Metasploit-framework: "Always Returns Nil" prevents all scanners on kali linux from actually scanning a target

Created on 4 May 2020  路  13Comments  路  Source: rapid7/metasploit-framework

Steps to reproduce

Run msfconsole
Although not specific to just this scanner, in the latest case I was using the Wordpress scanner:
use auxiliary/scanner/http/wordpress_scanner
set RHOST 107.180.50.228
set verbose true
(Because I wanted to scan on the default port 80 first, I didn't specify RPORT as it shows as already set to port 80 when you run show options
run

How'd you do it?
Running the above commands, with multiple different targets.
Other scanning modules that haven't worked when tried is the auxiliary/scanners/tcp_scanner module.
Instead of giving me information it just displays the lines referenced in the "current behavior" section of this issue and then exiting without saying anything else,

Expected behavior

I expect a scan with information or any sign that a scan was actually taking place, and then output results or indication of a report file being created with the scan results. Neither has happened.

Current behavior

[*] Trying 107.180.50.228
/usr/share/metasploit-framework/lib/rex/proto/http/client.rb:96: warning: deprecated Object#=~ is called on FalseClass; it always returns nil
/usr/share/metasploit-framework/lib/rex/proto/http/client.rb:96: warning: deprecated Object#=~ is called on FalseClass; it always returns nil
/usr/share/metasploit-framework/lib/rex/proto/http/client.rb:96: warning: deprecated Object#=~ is called on FalseClass; it always returns nil
/usr/share/metasploit-framework/lib/rex/proto/http/client.rb:96: warning: deprecated Object#=~ is called on FalseClass; it always returns nil
/usr/share/metasploit-framework/lib/rex/proto/http/client.rb:96: warning: deprecated Object#=~ is called on FalseClass; it always returns nil
/usr/share/metasploit-framework/lib/rex/proto/http/client.rb:96: warning: deprecated Object#=~ is called on FalseClass; it always returns nil
/usr/share/metasploit-framework/lib/rex/proto/http/client.rb:96: warning: deprecated Object#=~ is called on FalseClass; it always returns nil
/usr/share/metasploit-framework/lib/rex/proto/http/client.rb:96: warning: deprecated Object#=~ is called on FalseClass; it always returns nil
/usr/share/metasploit-framework/lib/rex/proto/http/client.rb:96: warning: deprecated Object#=~ is called on FalseClass; it always returns nil
/usr/share/metasploit-framework/lib/rex/proto/http/client.rb:96: warning: deprecated Object#=~ is called on FalseClass; it always returns nil
/usr/share/metasploit-framework/lib/rex/proto/http/client.rb:96: warning: deprecated Object#=~ is called on FalseClass; it always returns nil
/usr/share/metasploit-framework/lib/rex/proto/http/client.rb:96: warning: deprecated Object#=~ is called on FalseClass; it always returns nil
/usr/share/metasploit-framework/lib/rex/proto/http/client.rb:96: warning: deprecated Object#=~ is called on FalseClass; it always returns nil
/usr/share/metasploit-framework/lib/rex/proto/http/client.rb:96: warning: deprecated Object#=~ is called on FalseClass; it always returns nil
/usr/share/metasploit-framework/lib/rex/proto/http/client.rb:96: warning: deprecated Object#=~ is called on FalseClass; it always returns nil
/usr/share/metasploit-framework/lib/rex/proto/http/client.rb:96: warning: deprecated Object#=~ is called on FalseClass; it always returns nil
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

The scanner(s) fail to provide any information and all exit and reach 100% completion in under 4 to 5 seconds, usually even faster than that. 

framework.log output 
NOTE: I am aware that the database isn't connected, that is deliberate, I don't use metasploit for the operations that it would be helpful to have database support in.


