Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

metasploit error after kali update #14673

Closed
surfer663 opened this issue Jan 28, 2021 · 15 comments · Fixed by #14693
Closed

metasploit error after kali update #14673

surfer663 opened this issue Jan 28, 2021 · 15 comments · Fixed by #14693
Labels
bug

Comments

@surfer663
Copy link

Steps to reproduce

How'd you do it?

  1. ...msfconsole>
  2. search shodan>use auxiliary/gather/shodan_search>set shodan_apikey 000000000000(example)
  3. ...set query webcam>run

This section should also tell us any relevant information about the
environment; for example, if an exploit that used to work is failing,
tell us the victim operating system and service versions.

Were you following a specific guide/tutorial or reading documentation?

no

If yes link the guide/tutorial or documentation you were following here, otherwise you may omit this section.

Expected behavior should have listed all ip addresses with countries

What should happen?got errors

Current behavior errors

What happens instead? errors : [-] Auxiliary failed: JSON::ParserError 809: unexpected token at '

<title>400 Bad Request</title>

400 Bad Request

cloudflare ' [-] Call stack: [-] /usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/json-2.5.1/lib/json/common.rb:216:in `parse' [-] /usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/json-2.5.1/lib/json/common.rb:216:in `parse' [-] /usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/activesupport-5.2.4.4/lib/active_support/json/decoding.rb:23:in `decode' [-] /usr/share/metasploit-framework/modules/auxiliary/gather/shodan_search.rb:72:in `shodan_query' [-] /usr/share/metasploit-framework/modules/auxiliary/gather/shodan_search.rb:118:in `run' [*] Auxiliary module execution completed

Metasploit version metasploit v6.0.28-dev

Get this with the version command in msfconsole (or git log -1 --pretty=oneline for a source install).

Additional Information

If your version is less than 5.0.96, please update to the latest version and ensure your issue is still present.

If the issue is encountered within msfconsole, please run the debug command using the instructions below. If the issue is encountered outisde msfconsole, or the issue causes msfconsole to crash on startup, please delete this section.

  1. Start msfconsole
  2. Run the command set loglevel 3
  3. Take the steps necessary recreate your issue
  4. Run the debug command
  5. Copy all the output below the ===8<=== CUT AND PASTE 6.EVERYTHING BELOW THIS LINE ===8<=== line and make sure to REMOVE ANY SENSITIVE INFORMATION.

Module/Datastore

The following global/module datastore, and database setup was configured before the issue occurred:

Collapse 
[framework/core]
loglevel=3

History

The following commands were ran during the session and before this issue occurred:

Collapse 
1183   set loglevel 3
1184   debug

Framework Errors

The following framework errors occurred before the issue occurred:

Collapse 
[01/28/2021 12:50:27] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[01/28/2021 12:55:27] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[01/28/2021 12:55:27] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[01/28/2021 12:55:27] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[01/28/2021 12:55:27] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[01/28/2021 12:59:18] [e(0)] core: Auxiliary failed - JSON::ParserError 809: unexpected token at '<html>
<head><title>400 Bad Request</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<hr><center>cloudflare</center>
</body>
</html>
'
[01/28/2021 13:07:02] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[01/28/2021 13:07:02] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[01/28/2021 13:07:02] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[01/28/2021 13:07:02] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported

Web Service Errors

The following web service errors occurred before the issue occurred:

Collapse 
msf-ws.log does not exist.

Framework Logs

The following framework logs were recorded before the issue occurred:

Collapse 
[01/28/2021 12:35:44] [e(0)] core: Failed to connect to the database: No database YAML file
[01/28/2021 12:35:53] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[01/28/2021 12:35:53] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[01/28/2021 12:35:53] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[01/28/2021 12:35:53] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[01/28/2021 12:36:49] [e(0)] core: Auxiliary failed - JSON::ParserError 809: unexpected token at '<html>
<head><title>400 Bad Request</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<hr><center>cloudflare</center>
</body>
</html>
'
[01/28/2021 12:44:31] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[01/28/2021 12:44:31] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[01/28/2021 12:44:31] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[01/28/2021 12:44:31] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[01/28/2021 12:44:35] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[01/28/2021 12:44:35] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[01/28/2021 12:44:35] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[01/28/2021 12:44:35] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[01/28/2021 12:44:39] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[01/28/2021 12:44:39] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[01/28/2021 12:44:39] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[01/28/2021 12:44:39] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[01/28/2021 12:47:53] [e(0)] core: Failed to connect to the database: No database YAML file
[01/28/2021 12:47:57] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[01/28/2021 12:47:57] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[01/28/2021 12:47:57] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[01/28/2021 12:47:57] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[01/28/2021 12:50:27] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[01/28/2021 12:50:27] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[01/28/2021 12:50:27] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[01/28/2021 12:50:27] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[01/28/2021 12:55:27] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[01/28/2021 12:55:27] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[01/28/2021 12:55:27] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[01/28/2021 12:55:27] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[01/28/2021 12:59:18] [e(0)] core: Auxiliary failed - JSON::ParserError 809: unexpected token at '<html>
<head><title>400 Bad Request</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<hr><center>cloudflare</center>
</body>
</html>
'
[01/28/2021 13:07:02] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[01/28/2021 13:07:02] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[01/28/2021 13:07:02] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[01/28/2021 13:07:02] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported

Web Service Logs

The following web service logs were recorded before the issue occurred:

Collapse 
msf-ws.log does not exist.

