Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable Metasploit Payloads file warning messages by default #18610

Merged
merged 1 commit into from Dec 27, 2023
Merged

Enable Metasploit Payloads file warning messages by default #18610

merged 1 commit into from Dec 27, 2023

Conversation

sjanusz-r7
Copy link
Contributor

@sjanusz-r7 sjanusz-r7 commented Dec 8, 2023
edited by jheysel-r7

This PR enables the feature previously added here: #18405 which has been disabled by default.

Verification

These steps have been copied from the PR linked above.

  • Start msfconsole
  • Ensure there are no startup error messages
  • Ensure you can get a session with payload/python/meterpreter/reverse_tcp normally
  • Exit msfconsole
  • In the local Metasploit Payloads gem, rename data/meterpreter/meterpreter.py to meterpreter.py2
  • Start msfconsole
  • Ensure you get a warning on startup that mentions missing meterpreter.py
  • Ensure use payload/python/meterpreter/reverse_tcp works
  • to_handler
  • Try to execute the payload on the target machine
  • Ensure you get an error: Meterpreter path meterpreter/meterpreter.py not found.
  • use payload/python/meterpreter_reverse_tcp (inline)
  • Ensure calling to_handler results in Meterpreter path meterpreter/meterpreter.py not found.
  • Ensure the errors are shown when calling log
  • Exit msfconsole
  • Change the meterpreter.py2 file back to meterpreter.py
  • Modify the meterpreter.py file with an additional empty line
  • Start msfconsole
  • Ensure you get a warning on startup that mentions a hash mismatch for meterpreter.py

@adfoster-r7
Copy link
Contributor

@msjenkins-r7 retest this please

1 similar comment
@sjanusz-r7
Copy link
Contributor Author

@msjenkins-r7 retest this please

@sjanusz-r7 sjanusz-r7 force-pushed the enable-metasploit-payloads-warnings branch from 0089efa to ff6db7f Compare December 14, 2023 12:57
@jheysel-r7 jheysel-r7 self-assigned this Dec 27, 2023
@jheysel-r7
Copy link
Contributor

Nice improvement @sjanusz-r7! Thanks for the detailed verification steps, they were easy to follow and everything worked as expected 🎉

Testing

Getting a python meterpreter session normally:

msf6 payload(python/meterpreter/reverse_tcp) > generate -o shell.py
[*] Writing 436 bytes to shell.py...
msf6 payload(python/meterpreter/reverse_tcp) > to_handler
[*] Payload Handler Started as Job 0

[*] Started reverse TCP handler on 192.168.123.1:5555
msf6 payload(python/meterpreter/reverse_tcp) > [*] Sending stage (24772 bytes) to 192.168.123.228
[*] Meterpreter session 1 opened (192.168.123.1:5555 -> 192.168.123.228:60724) at 2023-12-27 13:28:39 -0500

msf6 payload(python/meterpreter/reverse_tcp) > sessions -i -1
[*] Starting interaction with 1...

meterpreter > getuid
Server username: msfuser

Move meterpreter.py in the metasploit payload's Gem to meterpreter.py2:

➜  meterpreter git:(ff6db7f337) ✗ mv meterpreter.py meterpreter.py2
➜  meterpreter git:(ff6db7f337) ✗ pwd
/Users/jheysel/rapid7/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/metasploit-payloads-2.0.161/data/meterpreter

Verify we get a warning on startup:

       =[ metasploit v6.3.47-dev-ff6db7f337               ]
+ -- --=[ 2379 exploits - 1234 auxiliary - 417 post       ]
+ -- --=[ 1391 payloads - 46 encoders - 11 nops           ]
+ -- --=[ 9 evasion                                       ]

Metasploit Documentation: https://docs.metasploit.com/

Warning: This copy of the Metasploit Framework has been corrupted by an
installed anti-virus program. We recommend that you disable your anti-virus or
exclude your Metasploit installation path, then restore the removed files from
quarantine or reinstall the framework.