[05/02/2020 20:03:02] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[05/02/2020 20:03:02] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[05/02/2020 20:03:03] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[05/02/2020 20:03:04] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[05/02/2020 20:08:31] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[05/02/2020 20:08:31] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[05/02/2020 21:03:53] [e(0)] core: Failed to connect to the database: No database YAML file
[05/02/2020 21:04:15] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[05/02/2020 21:04:15] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[05/02/2020 21:04:17] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[05/02/2020 21:04:17] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[05/02/2020 21:06:21] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[05/02/2020 21:06:21] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[05/02/2020 21:06:22] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[05/02/2020 21:06:22] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[05/02/2020 21:08:17] [e(0)] core: Exploit failed (linux/http/tr064_ntpserver_cmdinject): An invalid argument was specified. Invalid target index.
[05/02/2020 21:08:37] [e(0)] rex: Failed to find handler for resource: /favicon.ico
[05/02/2020 21:24:57] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[05/02/2020 21:24:57] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[05/02/2020 21:24:59] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[05/02/2020 21:24:59] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[05/02/2020 21:26:02] [e(0)] core: Error running against host 154.93.253.12: Cred details can't be blank, Cred details can't be blank (Metasploit::Framework::LoginScanner::PhpMyAdmin)
/usr/share/metasploit-framework/lib/metasploit/framework/login_scanner/base.rb:262:in `valid!'
/usr/share/metasploit-framework/lib/metasploit/framework/login_scanner/base.rb:194:in `scan!'
/usr/share/metasploit-framework/modules/auxiliary/scanner/http/phpmyadmin_login.rb:89:in `run_host'
/usr/share/metasploit-framework/lib/msf/core/auxiliary/scanner.rb:117:in `block (2 levels) in run'
/usr/share/metasploit-framework/lib/msf/core/thread_manager.rb:106:in `block in spawn'
[05/02/2020 21:28:35] [e(0)] core: Failed to connect to the database: No database YAML file
[05/02/2020 21:29:03] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[05/02/2020 21:29:03] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[05/02/2020 21:29:05] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[05/02/2020 21:29:05] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[05/02/2020 21:58:29] [i(0)] core: windows/meterpreter/reverse_tcp: iteration 1: Successfully encoded with encoder x86/shikata_ga_nai (size is 310)
[05/02/2020 22:01:31] [d(0)] core: Module cmd/unix/reverse_stub is incompatible with linux/http/ddwrt_cgibin_exec for RequiredCmd: limiter was generic netcat netcat-e
[05/02/2020 22:01:31] [d(0)] core: Module generic/custom is incompatible with linux/http/ddwrt_cgibin_exec for RequiredCmd: limiter was generic netcat netcat-e
[05/02/2020 22:01:31] [d(0)] core: Module generic/shell_bind_tcp is incompatible with linux/http/ddwrt_cgibin_exec for RequiredCmd: limiter was generic netcat netcat-e
[05/02/2020 22:01:31] [d(0)] core: Module generic/shell_reverse_tcp is incompatible with linux/http/ddwrt_cgibin_exec for RequiredCmd: limiter was generic netcat netcat-e
[05/02/2020 23:11:31] [e(0)] core: Failed to connect to the database: No database YAML file
[05/02/2020 23:11:54] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[05/02/2020 23:11:54] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[05/02/2020 23:11:56] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[05/02/2020 23:11:56] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[05/02/2020 23:27:46] [e(0)] core: Failed to connect to the database: No database YAML file
[05/02/2020 23:28:11] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[05/02/2020 23:28:11] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[05/02/2020 23:28:13] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[05/02/2020 23:28:13] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[05/02/2020 23:53:32] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[05/02/2020 23:53:32] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[05/02/2020 23:53:35] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[05/02/2020 23:53:35] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[05/03/2020 18:48:03] [e(0)] core: Failed to connect to the database: No database YAML file
[05/03/2020 18:48:33] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[05/03/2020 18:48:33] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[05/03/2020 18:48:35] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[05/03/2020 18:48:35] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[05/04/2020 15:08:01] [e(0)] core: Failed to connect to the database: No database YAML file
[05/04/2020 15:08:26] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[05/04/2020 15:08:26] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[05/04/2020 15:08:27] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[05/04/2020 15:08:27] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported

System stuff

Running msfconsole as root per usual. Fully up-to-date with latest updates and upgrades via a scheduled automatic apt-get update && apt-get dist-upgrade -y && apt-get autoremove -y job.
System Services:

