metasploit-framework
metasploit-framework copied to clipboard
Thread Exception: WebConsoleShell when using msgrpc plugin
Steps to reproduce
How'd you do it?
- Launch the metasploitable2 vm
- Install pymetasploit3 :
pip3 install pymetasploit3
- Launch msfconsole then load the msgrpc plugin :
load msgrpc ServerPort=10007 Pass=password
- Write a python3 file using this lib :
from pymetasploit3.msfrpc import MsfRpcClient
msf_client = MsfRpcClient("password", port=10007)
msf_module_name = 'unix/ftp/vsftpd_234_backdoor'
msf_payload_name = 'cmd/unix/interact'
msf_payload = msf_client.modules.use('payload', msf_payload_name)
msf_module = msf_client.modules.use('exploit', msf_module_name)
msf_module['RHOSTS'] = "172.16.x.x"
cid = msf_client.consoles.console().cid
module_out = msf_client.consoles.console(cid).run_module_with_output(msf_module, payload=msf_payload)
print(module_out)
- Execute the python script
I tried multiple exploit modules such as exploit/windows/smb/ms17_010_eternalblue
or exploit/unix/ftp/vsftpd_234_backdoor
and multiple auxiliary modules such as auxiliary/admin/smb/ms17_010_command
and auxiliary/admin/dcerpc/cve_2020_1472_zerologon
on different vulnerable vms windows metsploitable3
and metasploitable2
from different os (kali linux and parrot).
Expected behavior
The exploit or auxiliary should finish successfully and send me back the msfconsole output.
Current behavior
Sometimes, I don't get the output and I can see there is a crash in msf log file ~/.msf4/logs/framework.log
Traceback:
[05/19/2022 11:02:39] [e(0)] core: Thread Exception: WebConsoleShell critical=false source:
/opt/metasploit-framework/embedded/framework/lib/msf/ui/web/web_console.rb:84:in `initialize'
/opt/metasploit-framework/embedded/framework/lib/msf/ui/web/driver.rb:62:in `new'
/opt/metasploit-framework/embedded/framework/lib/msf/ui/web/driver.rb:62:in `create_console'
/opt/metasploit-framework/embedded/framework/lib/msf/core/rpc/v10/rpc_console.rb:28:in `rpc_create'
/opt/metasploit-framework/embedded/framework/lib/msf/core/rpc/v10/service.rb:143:in `block in process'
/opt/metasploit-framework/embedded/lib/ruby/gems/3.0.0/gems/timeout-0.2.0/lib/timeout.rb:107:in `block in timeout'
/opt/metasploit-framework/embedded/lib/ruby/gems/3.0.0/gems/timeout-0.2.0/lib/timeout.rb:36:in `block in catch'
/opt/metasploit-framework/embedded/lib/ruby/gems/3.0.0/gems/timeout-0.2.0/lib/timeout.rb:36:in `catch'
/opt/metasploit-framework/embedded/lib/ruby/gems/3.0.0/gems/timeout-0.2.0/lib/timeout.rb:36:in `catch'
/opt/metasploit-framework/embedded/lib/ruby/gems/3.0.0/gems/timeout-0.2.0/lib/timeout.rb:123:in `timeout'
/opt/metasploit-framework/embedded/framework/lib/msf/core/rpc/v10/service.rb:143:in `process'
/opt/metasploit-framework/embedded/framework/lib/msf/core/rpc/v10/service.rb:81:in `on_request_uri'
/opt/metasploit-framework/embedded/framework/lib/msf/core/rpc/v10/service.rb:62:in `block in start'
/opt/metasploit-framework/embedded/framework/lib/rex/proto/http/handler/proc.rb:38:in `on_request'
/opt/metasploit-framework/embedded/framework/lib/rex/proto/http/server.rb:369:in `dispatch_request'
/opt/metasploit-framework/embedded/framework/lib/rex/proto/http/server.rb:303:in `on_client_data'
/opt/metasploit-framework/embedded/framework/lib/rex/proto/http/server.rb:162:in `block in start'
/opt/metasploit-framework/embedded/lib/ruby/gems/3.0.0/gems/rex-core-0.1.28/lib/rex/io/stream_server.rb:42:in `on_client_data'
/opt/metasploit-framework/embedded/lib/ruby/gems/3.0.0/gems/rex-core-0.1.28/lib/rex/io/stream_server.rb:185:in `block in monitor_clients'
/opt/metasploit-framework/embedded/lib/ruby/gems/3.0.0/gems/rex-core-0.1.28/lib/rex/io/stream_server.rb:184:in `each'
/opt/metasploit-framework/embedded/lib/ruby/gems/3.0.0/gems/rex-core-0.1.28/lib/rex/io/stream_server.rb:184:in `monitor_clients'
/opt/metasploit-framework/embedded/lib/ruby/gems/3.0.0/gems/rex-core-0.1.28/lib/rex/io/stream_server.rb:64:in `block in start'
/opt/metasploit-framework/embedded/framework/lib/rex/thread_factory.rb:22:in `block in spawn'
/opt/metasploit-framework/embedded/framework/lib/msf/core/thread_manager.rb:105:in `block in spawn'
/opt/metasploit-framework/embedded/lib/ruby/gems/3.0.0/gems/logging-2.3.0/lib/logging/diagnostic_context.rb:474:in `block in create_with_logging_context' - IOError closed stream
Metasploit version
msfconsole -V
Framework Version: 6.1.43-dev-
I downloaded an old version of msfconsole (Framework Version: 6.0.45-dev) and everything works fine
This might be the same issue as https://github.com/rapid7/metasploit-framework/issues/16580
Yes, it seems to be the same, sorry for the duplicate.
Thanks for raising the issue - it helps us prioritise fixes and ensure that all edge-cases are accommodated for :+1:
Hi!
This issue has been left open with no activity for a while now.
We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here. If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!
As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.
Hi!
This issue has been left open with no activity for a while now.
We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here. If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!
As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.
Closing as a dup of https://github.com/rapid7/metasploit-framework/issues/16580 - as I should have a fix up for this soon, which I'll track in the previous issue
Hi!
This issue has been left open with no activity for a while now.
We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here. If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!
As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.
Closing issue due to dupe n no updates plus fix already implemented.