FunnyWolf
commented
1 year ago 这个新版本逻辑已经修改了,当前用的什么版本?
Closed ydecl closed 1 year ago
FunnyWolf
commented
1 year ago 这个新版本逻辑已经修改了,当前用的什么版本?
ydecl
commented
1 year ago v1.6.3 20230812
我在 四设备 上都有试过 , 分别是 2H4G 云服务器*2 和 8H8G kali 和Ubuntu 都试过
FunnyWolf
commented
1 year ago v1.6.3 20230812
我在 四设备 上都有试过 , 分别是 2H4G 云服务器*2 和 8H8G kali 和Ubuntu 都试过
如果是http/https的监听,直接关闭木马进程或者直接关闭目标主机,这种情况是正常的,因为viper没有收到木马的结束请求. 如果是tcp监听,那不正常,因为关闭木马进程会断开tcp连接,viper会直接关闭session
FunnyWolf
commented
1 year ago v1.6.3 20230812
我在 四设备 上都有试过 , 分别是 2H4G 云服务器*2 和 8H8G kali 和Ubuntu 都试过
web界面上有的session,在msf>sessions就会显示,是一致的(如果不一致那就是其他bug了)
FunnyWolf
commented
1 year ago 23-08-18 02:04:27][msfmodule][putin_msf_module_job_queue][60][uWSGIWorker1Core3] : 模块实例放入列表:UI提示框获取用户输入的密码 job_id: 2 uuid: 7c416580-1f99-013c-927b-000c29627aa3
[WARNING][2023-08-18 02:04:31][msfmodule][store_result_from_sub][114][ThreadPoolExecutor-3_0] : 模块回调:UI提示框获取用户输入的密码 job_id: None uuid: 7c416580-1f99-013c-927b-000c29627aa3
[WARNING][2023-08-18 02:08:50][filesession][list][90][uWSGIWorker1Core0] : Expecting value: line 1 column 2 (char 1)
[WARNING][2023-08-18 02:46:12][rpcclient][call][47][uWSGIWorker1Core3] : msf连接失败,检查 http://127.0.0.1:60005/api/v1/json-rpc 不可用
[WARNING][2023-08-18 02:46:12][rpcclient][call][48][uWSGIWorker1Core3] : json_data: {"jsonrpc": "2.0", "id": 1, "method": "module.execute", "params": ["post", "multi/manage/file_system_operation_api", {"OPERATION": "pwd", "SESSION": 8}, false, 15]}
[ERROR][2023-08-18 02:46:12][rpcclient][call][49][uWSGIWorker1Core3] : HTTPConnectionPool(host='127.0.0.1', port=60005): Read timed out. (read timeout=15)
Traceback (most recent call last):
File "/usr/local/lib/python3.9/site-packages/urllib3/connectionpool.py", line 445, in _make_request
six.raise_from(e, None)
File "
During handling of the above exception, another exception occurred:
Traceback (most recent call last): File "/usr/local/lib/python3.9/site-packages/requests/adapters.py", line 439, in send resp = conn.urlopen( File "/usr/local/lib/python3.9/site-packages/urllib3/connectionpool.py", line 755, in urlopen retries = retries.increment( File "/usr/local/lib/python3.9/site-packages/urllib3/util/retry.py", line 532, in increment raise six.reraise(type(error), error, _stacktrace) File "/usr/local/lib/python3.9/site-packages/urllib3/packages/six.py", line 770, in reraise raise value File "/usr/local/lib/python3.9/site-packages/urllib3/connectionpool.py", line 699, in urlopen httplib_response = self._make_request( File "/usr/local/lib/python3.9/site-packages/urllib3/connectionpool.py", line 447, in _make_request self._raise_timeout(err=e, url=url, timeout_value=read_timeout) File "/usr/local/lib/python3.9/site-packages/urllib3/connectionpool.py", line 336, in _raise_timeout raise ReadTimeoutError( urllib3.exceptions.ReadTimeoutError: HTTPConnectionPool(host='127.0.0.1', port=60005): Read timed out. (read timeout=15)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/root/viper/./Lib/rpcclient.py", line 42, in call
r = req_session.post(JSON_RPC_URL, headers=_headers, data=json_data, timeout=(1.05, timeout))
File "/usr/local/lib/python3.9/site-packages/requests/sessions.py", line 590, in post
return self.request('POST', url, data=data, json=json, kwargs)
File "/usr/local/lib/python3.9/site-packages/requests/sessions.py", line 542, in request
resp = self.send(prep, send_kwargs)
File "/usr/local/lib/python3.9/site-packages/requests/sessions.py", line 655, in send
r = adapter.send(request, **kwargs)
File "/usr/local/lib/python3.9/site-packages/requests/adapters.py", line 529, in send
raise ReadTimeout(e, request=request)
requests.exceptions.ReadTimeout: HTTPConnectionPool(host='127.0.0.1', port=60005): Read timed out. (read timeout=15)
[WARNING][2023-08-18 03:05:44][rpcclient][call][61][uWSGIWorker1Core0] : 错误码:-32000 信息:Application server error: Unknown Session ID
[WARNING][2023-08-18 03:05:57][rpcclient][call][47][uWSGIWorker1Core2] : msf连接失败,检查 http://127.0.0.1:60005/api/v1/json-rpc 不可用
