metasploit-framework icon indicating copy to clipboard operation
metasploit-framework copied to clipboard

Published 20 hours ago verified publisher icon rapid7

psnuffle Auxiliary failed: ArgumentError malformed UTF-8 character

Open ttskym opened this issue 7 years ago • 14 comments

I got a error when running psnuffle sniffer in the metasploit framework.

msf auxiliary(sniffer/psnuffle) > run
[*] Auxiliary module running as background job 0.
msf auxiliary(sniffer/psnuffle) >
[*] Loaded protocol FTP from /usr/share/metasploit-framework/data/exploits/psnuffle/ftp.rb...
[*] Loaded protocol IMAP from /usr/share/metasploit-framework/data/exploits/psnuffle/imap.rb...
[*] Loaded protocol POP3 from /usr/share/metasploit-framework/data/exploits/psnuffle/pop3.rb...
[*] Loaded protocol SMB from /usr/share/metasploit-framework/data/exploits/psnuffle/smb.rb...
[*] Loaded protocol URL from /usr/share/metasploit-framework/data/exploits/psnuffle/url.rb...
[*] Sniffing traffic.....
[-] Auxiliary failed: ArgumentError malformed UTF-8 character
[-] Call stack:
[-]   /usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/packetfu-1.1.13/lib/packetfu/protos/lldp/header.rb:83:in `unpack'
[-]   /usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/packetfu-1.1.13/lib/packetfu/protos/lldp/header.rb:83:in `read'
[-]   /usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/packetfu-1.1.13/lib/packetfu/protos/eth/header.rb:184:in `read'
[-]   /usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/packetfu-1.1.13/lib/packetfu/protos/lldp.rb:27:in `read'
[-]   /usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/packetfu-1.1.13/lib/packetfu/packet.rb:49:in `parse'
[-]   /usr/share/metasploit-framework/modules/auxiliary/sniffer/psnuffle.rb:93:in `block in run'
[-]   /usr/share/metasploit-framework/lib/msf/core/exploit/capture.rb:171:in `block in each_packet'
[-]   /usr/share/metasploit-framework/lib/msf/core/exploit/capture.rb:170:in `each'
[-]   /usr/share/metasploit-framework/lib/msf/core/exploit/capture.rb:170:in `each_packet'
[-]   /usr/share/metasploit-framework/modules/auxiliary/sniffer/psnuffle.rb:92:in `run'
msf auxiliary(sniffer/psnuffle) > uname -a

System: Linux kali 4.14.0-kali1-amd64 #1 SMP Debian 4.14.2-1kali1 (2017-12-04) x86_64 GNU/Linux

Metasploit: Package: metasploit-framework Version: 4.16.31-0kali1

ttskym avatar Jan 13 '18 16:01 ttskym

Wow, psnuffle!

wvu avatar Jan 13 '18 18:01 wvu

Probably need the packet the caused this for a rational debug.

sempervictus avatar Jan 25 '18 05:01 sempervictus

I also encountered this mistake

ShiZiLaiXi avatar Nov 05 '19 08:11 ShiZiLaiXi

me too!!!

Jheack avatar Nov 16 '19 07:11 Jheack

@Jheack do you have a packet capture? Which protocol? lldp ?

bcoles avatar Nov 16 '19 07:11 bcoles

@busterb all right , it has been a long time since i issued the problem...

ttskym avatar Nov 29 '19 17:11 ttskym

5.3.0-kali3-amd64 #1 SMP Debian 5.3.15-1kali1 (2019-12-09) x86_64 GNU/Linux 不知的什么导致的,最新版的也不能用

msf5 auxiliary(sniffer/psnuffle) > run [] Auxiliary module running as background job 1. msf5 auxiliary(sniffer/psnuffle) > [] Loaded protocol FTP from /usr/share/metasploit-framework/data/exploits/ [] Loaded protocol IMAP from /usr/share/metasploit-framework/data/exploits [] Loaded protocol POP3 from /usr/share/metasploit-framework/data/exploits [] Loaded protocol SMB from /usr/share/metasploit-framework/data/exploits/ [] Loaded protocol URL from /usr/share/metasploit-framework/data/exploits/ [] Sniffing traffic..... [] HTTP GET: 10.20.24.105:29471-140.205.164.1:80 http://gm.mmstat.com//wwx [-] Auxiliary failed: ArgumentError malformed UTF-8 character [-] Call stack: [-] /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/packetf [-] /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/packetf [-] /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/packetf [-] /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/packetf [-] /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/packetf [-] /usr/share/metasploit-framework/modules/auxiliary/sniffer/psnuffle.rb [-] /usr/share/metasploit-framework/lib/msf/core/exploit/capture.rb:171:i [-] /usr/share/metasploit-framework/lib/msf/core/exploit/capture.rb:170:i [-] /usr/share/metasploit-framework/lib/msf/core/exploit/capture.rb:170:i [-] /usr/share/metasploit-framework/modules/auxiliary/sniffer/psnuffle.rb

msf5 auxiliary(sniffer/psnuffle) >

eric-nie avatar Dec 16 '19 06:12 eric-nie

Hi!

This issue has been left open with no activity for a while now.

We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here. If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.

github-actions[bot] avatar Dec 08 '20 15:12 github-actions[bot]

version: metasploit v6.3.27-dev I encountered this mistake

Emily201505 avatar Jan 12 '24 09:01 Emily201505

@Emily201505 Are you able to consistently replicate this issue? We can't fix reliably fix this without knowing the protocol that caused the issue etc

adfoster-r7 avatar Jan 12 '24 10:01 adfoster-r7

@Emily201505 - any chance you could acquire the actual LLDP packet causing this into a pcap/base64/something we can use to reproduce? Quick glance at where thats happening kinda makes me wonder "how"

sempervictus avatar Jan 12 '24 15:01 sempervictus

@sempervictus log

Emily201505 avatar Jan 15 '24 07:01 Emily201505

Thanks for the screenshot, i was hoping for a pcap of the packet. However, that does at least show us where we need to add an exception handler - in this case, packetfu itself.

sempervictus avatar Feb 01 '24 05:02 sempervictus

I have the same problem. How can I solve it ,in the metasploit framework ,use Auxiliary (sniffer/psnuffle) failed. 1 2

yshalive avatar Apr 26 '24 03:04 yshalive