Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add compatibility for msgpack 1.0 #28

Closed
veganjay opened this issue Jan 16, 2020 · 4 comments
Closed

Add compatibility for msgpack 1.0 #28

veganjay opened this issue Jan 16, 2020 · 4 comments

Comments

@veganjay
Copy link

When using msgpack 1.0.0rc1, I receive the following error message:

File "/home/usr/.virtualenvs/msgpack/lib/python3.7/site-packages/pymetasploit3-1.0-py3.7.egg/pymetasploit3/utils.py", line 44, in decode
  File "msgpack/_unpacker.pyx", line 195, in msgpack._cmsgpack.unpackb
ValueError: int is not allowed for map key

Apparently there are some breaking changes with msgpack 1.0.

I came across this issue because my project uses setup tools and includes "pymetasploit3" in the requirements.txt - and more to the point, setuptools allows for release candidates while pip does not.

Here is an example of a message that failed to decode with msgpack1.0.0rc1:

$ cat poc.py 
#!/usr/bin/env python3.7

import msgpack

msg = b"\x81\x01\xde\x00\x11\xc4\x04type\xc4\x0bmeterpreter\xc4\x0ctunnel_local\xc4\x13192.168.30.200:4444\xc4\x0btunnel_peer\xc4\x12192.168.30.99:3007\xc4\x0bvia_exploit\xc4#exploit/windows/smb/ms17_010_psexec\xc4\x0bvia_payload\xc4'payload/windows/meterpreter/reverse_tcp\xc4\x04desc\xc4\x0bMeterpreter\xc4\x04info\xc4\x19NT AUTHORITY\\SYSTEM @ HMI\xc4\tworkspace\xc4\x07default\xc4\x0csession_host\xad192.168.30.99\xc4\x0csession_port\xcd\x01\xbd\xc4\x0btarget_host\xad192.168.30.99\xc4\x08username\xc4\x04root\xc4\x04uuid\xc4\x08qoudbsk9\xc4\x0cexploit_uuid\xc4\x08bxohlxve\xc4\x06routes\xa0\xc4\x04arch\xc4\x03x86\xc4\x08platform\xa7windows"

print(msgpack.unpackb(msg))
$ ./poc.py 
Traceback (most recent call last):
  File "./poc.py", line 7, in <module>
    print(msgpack.unpackb(msg))
  File "msgpack/_unpacker.pyx", line 195, in msgpack._cmsgpack.unpackb
ValueError: int is not allowed for map key

WORKAROUND

In my project's requirements.txt I added:

msgpack==0.6.2
pymetasploit3

But eventually pymetasploit3 will need to be updated to work with msgpack 1.0.
@veganjay
Copy link
Author

A potential fix to pymetasploit3/utils.py:

def decode(data):
    return msgpack.unpackb(data, strict_map_key=False)

veganjay added a commit to veganjay/pymetasploit3 that referenced this issue Jan 16, 2020
@veganjay
Issue DanMcInerney#28: Add compatibility for msgpack 1.0
9e39b2b
@derpadoo
Copy link

For another data point, installing msgpack==0.6.2 into my virtual environment fixed this as well.

@scmanjarrez
Copy link
Contributor

@veganjay Could you post a PR with the fix? I'm currently using the workaround, but want it to be implemented in pymetasploit3 package. Thanks.

@veganjay
Copy link
Author

@scmanjarrez Done. I issued the pull request.

DanMcInerney added a commit that referenced this issue Mar 17, 2020
@DanMcInerney
Merge pull request #31 from veganjay/master
93ed53d 
Issue #28: Add compatibility for msgpack 1.0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@veganjay @DanMcInerney @scmanjarrez @derpadoo