 [ - ]  LCDd
 [ - ]  apache-htcacheclean
 [ - ]  apache2
 [ - ]  arpwatch
 [ - ]  atftpd
 [ - ]  avahi-daemon
 [ + ]  binfmt-support
 [ - ]  bluetooth
 [ - ]  collectd
 [ - ]  collectl
 [ - ]  console-setup.sh
 [ + ]  cpufreqd
 [ + ]  cpufrequtils
 [ + ]  cron
 [ - ]  cryptdisks
 [ - ]  cryptdisks-early
 [ - ]  darkstat
 [ + ]  dbus
 [ - ]  dns2tcp
 [ - ]  fake-hwclock
 [ - ]  fancontrol
 [ - ]  greenbone-security-assistant
 [ - ]  haveged
 [ + ]  hddtemp
 [ - ]  hwclock.sh
 [ - ]  ifplugd
 [ - ]  inetsim
 [ - ]  iodined
 [ - ]  ipsec
 [ - ]  keyboard-setup.sh
 [ + ]  kmod
 [ - ]  ledmon
 [ + ]  lightdm
 [ + ]  llmnrd
 [ + ]  lm-sensors
 [ + ]  loadcpufreq
 [ - ]  lvm2
 [ - ]  lvm2-lvmpolld
 [ - ]  miredo
 [ + ]  monit
 [ - ]  mysql
 [ + ]  netdata
 [ + ]  network-manager
 [ - ]  networking
 [ - ]  nfs-common
 [ - ]  nginx
 [ - ]  nmbd
 [ + ]  ntp
 [ - ]  openipmi
 [ - ]  openvas-manager
 [ - ]  openvas-scanner
 [ + ]  openvpn
 [ - ]  pcscd
 [ - ]  plymouth
 [ + ]  plymouth-log
 [ + ]  postgresql
 [ - ]  pppd-dns
 [ + ]  procps
 [ - ]  tunnel
 [ - ]  pulseaudio-enable-autospawn
 [ - ]  redis-server
 [ - ]  redsocks
 [ - ]  rlinetd
 [ - ]  rpcbind
 [ - ]  rsync
 [ + ]  rsyslog
 [ - ]  rwhod
 [ - ]  samba-ad-dc
 [ - ]  saned
 [ - ]  screen-cleanup
 [ + ]  smartmontools
 [ - ]  smbd
 [ - ]  snmpd
 [ + ]  ssh
 [ - ]  sslh
 [ + ]  stunnel4
 [ - ]  sudo
 [ - ]  sysstat
 [ ? ]  thin
 [ - ]  thinkfan
 [ + ]  tor
 [ - ]  triggerhappy
 [ + ]  udev
 [ + ]  ufw
 [ + ]  unattended-upgrades
 [ - ]  x11-common
 [ - ]  xl2tpd
 [ ? ]  zram

Metasploit version

msf5 > version
Framework: 5.0.86-dev
Console  : 5.0.86-dev

I installed Metasploit with:

  • [x] Kali package via apt
  • [ ] Omnibus installer (nightly)
  • [ ] Commercial/Community installer (from http://www.rapid7.com/products/metasploit/download.jsp)
  • [ ] Source install (please specify ruby version)

OS

Linux kali 4.19.93-Re4son-v7+ #1 SMP armv7l GNU/Linux

picture XxLilBoPeepsxX
👍1

Most helpful comment

Alright,I checked it out and ran it, and it appears to be working, the port scanning module is working again as it should now, thank you so much for your prompt help!

picture XxLilBoPeepsxX on 5 May 2020
👍2

All 13 comments

@XxLilBoPeepsxX Thank you for the detailed issue. I believe this should be fixed for 5.0.87-dev - could you try again with the latest version:

Metasploit updates are available through the usual update channels.

If you're using Metasploit from the git repository, you can simply git pull.

If you've installed Metasploit using an operating system package manager, you'll need to wait until the package maintainer pushes an updated package.

msfupdate can be used to update Metasploit.

adfoster-r7 picture adfoster-r7 on 4 May 2020

Do we know when the update would reach Kali Rea4on? I really really need to be able to use those scanners

XxLilBoPeepsxX picture XxLilBoPeepsxX on 4 May 2020

@XxLilBoPeepsxX Hopefully soon. In the mean time the warnings can be ignored. Or, and I haven't tried this on a new version of Kali, you might be able to run this command in your terminal to open a new msfconsole instance which ignores the warnings:

ruby -W0 $(which msfconsole)

If that workaround does or doesn't work, let me know :+1:

adfoster-r7 picture adfoster-r7 on 4 May 2020
👍1

@XxLilBoPeepsxX Hopefully soon. In the mean time the warnings can be ignored. Or, and I haven't tried this on a new version of Kali, you might be able to run this command in your terminal to open a new msfconsole instance which ignores the warnings:

ruby -W0 $(which msfconsole)

If that workaround does or doesn't work, let me know

Working for me. Maybe unrelated but my shells are super unstable. Dying after less than a minute when they should be stable shells.

