Metasploit-framework: msfconsole crashing when enumerating wp login
Steps to reproduce
- Launched mfsconsole on my kali linux virtual machine
- use auxiliary/scanner/http/wordpress_login_enum
- set rhost, wordlists and target uri
- It recognized the wordpress site and started user enumeration and validation
- after about 30 seconds I get: "zsh: killed msfconsole"
Were you following a specific guide/tutorial or reading documentation?
https://www.hackingarticles.in/multiple-ways-to-crack-wordpress-login/
Expected behavior
brute force wordpress login
Current behavior
It crashes after 30 seconds
Metasploit version
Framework: 6.0.15-dev
Console : 6.0.15-dev
Additional Information
I had to rerun msfconsole so I don't know how usefull this information is.
===8<=== CUT AND PASTE EVERYTHING BELOW THIS LINE ===8<===
Module/Datastore
The following global/module datastore, and database setup was configured before the issue occurred:
Collapse
The local config file is empty, no global variables are set, and there is no active module.
History
The following commands were ran during the session and before this issue occurred:
Collapse
64 debug
Framework Errors
The following framework errors occurred before the issue occurred:
Collapse
[12/06/2020 13:48:59] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[12/06/2020 13:48:59] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[12/06/2020 13:48:59] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[12/06/2020 13:48:59] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[12/06/2020 16:18:11] [e(0)] meterpreter: Error running command channel: SignalException SIGHUP
[12/08/2020 13:57:56] [e(0)] core: Failed to connect to the database: No database YAML file
[12/08/2020 14:14:21] [e(0)] core: Failed to connect to the database: No database YAML file
[12/08/2020 14:29:14] [e(0)] core: Failed to connect to the database: No database YAML file
[12/08/2020 14:31:20] [e(0)] core: Failed to connect to the database: No database YAML file
[12/08/2020 14:34:37] [e(0)] core: Failed to connect to the database: No database YAML file
Web Service Errors
The following web service errors occurred before the issue occurred:
Collapse
msf-ws.log does not exist.
Framework Logs
The following framework logs were recorded before the issue occurred:
Collapse
[12/06/2020 13:03:41] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[12/06/2020 13:03:41] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[12/06/2020 13:03:41] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[12/06/2020 13:04:03] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[12/06/2020 13:04:03] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[12/06/2020 13:04:03] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[12/06/2020 13:04:03] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[12/06/2020 13:24:37] [e(0)] core: Failed to connect to the database: No database YAML file
[12/06/2020 13:24:38] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[12/06/2020 13:24:38] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[12/06/2020 13:24:38] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[12/06/2020 13:24:38] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[12/06/2020 13:26:10] [e(0)] core: Failed to connect to the database: No database YAML file
[12/06/2020 13:26:11] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[12/06/2020 13:26:11] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[12/06/2020 13:26:11] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[12/06/2020 13:26:11] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[12/06/2020 13:36:56] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[12/06/2020 13:36:56] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[12/06/2020 13:36:56] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[12/06/2020 13:36:56] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[12/06/2020 13:39:56] [e(0)] core: Failed to connect to the database: No database YAML file
[12/06/2020 13:39:58] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[12/06/2020 13:39:58] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[12/06/2020 13:39:58] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[12/06/2020 13:39:58] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[12/06/2020 13:41:14] [w(0)] core: Session 1 has died
[12/06/2020 13:44:13] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[12/06/2020 13:44:13] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[12/06/2020 13:44:13] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[12/06/2020 13:44:13] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[12/06/2020 13:44:14] [e(0)] core: Exploit failed (multi/handler): Interrupt - Interrupt
[12/06/2020 13:46:12] [w(0)] core: Exception in scheduler thread Rex::TimeoutError Operation timed out.
