Metasploit-framework: Suggestion: add message to handle error when trying to use an invalid encoder
Steps to reproduce
- use exploit/windows/smb/psexec
- set target 2 (native upload)
- set other options as needed (login, password, rhost)
- set SERVICE_STUB_ENCODER notfound
Here I make the mistake of selecting an invalid encoder (it happens, right? 馃槈)
Expected behavior
Metasploit should give me an explicit error "Invalid encoder 'notfound' selected"
Current behavior
We get a not very helpful error:
msf5 exploit(windows/smb/psexec) > run
[*] Started reverse TCP handler on 192.168.80.131:4444
[*] a.b.c.d:445 - Connecting to the server...
[*] a.b.c.d:445 - Authenticating to a.b.c.d:445|cnn-lab as user 'clem'...
[!] a.b.c.d:445 - No active DB -- Credential data will not be saved!
[*] a.b.c.d:445 - Uploading payload... lvkZVaeg...exe
createx86/service
after create, encoder_mod=#<Msf::Modules::Encoder__X86__Service::MetasploitModule:0x00007fa39873c240>
datastore={}
before run
after run
createnotfound
after create, encoder_mod=
datastore={}
[-] a.b.c.d:445 - Exploit failed: NoMethodError undefined method `datastore' for nil:NilClass
As you can see I added some ugly prints (btw if you know a better way to work within MSF!) to debug the issue in lib/msf/core/payload_generator.rb:
def multiple_encode_payload(shellcode)
encoder_str = encoder[1..-1]
encoder_str.scan(/([^:, ]+):?([^,]+)?/).map do |encoder_opt|
@iterations = (encoder_opt[1] || 1).to_i
@iterations = 1 if iterations < 1
print("create"+encoder_opt[0]+"\n")
encoder_mod = framework.encoders.create(encoder_opt[0])
puts("after create, encoder_mod="+encoder_mod.to_s)
puts("datastore="+datastore.to_s)
encoder_mod.datastore.import_options_from_hash(datastore)
puts("before run")
shellcode = run_encoder(encoder_mod, shellcode)
puts("after run")
end
shellcode
end
It allows to see that when an encoder is invalid, encoder_mod = framework.encoders.create returns nil which triggers the exception below when calling encoder_mod.datastore
I'd like to offer a PR but I don't know this code enough to be confident :)
System stuff
Metasploit version
Latest version from Git
Actually I'm working on fixing this code and currently specifying an encoder won't do anything and you won't be able to reproduce it
Cf. #13407 and https://github.com/rapid7/metasploit-framework/issues/13407#issuecomment-625335717 from @jmartin-r7 explaining how the service encoder setting flows from psexec options to this code
cnotin
All 6 comments
@cnotin: Check this out! https://github.com/pry/pry
wvu-r7
on 12 May 2020
It looks very handy thanks @wvu-r7
cnotin
on 12 May 2020
Hi!
This issue has been left open with no activity for a while now.
We get a lot of issues, so we currently close issues after 60 days of inactivity. It鈥檚 been at least 30 days since the last update here.
If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!
As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.
![github-actions[bot] picture](https://avatars2.githubusercontent.com/in/15368?v=4&s=40)
github-actions[bot]
on 14 Sep 2020
I think it's still relevant
cnotin
on 14 Sep 2020
Hi!
This issue has been left open with no activity for a while now.
We get a lot of issues, so we currently close issues after 60 days of inactivity. It鈥檚 been at least 30 days since the last update here.
If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!
As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.
github-actions[bot]
on 15 Oct 2020
Please keep it up :)
cnotin
on 15 Oct 2020
Related issues
Acidical
路
3Comments
BaconBombz
路
3Comments
verapex
路
3Comments
miholtz
路
3Comments
XSecr3t
路
3Comments