Metasploit Payloads manifest errors:
	/Users/jheysel/rapid7/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/metasploit-payloads-2.0.161/data/meterpreter/meterpreter.py : Meterpreter path /Users/jheysel/rapid7/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/metasploit-payloads-2.0.161/data/meterpreter/meterpreter.py not found. Ensure antivirus is not enabled, or reinstall Metasploit.
[*] Starting persistent handler(s)...
msf6 >

Ensure payload/python/meterpreter/reverse_tcp along with to_handler but trying to get a session throws an error:

msf6 > use payload/python/meterpreter/reverse_tcp
msf6 payload(python/meterpreter/reverse_tcp) > set lhost 192.168.123.1
lhost => 192.168.123.1
msf6 payload(python/meterpreter/reverse_tcp) > set lport 5555
lport => 5555
msf6 payload(python/meterpreter/reverse_tcp) > to_handler
[*] Payload Handler Started as Job 0

[*] Started reverse TCP handler on 192.168.123.1:5555
msf6 payload(python/meterpreter/reverse_tcp) > [!] Failed to stage (192.168.123.228): Meterpreter path /Users/jheysel/rapid7/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/metasploit-payloads-2.0.161/data/meterpreter/meterpreter.py not found. Ensure antivirus is not enabled, or reinstall Metasploit.

Verify to_handler does not work with inline payload payload/python/meterpreter_reverse_tcp:

msf6 payload(python/meterpreter_reverse_tcp) > use payload/python/meterpreter_reverse_tcp
msf6 payload(python/meterpreter_reverse_tcp) > set lhost 192.168.123.1
lhost => 192.168.123.1
msf6 payload(python/meterpreter_reverse_tcp) > to_handler

[-] Exploit failed: Meterpreter path /Users/jheysel/rapid7/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/metasploit-payloads-2.0.161/data/meterpreter/meterpreter.py not found. Ensure antivirus is not enabled, or reinstall Metasploit.

Errors are shown in the log:

[12/27/2023 13:38:51] [e(0)] core: Failed to connect to the database: connection to server at "127.0.0.1", port 5433 failed: Connection refused
        Is the server running on that host and accepting TCP/IP connections?

[12/27/2023 13:42:23] [e(0)] core: Exception raised from handle_connection - TypeError true is not a symbol nor a string
[12/27/2023 13:50:32] [e(0)] core: Exploit failed (multi/handler) - MetasploitPayloads::NotFoundError Meterpreter path /Users/jheysel/rapid7/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/m
etasploit-payloads-2.0.161/data/meterpreter/meterpreter.py not found. Ensure antivirus is not enabled, or reinstall Metasploit.

Move meterpreter.py2 back to meterpreter.py, add an extra new line at the end.

➜  meterpreter git:(ff6db7f337) ✗ mv meterpreter.py2 meterpreter.py
➜  meterpreter git:(ff6db7f337) ✗ vim meterpreter.py
➜  meterpreter git:(ff6db7f337) ✗

Verify we get hash mismatch error on start up:

Warning: This copy of the Metasploit Framework has been corrupted by an
installed anti-virus program. We recommend that you disable your anti-virus or
exclude your Metasploit installation path, then restore the removed files from
quarantine or reinstall the framework.

Metasploit Payloads manifest errors:
	/Users/jheysel/rapid7/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/metasploit-payloads-2.0.161/data/meterpreter/meterpreter.py : Meterpreter path /Users/jheysel/rapid7/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/metasploit-payloads-2.0.161/data/meterpreter/meterpreter.py does not match the hash defined in the Metasploit Payloads manifest file.
[*] Starting persistent handler(s)...
msf6 >

@jheysel-r7 jheysel-r7 added enhancement rn-enhancement release notes enhancement labels Dec 27, 2023
@jheysel-r7 jheysel-r7 merged commit d6488dc into rapid7:master Dec 27, 2023
59 checks passed
@jheysel-r7
Copy link
Contributor

Release Notes

This PR enables the Metasploit Payload Warnings feature by default. When enabled Metasploit will output warnings about missing Metasploit payloads, for instance if they were removed by antivirus etc.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@jheysel-r7 jheysel-r7

Labels
enhancement rn-enhancement release notes enhancement
Projects
Metasploit Kanban
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@sjanusz-r7 @adfoster-r7 @jheysel-r7