Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NoMethodError undefined method `get_cookies' for nil:NilClass #11832

Closed
LauanGuermandi opened this issue May 10, 2019 · 3 comments · Fixed by #11833
Closed

NoMethodError undefined method `get_cookies' for nil:NilClass #11832

LauanGuermandi opened this issue May 10, 2019 · 3 comments · Fixed by #11833
Assignees
@h00die
Labels
bug

Comments

@LauanGuermandi
Copy link

LauanGuermandi commented May 10, 2019
edited by h00die

Steps to reproduce

How'd you do it?

NoMethodError undefined method `get_cookies' for nil:NilClass

msf5 exploit(multi/http/moodle_cmd_exec) > 
msf5 exploit(multi/http/moodle_cmd_exec) > exploit

[*] Started reverse TCP double handler on 192.168.13.15:8000 
[-] Exploit failed: NoMethodError undefined method `get_cookies' for nil:NilClass
[*] Exploit completed, but no session was created.
msf5 exploit(multi/http/moodle_cmd_exec) > Interrupt: use the 'exit' command to quit
msf5 exploit(multi/http/moodle_cmd_exec) > Interrupt: use the 'exit' command to quit
msf5 exploit(multi/http/moodle_cmd_exec) > version
Framework: 5.0.21-dev-
Console  : 5.0.21-dev-
msf5 exploit(multi/http/moodle_cmd_exec) > Interrupt: use the 'exit' command to quit
msf5 exploit(multi/http/moodle_cmd_exec) >

Metasploit version

Get this with the version command in msfconsole (or git log -1 --pretty=oneline for a source install).

I installed Metasploit with:

Framework: 5.0.21-dev-
Console : 5.0.21-dev-

Source install (please specify ruby version)

OS

Linux Mint 19.1
@h00die
Copy link
Contributor

h00die commented May 10, 2019

looks like the classic error: https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/moodle_cmd_exec.rb#L70 using a return from send_request_cgi w/o checking it isn't nil first.

@LauanGuermandi the module has a bug which will get fixed. However, if youre working on an exam and don't want to wait, the error is because it tries to do a GET to [URI if you set that]/index.php and failed. Double check the IP/port combo, as its most likely a typo.

@h00die
Copy link
Contributor

h00die commented May 10, 2019

I'm able to reproduce:

msf5 > use exploit/multi/http/moodle_cmd_exec 
msf5 exploit(multi/http/moodle_cmd_exec) > set rhost 192.168.0.199
rhost => 192.168.0.199
msf5 exploit(multi/http/moodle_cmd_exec) > run

[*] Started reverse TCP double handler on 192.168.1.5:4444 
[-] Exploit failed: NoMethodError undefined method `get_cookies' for nil:NilClass
[*] Exploit completed, but no session was created.

Notice I set an unavailable network from my own, hence the fail. Patch incoming shortly.

@h00die h00die mentioned this issue May 10, 2019
Merged
@h00die h00die added the bug label May 10, 2019
@h00die h00die self-assigned this May 10, 2019
@LauanGuermandi
Copy link
Author

thanks!!! :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@h00die h00die

Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

moodle_cmd_exec nil check h00die/metasploit-framework
2 participants
@h00die @LauanGuermandi