home/msfdev/git/metasploit-framework/lib/msf/base/simple/exploit.rb:140:in `exploit_simple'
/home/msfdev/git/metasploit-framework/lib/msf/base/simple/exploit.rb:165:in `exploit_simple'
/home/msfdev/git/metasploit-framework/lib/msf/ui/console/command_dispatcher/exploit.rb:55:in `exploit_single'
/home/msfdev/git/metasploit-framework/lib/msf/ui/console/command_dispatcher/exploit.rb:205:in `cmd_exploit'
/home/msfdev/git/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:523:in `run_command'
/home/msfdev/git/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:474:in `block in run_single'
/home/msfdev/git/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:468:in `each'
/home/msfdev/git/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:468:in `run_single'
/home/msfdev/git/metasploit-framework/lib/rex/ui/text/shell.rb:151:in `run'
/home/msfdev/git/metasploit-framework/lib/metasploit/framework/command/console.rb:48:in `start'
/home/msfdev/git/metasploit-framework/lib/metasploit/framework/command/base.rb:82:in `start'
./msfconsole:49:in `<main>'
[-] Exploit failed: NoMethodError undefined method `get_service' for #<Metasploit::Framework::DataService::RemoteHTTPDataService:0x000056528822ea80>
Did you mean? get_msf_version
[*] Exploit completed, but no session was created.
jrobles-r7
on 14 Jun 2019
@codeh4ck3r As a temporary work around would you try to disconnect the remote data service and use the local data service by first running the command db_disconnect once and then attempting the exploit again.
msf5 > db_disconnect
Successfully disconnected from the data service: remote_data_service: (https://localhost:5443).
msf5 > db_status
[*] Connected to msf. Connection type: postgresql.
The Msf::DBManager::Service#get_service (lib/msf/core/db_manager/service.rb) method doesn't exist in the ServiceDataProxy module (lib/metasploit/framework/data_service/proxy/service_data_proxy.rb) so when connected to a remote data service the method is not found. From a quick grep of the code base it seems the get_service method is called in four locations. These would ideally be rewritten as appropriate queries to the Msf::DBManager::Service#services query method and would then work correctly with both the remote and local data services.
mkienow-r7
on 14 Jun 2019
Temporary workarounds seems valid.
msf5 exploit(windows/http/badblue_passthru) > db_status
[*] Connected to remote_data_service: (https://localhost:5443). Connection type: http. Connection name: local-https-data-service.
msf5 exploit(windows/http/badblue_passthru) > exploit
[-] Call stack:
/home/msfdev/git/metasploit-framework/lib/metasploit/framework/data_service/proxy/core.rb:136:in `method_missing'
/home/msfdev/git/metasploit-framework/lib/msf/core/exploit/http/client.rb:678:in `block in lookup_http_fingerprints'
/home/msfdev/.rvm/gems/ruby-2.6.2@metasploit-framework/gems/activerecord-4.2.11.1/lib/active_record/connection_adapters/abstract/connection_pool.rb:292:in `with_connection'
/home/msfdev/git/metasploit-framework/lib/msf/core/exploit/http/client.rb:674:in `lookup_http_fingerprints'
/home/msfdev/git/metasploit-framework/lib/msf/core/exploit/http/client.rb:721:in `http_fingerprint'
/home/msfdev/git/metasploit-framework/lib/msf/core/exploit/http/client.rb:115:in `validate_fingerprint'
/home/msfdev/git/metasploit-framework/lib/msf/core/exploit/http/client.rb:94:in `setup'
/home/msfdev/git/metasploit-framework/lib/msf/core/exploit_driver.rb:210:in `job_run_proc'
/home/msfdev/git/metasploit-framework/lib/msf/core/exploit_driver.rb:169:in `run'
/home/msfdev/git/metasploit-framework/lib/msf/base/simple/exploit.rb:140:in `exploit_simple'
/home/msfdev/git/metasploit-framework/lib/msf/base/simple/exploit.rb:165:in `exploit_simple'
/home/msfdev/git/metasploit-framework/lib/msf/ui/console/command_dispatcher/exploit.rb:55:in `exploit_single'
/home/msfdev/git/metasploit-framework/lib/msf/ui/console/command_dispatcher/exploit.rb:205:in `cmd_exploit'
/home/msfdev/git/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:523:in `run_command'
/home/msfdev/git/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:474:in `block in run_single'
/home/msfdev/git/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:468:in `each'
/home/msfdev/git/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:468:in `run_single'
/home/msfdev/git/metasploit-framework/lib/rex/ui/text/shell.rb:151:in `run'
/home/msfdev/git/metasploit-framework/lib/metasploit/framework/command/console.rb:48:in `start'
/home/msfdev/git/metasploit-framework/lib/metasploit/framework/command/base.rb:82:in `start'
./msfconsole:49:in `<main>'
[-] Exploit failed: NoMethodError undefined method `get_service' for #<Metasploit::Framework::DataService::RemoteHTTPDataService:0x0000559468637b60>
Did you mean? get_msf_version
[*] Exploit completed, but no session was created.
msf5 exploit(windows/http/badblue_passthru) > db_disconnect
Successfully disconnected from the data service: remote_data_service: (https://localhost:5443).
msf5 exploit(windows/http/badblue_passthru) > db_status
[*] Connected to msf. Connection type: postgresql.
msf5 exploit(windows/http/badblue_passthru) > exploit
[-] Call stack:
[Note: I removed the CallStack from a fail_with. The CallStack only occurred because of my exploit.rb modification]
[-] Exploit aborted due to failure: not-found: The target server fingerprint "SimpleHTTP/0.6 Python/2.7.13" does not match "(?-mix:BadBlue\/)", use 'set FingerprintCheck false' to disable this check.
[*] Exploit completed, but no session was created.
msf5 exploit(windows/http/badblue_passthru) >
@mkienow-r7 Yes, Temporary work around is valid and working fine.
codeh4ck3r
on 14 Jun 2019
@codeh4ck3r Thank you for reporting the issue!
mkienow-r7
on 14 Jun 2019
Still happening but works with the workaround
Atem18
on 12 Dec 2019
I haven't verified this yet, but I believe exploits/linux/http/mvpower_dvr_shell_exec has the same issue.
AlanFoster
on 16 May 2020
I haven't verified this yet, but I believe
exploits/linux/http/mvpower_dvr_shell_exechas the same issue.
what? how?
bcoles
on 16 May 2020
what? how?
@bcoles At the time - a user on slack posted an error with that module, but I wasn't able to verify it
adfoster-r7
on 24 Jul 2020
From what I understand of the current dataservices API - it doesn't seem like the existing http finger printing code can be directly converted to use Msf::DBManager::Service#services as the current code queries for a specific service, then directly mutates the http.fingerprint notes:
adfoster-r7
on 25 Jul 2020
@adfoster-r7 The get_service method calls would ideally be rewritten as appropriate queries to the Msf::DBManager::Service#services query method and should then work correctly with both the remote and local data services as I suggested in the second part of my message above. In the code you posted from lookup_http_fingerprints it appears the service is simply used to locate associated notes and append them to the fprints array before returning them to the caller. This doesn't appear to be updating the notes in the database. Would it be possible to pass the service id and ntype: 'http.fingerprint' to the notes (GET) data service to get the notes that are needed?
mkienow-r7
on 27 Jul 2020
Related issues
ejholmes
路
3Comments
handsomebeast
路
3Comments
bcoles
路
3Comments
Acidical
路
3Comments
adrianmihalko
路
3Comments
Most helpful comment
@codeh4ck3r Thank you for reporting the issue!