TomasPhilippart picture TomasPhilippart on 5 May 2020

@TomasPhilippart Thanks for the confirmation :+1:

I think shells dropping is unrelated, but please create a new issue with replication steps if you think it's a regression

adfoster-r7 picture adfoster-r7 on 5 May 2020
👍1

Hello again, thank you so much for the quick reply, I apologize for the delayed response, my teachers have been dumping the work onto us since that's all they can do given COVID and the lack of classes, etc.

I did attempt the workaround but it still is giving me that warning message repeatedly, and although it does _say_ that the scanning module completed a scan, or it _says_ that the exploit module ran, it doesn't give any output, it just says "100% complete" and then exits.

XxLilBoPeepsxX picture XxLilBoPeepsxX on 5 May 2020

Would you like me to run a scanner module such as the one I referenced in the original issue and provide the output and configuration for reference?

XxLilBoPeepsxX picture XxLilBoPeepsxX on 5 May 2020

@XxLilBoPeepsxX The latest release should now be available on Kali:

sudo apt-get update
sudo apt-get upgrade metasploit-framework
adfoster-r7 picture adfoster-r7 on 5 May 2020

@adfoster-r7 I just ran the two commands as you listed them, and apparently it is already the newest version, which is 5.0.87-0kali1

XxLilBoPeepsxX picture XxLilBoPeepsxX on 5 May 2020

@XxLilBoPeepsxX I've confirmed this module working locally against Wordpress 5.4

msf5 auxiliary(scanner/http/wordpress_scanner) > options

Module options (auxiliary/scanner/http/wordpress_scanner):

   Name       Current Setting  Required  Description
   ----       ---------------  --------  -----------
   Proxies                     no        A proxy chain of format type:host:port[,type:host:port][...]
   RHOSTS     127.0.0.1        yes       The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>'
   RPORT      8000             yes       The target port (TCP)
   SSL        false            no        Negotiate SSL/TLS for outgoing connections
   TARGETURI  /                yes       The base path to the wordpress application
   THREADS    1                yes       The number of concurrent threads (max one per host)
   VHOST                       no        HTTP server virtual host

With the result:

msf5 auxiliary(scanner/http/wordpress_scanner) > run

[*] Trying 127.0.0.1
[+] 127.0.0.1 running Wordpress 5.4.1
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

You can turn on additional logging via:

set HttpTrace true
adfoster-r7 picture adfoster-r7 on 5 May 2020

@XxLilBoPeepsxX Could you confirm you're on the latest version for me?

sudo apt-cache policy metasploit-framework

The above command should show which version you're currently on. If it's not the latest version run the upgrade command:

sudo apt-get upgrade metasploit-framework
adfoster-r7 picture adfoster-r7 on 5 May 2020

Indeed I can confirm, here is output of apt-cache policy metasploit-framework:

metasploit-framework:
  Installed: 5.0.87-0kali1
  Candidate: 5.0.87-0kali1
  Version table:
 *** 5.0.87-0kali1 500
        500 http://http.kali.org/kali kali-rolling/main armhf Packages
        100 /var/lib/dpkg/status

I'm going to check with the module and make sure it works as well, I'll comment output in just a minute.

XxLilBoPeepsxX picture XxLilBoPeepsxX on 5 May 2020

Alright,I checked it out and ran it, and it appears to be working, the port scanning module is working again as it should now, thank you so much for your prompt help!

XxLilBoPeepsxX picture XxLilBoPeepsxX on 5 May 2020
👍2
Was this page helpful?
0 / 5 - 0 ratings

Related issues

wvu-r7 picture wvu-r7  路  3Comments
notdodo picture notdodo  路  3Comments
adrianmihalko picture adrianmihalko  路  3Comments
ejholmes picture ejholmes  路  3Comments
felipee07 picture felipee07  路  3Comments