targetpayloads inconsistency ?

[ilanisme]

Hey, first of all thats a great tool really appreciate the work. i've encountered a problem where in module 'linux/http/axis_srv_parhand_rce' when i choose one of the payloads that are returned from the function exploit.targetpayloads() i receive an exception stating that 'Invalid payload (cmd/unix/bind_netcat_gaping) for given target (1).' i can see that it checks against self.payloads which is calling targetpayloads(self.target), im pretty new with that library so i dont know what target is for but i assume that instead of using exploit.targetpayloads() i should use exploit.payloads? although the documentation talks about targetpayloads() and not about the property payloads thank you.

[scmanjarrez]

Hi, You're calling the wrong function. There are two function, the first one returns compatible payloads with the current target, the second one returns compatible payloads for a given target, default to 0.

    def payloads(self):
        """
        A list of compatible payloads.
        """
        #        return self.rpc.call(MsfRpcMethod.ModuleCompatiblePayloads, self.modulename)['payloads']
        return self.targetpayloads(self.target)

 def targetpayloads(self, t=0):
        """
        Returns a list of compatible payloads for a given target ID.
        Optional Keyword Arguments:
        - t : the target ID (default: 0, e.g. 'Automatic')
        """
        return self.rpc.call(MsfRpcMethod.ModuleTargetCompatiblePayloads, [self.modulename, t])['payloads']

So you're getting payloads for target 0, but your current target is 1.

>>> mod.targets {0: 'Unix In-Memory', 1: 'Linux Dropper'} >>> mod.target 1

You are getting the error because you're targeting a Unix In-memory exploit using a Linux Dropper payload You have to choose your target from call mod.payloads or mod.targetpayloads(1).

>>> mod.payloads ['generic/custom', 'generic/shell_bind_tcp', 'generic/shell_reverse_tcp', 'linux/armle/adduser', 'linux/armle/exec', 'linux/armle/meterpreter/bind_tcp', 'linux/armle/meterpreter/reverse_tcp', 'linux/armle/meterpreter_reverse_http', 'linux/armle/meterpreter_reverse_https', 'linux/armle/meterpreter_reverse_tcp', 'linux/armle/shell/bind_tcp', 'linux/armle/shell/reverse_tcp', 'linux/armle/shell_bind_tcp', 'linux/armle/shell_reverse_tcp']

>>> mod.targetpayloads(1) ['generic/custom', 'generic/shell_bind_tcp', 'generic/shell_reverse_tcp', 'linux/armle/adduser', 'linux/armle/exec', 'linux/armle/meterpreter/bind_tcp', 'linux/armle/meterpreter/reverse_tcp', 'linux/armle/meterpreter_reverse_http', 'linux/armle/meterpreter_reverse_https', 'linux/armle/meterpreter_reverse_tcp', 'linux/armle/shell/bind_tcp', 'linux/armle/shell/reverse_tcp', 'linux/armle/shell_bind_tcp', 'linux/armle/shell_reverse_tcp']