rapid7
rpc not starting listener
Steps to reproduce
How'd you do it?
curl:
#server
bundle exec thin --rackup msf-json-rpc.ru --address 0.0.0.0 --port 8082 --environment production --tag msf-json-rpc start
#client
curl --request POST --url http://localhost:8082/api/v1/json-rpc --header 'Content-Type: application/json' --data @- <<EOS
{
"jsonrpc": "2.0",
"method": "module.execute",
"id": 2,
"params":["exploit",
"exploit/multi/handler",
{
"PAYLOAD": "windows/x64/meterpreter_reverse_https",
}]
}
EOS
{"jsonrpc":"2.0","result":{"job_id":null,"uuid":"zghk87ml"},"id":2}% curl --request POST \
--url http://localhost:8082/api/v1/json-rpc \
--header 'Content-Type: application/json' \
--data '{
"jsonrpc": "2.0",
"method": "module.running_stats",
"id": 1,
"params": []
}'
{"jsonrpc":"2.0","result":{"waiting":[],"running":[],"results":[]},"id":1}
rpc (like https://github.com/rapid7/metasploit-framework/issues/16580#issuecomment-1194757435)
>> rpc.call("module.execute", "exploit", "exploit/multi/handler", {"PAYLOAD": "windows/x64/meterpreter_reverse_https"})
=> {"job_id"=>nil, "uuid"=>"t8k1z5p5"}
>> rpc.call("module.running_stats")
=> {"waiting"=>[], "running"=>[], "results"=>[]}
This section should also tell us any relevant information about the environment; for example, if an exploit that used to work is failing, tell us the victim operating system and service versions.
Expected behavior
Listener running and rpc repsonse stating exactly this
Current behavior
Listener is not running
Metasploit version
Get this with the version command in msfconsole (or git log -1 --pretty=oneline for a source install).
157763b2afa7ac990bc5a4e9a1bd1cfc25cdd58c (HEAD -> master, origin/master, origin/HEAD) automatic module_metadata_base.json update
In docker
I could track down the issue to this part: https://github.com/ParrotSec/metasploit-framework/blob/f1de2aa5056ce76317b406fa2e6cf14e46ee0a6c/lib/msf/core/rpc/v10/rpc_module.rb#L752C1-L757C7
s = Msf::Simple::Exploit.exploit_simple(mod, {
'Payload' => opts['PAYLOAD'],
'Target' => opts['TARGET'],
'RunAsJob' => true,
'Options' => opts
})
exploit_simple returns false when mandatory parameters (LHOST in my case) are missing. Some kind of error handling/user notification would be very very nice.
Hi!
This issue has been left open with no activity for a while now.
We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here. If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!
As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Hi!
This issue has been left open with no activity for a while now.
We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here. If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!
As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.
Hi!
This issue has been left open with no activity for a while now.
We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here. If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!
As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.
Hi!
This issue has been left open with no activity for a while now.
We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here. If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!
As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.
Hi!
This issue has been left open with no activity for a while now.
We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here. If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!
As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.
Hi!
This issue has been left open with no activity for a while now.
We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here. If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!
As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.
Hi!
This issue has been left open with no activity for a while now.
We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here. If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!
As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.
Hi!
This issue has been left open with no activity for a while now.
We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here. If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!
As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.