[12/06/2020 13:46:36] [w(0)] core: Session 2 has died
[12/06/2020 13:48:48] [e(0)] core: Exploit failed (multi/handler): Interrupt - Interrupt
[12/06/2020 13:48:57] [e(0)] core: Failed to connect to the database: No database YAML file
[12/06/2020 13:48:59] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[12/06/2020 13:48:59] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[12/06/2020 13:48:59] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[12/06/2020 13:48:59] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[12/06/2020 13:59:09] [w(0)] core: monitor_rsock: the remote socket is nil, exiting loop
[12/06/2020 14:01:15] [w(0)] core: monitor_rsock: the remote socket is nil, exiting loop
[12/06/2020 14:59:14] [w(0)] core: monitor_rsock: the remote socket is nil, exiting loop
[12/06/2020 16:18:11] [e(0)] meterpreter: Error running command channel: SignalException SIGHUP
[12/08/2020 13:57:56] [e(0)] core: Failed to connect to the database: No database YAML file
[12/08/2020 14:14:21] [e(0)] core: Failed to connect to the database: No database YAML file
[12/08/2020 14:29:14] [e(0)] core: Failed to connect to the database: No database YAML file
[12/08/2020 14:31:20] [e(0)] core: Failed to connect to the database: No database YAML file
[12/08/2020 14:32:05] [i(2)] core: Reloading auxiliary module scanner/http/wordpress_login_enum. Ambiguous module warnings are safe to ignore
[12/08/2020 14:34:37] [e(0)] core: Failed to connect to the database: No database YAML file
Web Service Logs
The following web service logs were recorded before the issue occurred:
Collapse
msf-ws.log does not exist.
Version/Install
The versions and install method of your Metasploit setup:
Collapse
Framework: 6.0.15-dev
Ruby: ruby 2.7.2p137 (2020-10-01 revision 5445e04352) [x86_64-linux-gnu]
Install Root: /usr/share/metasploit-framework
Session Type: postgresql selected, no connection
Install Method: Other - Please specify
potatoonabus
All 12 comments
Hmmm, I tried replicating this but no dice, this doesn't look like a issue with Metasploit but rather something specific to your environment
If you find anything to suggest it's a problem on our end please feel free to update us here and we can take another look
dwelch-r7
on 8 Dec 2020
I've read somewhere it could be because of lack of memory and I've reised my ram on the VM form 8 to 11 and it still happenes
potatoonabus
on 8 Dec 2020
Well I managed to replicate it, so you're not alone, my first test was on ubuntu and it worked fine, when I switched over to kali however is when I got the exact same thing as you, about 30 seconds in it dies
Edit: my bad, not a problem with kali
dwelch-r7
on 8 Dec 2020
@dwelch-r7 Was there a useful status code after the program died? If it's easy to replicate it shouldn't take longâ„¢ to confirm if the bug is in framework or if it's the environment it's running in
adfoster-r7
on 8 Dec 2020
dwelch-r7
on 8 Dec 2020
137 is normally a sign of memory issues. It's possible that this is a framework issue if we're allocating/leaking lots of objects 🤔
adfoster-r7
on 8 Dec 2020
yea looking up that code and re-running the module it's for sure a memory problem :grimacing:
Let me see if I get the same kind of memory usage on my ubuntu machine...but I left it running for a _while_ and it was fine
dwelch-r7
on 8 Dec 2020
[d]OOM!
I've tested and reproduced the issue on Kali (haven't tested on Ubuntu). Suspected maybe ulimits, but Ubuntu's defaults appear to be even more restrictive than Kali.
Ubuntu 20:
$ ulimit -a
core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 15411
max locked memory (kbytes, -l) 65536
max memory size (kbytes, -m) unlimited
open files (-n) 1024
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) 8192
cpu time (seconds, -t) unlimited
max user processes (-u) 15411
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited
Kali:
$ ulimit -a
real-time non-blocking time (microseconds, -R) unlimited
core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 7658
max locked memory (kbytes, -l) 254676
max memory size (kbytes, -m) unlimited
open files (-n) 1024
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) 8192
cpu time (seconds, -t) unlimited
max user processes (-u) 7658
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited
bcoles
on 8 Dec 2020
it's not running away with the memory usage like on kali but it's definitely using a lot and it is climbing but much more slowly
dwelch-r7
on 8 Dec 2020
Found the culprit: https://github.com/rapid7/metasploit-framework/blob/c4b2288f52ba48229226e7ecdba60fe10ec2e61b/lib/msf/core/auxiliary/auth_brute.rb#L455
dwelch-r7
on 8 Dec 2020
@potatoonabus if you need a workaround for now you could try it with smaller username and password lists, it seems we're generating all possible combinations first which is what's causing the massive spike in memory usage
dwelch-r7
on 8 Dec 2020
@dwelch-r7 I've just realized that. I tought it would enumerate the usernames first because wp-login tells you if the username is correct. This would take ages and is pretty pointles. Thanks for the fast replies and good luck on fixing it.
potatoonabus
on 8 Dec 2020
Related issues
idetest41
·
3Comments
wvu-r7
·
3Comments
ejholmes
·
3Comments
BaconBombz
·
3Comments
bcoles
·
3Comments
Most helpful comment
137 is normally a sign of memory issues. It's possible that this is a framework issue if we're allocating/leaking lots of objects 🤔