[WARNING][2023-08-18 03:05:57][rpcclient][call][48][uWSGIWorker1Core2] : json_data: {"jsonrpc": "2.0", "id": 1, "method": "session.stop", "params": [8]}
[ERROR][2023-08-18 03:05:57][rpcclient][call][49][uWSGIWorker1Core2] : HTTPConnectionPool(host='127.0.0.1', port=60005): Read timed out. (read timeout=15)
Traceback (most recent call last):
File "/usr/local/lib/python3.9/site-packages/urllib3/connectionpool.py", line 445, in _make_request
six.raise_from(e, None)
File "
During handling of the above exception, another exception occurred:
Traceback (most recent call last): File "/usr/local/lib/python3.9/site-packages/requests/adapters.py", line 439, in send resp = conn.urlopen( File "/usr/local/lib/python3.9/site-packages/urllib3/connectionpool.py", line 755, in urlopen retries = retries.increment( File "/usr/local/lib/python3.9/site-packages/urllib3/util/retry.py", line 532, in increment raise six.reraise(type(error), error, _stacktrace) File "/usr/local/lib/python3.9/site-packages/urllib3/packages/six.py", line 770, in reraise raise value File "/usr/local/lib/python3.9/site-packages/urllib3/connectionpool.py", line 699, in urlopen httplib_response = self._make_request( File "/usr/local/lib/python3.9/site-packages/urllib3/connectionpool.py", line 447, in _make_request self._raise_timeout(err=e, url=url, timeout_value=read_timeout) File "/usr/local/lib/python3.9/site-packages/urllib3/connectionpool.py", line 336, in _raise_timeout raise ReadTimeoutError( urllib3.exceptions.ReadTimeoutError: HTTPConnectionPool(host='127.0.0.1', port=60005): Read timed out. (read timeout=15)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/root/viper/./Lib/rpcclient.py", line 42, in call
r = req_session.post(JSON_RPC_URL, headers=_headers, data=json_data, timeout=(1.05, timeout))
File "/usr/local/lib/python3.9/site-packages/requests/sessions.py", line 590, in post
return self.request('POST', url, data=data, json=json, kwargs)
File "/usr/local/lib/python3.9/site-packages/requests/sessions.py", line 542, in request
resp = self.send(prep, send_kwargs)
File "/usr/local/lib/python3.9/site-packages/requests/sessions.py", line 655, in send
r = adapter.send(request, **kwargs)
File "/usr/local/lib/python3.9/site-packages/requests/adapters.py", line 529, in send
raise ReadTimeout(e, request=request)
requests.exceptions.ReadTimeout: HTTPConnectionPool(host='127.0.0.1', port=60005): Read timed out. (read timeout=15)
[WARNING][2023-08-18 03:06:27][rpcclient][call][47][uWSGIWorker1Core2] : msf连接失败,检查 http://127.0.0.1:60005/api/v1/json-rpc 不可用
[WARNING][2023-08-18 03:06:27][rpcclient][call][48][uWSGIWorker1Core2] : json_data: {"jsonrpc": "2.0", "id": 1, "method": "session.stop", "params": [3]}
[ERROR][2023-08-18 03:06:27][rpcclient][call][49][uWSGIWorker1Core2] : HTTPConnectionPool(host='127.0.0.1', port=60005): Read timed out. (read timeout=15)
Traceback (most recent call last):
File "/usr/local/lib/python3.9/site-packages/urllib3/connectionpool.py", line 445, in _make_request
six.raise_from(e, None)
File "
During handling of the above exception, another exception occurred:
Traceback (most recent call last): File "/usr/local/lib/python3.9/site-packages/requests/adapters.py", line 439, in send resp = conn.urlopen( File "/usr/local/lib/python3.9/site-packages/urllib3/connectionpool.py", line 755, in urlopen retries = retries.increment( File "/usr/local/lib/python3.9/site-packages/urllib3/util/retry.py", line 532, in increment raise six.reraise(type(error), error, _stacktrace) File "/usr/local/lib/python3.9/site-packages/urllib3/packages/six.py", line 770, in reraise raise value File "/usr/local/lib/python3.9/site-packages/urllib3/connectionpool.py", line 699, in urlopen httplib_response = self._make_request( File "/usr/local/lib/python3.9/site-packages/urllib3/connectionpool.py", line 447, in _make_request self._raise_timeout(err=e, url=url, timeout_value=read_timeout) File "/usr/local/lib/python3.9/site-packages/urllib3/connectionpool.py", line 336, in _raise_timeout raise ReadTimeoutError( urllib3.exceptions.ReadTimeoutError: HTTPConnectionPool(host='127.0.0.1', port=60005): Read timed out. (read timeout=15)
