metasploit-framework icon indicating copy to clipboard operation
metasploit-framework copied to clipboard

Published 20 hours ago verified publisher icon rapid7

Thread Exception: WebConsoleShell when using msgrpc plugin

Open fmaury opened this issue 2 years ago • 6 comments

Steps to reproduce

How'd you do it?

  1. Launch the metasploitable2 vm
  2. Install pymetasploit3 : pip3 install pymetasploit3
  3. Launch msfconsole then load the msgrpc plugin : load msgrpc ServerPort=10007 Pass=password
  4. Write a python3 file using this lib :
from pymetasploit3.msfrpc import MsfRpcClient
msf_client = MsfRpcClient("password", port=10007)
msf_module_name = 'unix/ftp/vsftpd_234_backdoor'
msf_payload_name = 'cmd/unix/interact'
msf_payload = msf_client.modules.use('payload', msf_payload_name)
msf_module = msf_client.modules.use('exploit', msf_module_name)
msf_module['RHOSTS'] = "172.16.x.x"
cid = msf_client.consoles.console().cid
module_out = msf_client.consoles.console(cid).run_module_with_output(msf_module, payload=msf_payload)
print(module_out)
  1. Execute the python script

I tried multiple exploit modules such as exploit/windows/smb/ms17_010_eternalblue or exploit/unix/ftp/vsftpd_234_backdoor and multiple auxiliary modules such as auxiliary/admin/smb/ms17_010_command and auxiliary/admin/dcerpc/cve_2020_1472_zerologon on different vulnerable vms windows metsploitable3 and metasploitable2 from different os (kali linux and parrot).

Expected behavior

The exploit or auxiliary should finish successfully and send me back the msfconsole output.

Current behavior

Sometimes, I don't get the output and I can see there is a crash in msf log file ~/.msf4/logs/framework.log

Traceback:

[05/19/2022 11:02:39] [e(0)] core: Thread Exception: WebConsoleShell  critical=false    source:
    /opt/metasploit-framework/embedded/framework/lib/msf/ui/web/web_console.rb:84:in `initialize'
    /opt/metasploit-framework/embedded/framework/lib/msf/ui/web/driver.rb:62:in `new'
    /opt/metasploit-framework/embedded/framework/lib/msf/ui/web/driver.rb:62:in `create_console'
    /opt/metasploit-framework/embedded/framework/lib/msf/core/rpc/v10/rpc_console.rb:28:in `rpc_create'
    /opt/metasploit-framework/embedded/framework/lib/msf/core/rpc/v10/service.rb:143:in `block in process'
    /opt/metasploit-framework/embedded/lib/ruby/gems/3.0.0/gems/timeout-0.2.0/lib/timeout.rb:107:in `block in timeout'
    /opt/metasploit-framework/embedded/lib/ruby/gems/3.0.0/gems/timeout-0.2.0/lib/timeout.rb:36:in `block in catch'
    /opt/metasploit-framework/embedded/lib/ruby/gems/3.0.0/gems/timeout-0.2.0/lib/timeout.rb:36:in `catch'
    /opt/metasploit-framework/embedded/lib/ruby/gems/3.0.0/gems/timeout-0.2.0/lib/timeout.rb:36:in `catch'
    /opt/metasploit-framework/embedded/lib/ruby/gems/3.0.0/gems/timeout-0.2.0/lib/timeout.rb:123:in `timeout'
    /opt/metasploit-framework/embedded/framework/lib/msf/core/rpc/v10/service.rb:143:in `process'
    /opt/metasploit-framework/embedded/framework/lib/msf/core/rpc/v10/service.rb:81:in `on_request_uri'
    /opt/metasploit-framework/embedded/framework/lib/msf/core/rpc/v10/service.rb:62:in `block in start'
    /opt/metasploit-framework/embedded/framework/lib/rex/proto/http/handler/proc.rb:38:in `on_request'
    /opt/metasploit-framework/embedded/framework/lib/rex/proto/http/server.rb:369:in `dispatch_request'
    /opt/metasploit-framework/embedded/framework/lib/rex/proto/http/server.rb:303:in `on_client_data'
    /opt/metasploit-framework/embedded/framework/lib/rex/proto/http/server.rb:162:in `block in start'
    /opt/metasploit-framework/embedded/lib/ruby/gems/3.0.0/gems/rex-core-0.1.28/lib/rex/io/stream_server.rb:42:in `on_client_data'
    /opt/metasploit-framework/embedded/lib/ruby/gems/3.0.0/gems/rex-core-0.1.28/lib/rex/io/stream_server.rb:185:in `block in monitor_clients'
    /opt/metasploit-framework/embedded/lib/ruby/gems/3.0.0/gems/rex-core-0.1.28/lib/rex/io/stream_server.rb:184:in `each'
    /opt/metasploit-framework/embedded/lib/ruby/gems/3.0.0/gems/rex-core-0.1.28/lib/rex/io/stream_server.rb:184:in `monitor_clients'
    /opt/metasploit-framework/embedded/lib/ruby/gems/3.0.0/gems/rex-core-0.1.28/lib/rex/io/stream_server.rb:64:in `block in start'
    /opt/metasploit-framework/embedded/framework/lib/rex/thread_factory.rb:22:in `block in spawn'
    /opt/metasploit-framework/embedded/framework/lib/msf/core/thread_manager.rb:105:in `block in spawn'
    /opt/metasploit-framework/embedded/lib/ruby/gems/3.0.0/gems/logging-2.3.0/lib/logging/diagnostic_context.rb:474:in `block in create_with_logging_context' - IOError closed stream

Metasploit version

msfconsole -V
Framework Version: 6.1.43-dev-

I downloaded an old version of msfconsole (Framework Version: 6.0.45-dev) and everything works fine

fmaury avatar May 19 '22 09:05 fmaury

This might be the same issue as https://github.com/rapid7/metasploit-framework/issues/16580

adfoster-r7 avatar May 23 '22 12:05 adfoster-r7

Yes, it seems to be the same, sorry for the duplicate.

fmaury avatar May 23 '22 13:05 fmaury

Thanks for raising the issue - it helps us prioritise fixes and ensure that all edge-cases are accommodated for :+1:

adfoster-r7 avatar May 23 '22 14:05 adfoster-r7

Hi!

This issue has been left open with no activity for a while now.

We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here. If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.

github-actions[bot] avatar Jun 23 '22 15:06 github-actions[bot]

Hi!

This issue has been left open with no activity for a while now.

We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here. If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.

github-actions[bot] avatar Jul 25 '22 15:07 github-actions[bot]

Closing as a dup of https://github.com/rapid7/metasploit-framework/issues/16580 - as I should have a fix up for this soon, which I'll track in the previous issue

adfoster-r7 avatar Jul 27 '22 12:07 adfoster-r7

Hi!

This issue has been left open with no activity for a while now.

We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here. If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.

github-actions[bot] avatar Aug 26 '22 15:08 github-actions[bot]

Closing issue due to dupe n no updates plus fix already implemented.

gwillcox-r7 avatar Sep 03 '22 02:09 gwillcox-r7