Version/Install

The versions and install method of your Metasploit setup:

Collapse 
Framework: 6.0.28-dev
Ruby: ruby 2.7.2p137 (2020-10-01 revision 5445e04352) [x86_64-linux-gnu]
Install Root: /usr/share/metasploit-framework
Session Type: Connected to msf. Connection type: postgresql.
Install Method: Other - Please specify
  1. Replace these instructions and the paragraph above with the output from step 5.
@surfer663 surfer663 added the bug label Jan 28, 2021
@adfoster-r7
Copy link
Contributor

@surfer663 Looks like there's a problem with the request; What search terms were you using?

@surfer663
Copy link
Author

was searching for webcam i only had this problem soon after i updated kali

@adfoster-r7
Copy link
Contributor

Looks like this is cloud flare stopping the request from completing

msf6 auxiliary(gather/shodan_search) > run

####################
# Request:
####################
GET /shodan/host/search?query=foo&key=XXXXXXXXXXXXXXXXXXXX&page=1 HTTP/1.1
Host: 
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)


####################
# Response:
####################
HTTP/1.1 400 Bad Request
Server: cloudflare
Date: Fri, 29 Jan 2021 13:33:38 GMT
Content-Type: text/html
Content-Length: 155
Connection: close
CF-RAY: -

<html>
<head><title>400 Bad Request</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<hr><center>cloudflare</center>
</body>
</html>

Visiting the URL directly in the browser triggers the cloudflare checks to run

@surfer663
Copy link
Author

surfer663 commented Jan 29, 2021
edited by adfoster-r7
Loading

msf6 auxiliary(gather/shodan_search) > set HTTPTrace true
HTTPTrace => true
msf6 auxiliary(gather/shodan_search) > run

####################

Request:

####################
GET /shodan/host/search?query=webcam&key=XXXXXXXXXXXXXXXXXXX&page=1 HTTP/1.1
Host:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)

####################

Response:

####################
HTTP/1.1 400 Bad Request
Server: cloudflare
Date: Fri, 29 Jan 2021 15:17:28 GMT
Content-Type: text/html
Content-Length: 155
Connection: close
CF-RAY: -

<title>400 Bad Request</title>

400 Bad Request

cloudflare

[-] Auxiliary failed: JSON::ParserError 809: unexpected token at '

<title>400 Bad Request</title>

400 Bad Request

cloudflare ' [-] Call stack: [-] /usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/json-2.5.1/lib/json/common.rb:216:in `parse' [-] /usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/json-2.5.1/lib/json/common.rb:216:in `parse' [-] /usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/activesupport-5.2.4.4/lib/active_support/json/decoding.rb:23:in `decode' [-] /usr/share/metasploit-framework/modules/auxiliary/gather/shodan_search.rb:72:in `shodan_query' [-] /usr/share/metasploit-framework/modules/auxiliary/gather/shodan_search.rb:118:in `run' [*] Auxiliary module execution completed msf6 auxiliary(gather/shodan_search) >

@surfer663
Copy link
Author

was there something in 1 of the kali updates that caused this

@adfoster-r7
Copy link
Contributor

adfoster-r7 commented Jan 29, 2021
edited
Loading

@surfer663 This looks shodan has introduced cloudfront to their API - which is causing issues now

Note, I removed your API Key from those logs - please rotate it, as it's still accessible

@surfer663
Copy link
Author

i reset my apikey thanks.... is there nothing that can be done or is shodan going to sort this issue

@adfoster-r7
Copy link
Contributor

@surfer663 Confirming with Shodan might make sense, I think it's out of our control - there's no mention of it in their API documentation from what I can tell

@surfer663
Copy link
Author

which info would you recommend i send to shodan
many thanks

@achillean
Copy link

I believe the problem is that the browser user agent is triggering a check by Cloudflare. If you use the default user-agent for the library then it should work fine.

@adfoster-r7
Copy link
Contributor

@achillean Thanks for the pointer; Looks like the vhost was being dropped after a recent pull request #14609

We'll have to revert / put up a fix for that, sorry for the inconvenience @surfer663 👍

@adfoster-r7 adfoster-r7 mentioned this issue Jan 29, 2021
Merged
9 tasks
@surfer663
Copy link
Author

@achillean Thanks for the pointer; Looks like the vhost was being dropped after a recent pull request #14609

We'll have to revert / put up a fix for that, sorry for the inconvenience @surfer663 +1

hi achillean - is there a problem within metasploit

This was referenced Feb 1, 2021
Closed
Merged
@surfer663
Copy link
Author

sorry guys im a real newbie im tring to understand this but getting confused is it possible to explain to me how i can apply this fix in newbie language
many thanks

@adfoster-r7
Copy link
Contributor

@surfer663 These were the required code changes:
https://github.com/rapid7/metasploit-framework/pull/14693/files

The issue will be fixed and available in Metasploit 6.0.29

@dwelch-r7 dwelch-r7 mentioned this issue Feb 4, 2021
Merged
15 tasks
@surfer663
Copy link
Author

@surfer663 These were the required code changes:
https://github.com/rapid7/metasploit-framework/pull/14693/files

The issue will be fixed and available in Metasploit 6.0.29

thank you kindly

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
3 participants
@achillean @surfer663 @adfoster-r7