During handling of the above exception, another exception occurred:
Traceback (most recent call last): File "/root/viper/./Lib/rpcclient.py", line 42, in call r = req_session.post(JSON_RPC_URL, headers=_headers, data=json_data, timeout=(1.05, timeout)) File "/usr/local/lib/python3.9/site-packages/requests/sessions.py", line 590, in post return self.request('POST', url, data=data, json=json, kwargs) File "/usr/local/lib/python3.9/site-packages/requests/sessions.py", line 542, in request resp = self.send(prep, send_kwargs) File "/usr/local/lib/python3.9/site-packages/requests/sessions.py", line 655, in send r = adapter.send(request, **kwargs) File "/usr/local/lib/python3.9/site-packages/requests/adapters.py", line 529, in send raise ReadTimeout(e, request=request) requests.exceptions.ReadTimeout: HTTPConnectionPool(host='127.0.0.1', port=60005): Read timed out. (read timeout=15) [WARNING][2023-08-18 03:06:34][rpcclient][call][61][uWSGIWorker1Core1] : 错误码:-32000 信息:Application server error: Unknown Session ID [WARNING][2023-08-18 03:06:34][rpcclient][call][61][uWSGIWorker1Core0] : 错误码:-32000 信息:Application server error: Unknown Session ID [WARNING][2023-08-18 03:06:34][rpcclient][call][61][uWSGIWorker1Core2] : 错误码:-32000 信息:Application server error: Unknown Session ID
FunnyWolf
commented
1 year ago [08/18/2023 06:08:22] [d(0)] core: pub_heartbeat_data num: 1
[08/18/2023 06:08:23] [e(0)] core: Post failed - Timeout::ExitException execution expired
Call stack:
/root/metasploit-framework/lib/rex/post/meterpreter/packet_response_waiter.rb:95:in sleep' /root/metasploit-framework/lib/rex/post/meterpreter/packet_response_waiter.rb:95:inwait'
/root/metasploit-framework/lib/rex/post/meterpreter/packet_response_waiter.rb:95:in block in wait' /root/metasploit-framework/lib/rex/post/meterpreter/packet_response_waiter.rb:93:insynchronize'
/root/metasploit-framework/lib/rex/post/meterpreter/packet_response_waiter.rb:93:in wait' /root/metasploit-framework/lib/rex/post/meterpreter/packet_dispatcher.rb:234:insend_packet_wait_response'
/root/metasploit-framework/lib/rex/post/meterpreter/packet_dispatcher.rb:176:in send_request' /root/metasploit-framework/lib/rex/post/meterpreter/extensions/stdapi/fs/dir.rb:215:inpwd'
/root/metasploit-framework/modules/post/multi/manage/file_system_operation_api.rb:99:in pwd' /root/metasploit-framework/modules/post/multi/manage/file_system_operation_api.rb:73:inrun'
/root/metasploit-framework/lib/msf/base/simple/post.rb:152:in job_run_proc' /root/metasploit-framework/lib/msf/base/simple/post.rb:120:inrun_rpc'
/root/metasploit-framework/lib/msf/core/rpc/v10/rpc_module.rb:858:in _run_post' /root/metasploit-framework/lib/msf/core/rpc/v10/rpc_module.rb:521:inblock in rpc_execute'
/root/.rbenv/versions/3.0.5/lib/ruby/gems/3.0.0/gems/timeout-0.4.0/lib/timeout.rb:186:in block in timeout' /root/.rbenv/versions/3.0.5/lib/ruby/gems/3.0.0/gems/timeout-0.4.0/lib/timeout.rb:41:inhandle_timeout'
/root/.rbenv/versions/3.0.5/lib/ruby/gems/3.0.0/gems/timeout-0.4.0/lib/timeout.rb:195:in timeout' /root/metasploit-framework/lib/msf/core/rpc/v10/rpc_module.rb:520:inrpc_execute'
/root/metasploit-framework/lib/msf/core/rpc/json/v1_0/rpc_command.rb:73:in block in execute_internal' /root/.rbenv/versions/3.0.5/lib/ruby/gems/3.0.0/gems/timeout-0.4.0/lib/timeout.rb:186:inblock in timeout'
/root/.rbenv/versions/3.0.5/lib/ruby/gems/3.0.0/gems/timeout-0.4.0/lib/timeout.rb:41:in handle_timeout' /root/.rbenv/versions/3.0.5/lib/ruby/gems/3.0.0/gems/timeout-0.4.0/lib/timeout.rb:195:intimeout'
/root/metasploit-framework/lib/msf/core/rpc/json/v1_0/rpc_command.rb:68:in execute_internal' /root/metasploit-framework/lib/msf/core/rpc/json/v1_0/rpc_command.rb:38:inexecute'
/root/metasploit-framework/lib/msf/core/rpc/json/dispatcher.rb:97:in process_request' /root/metasploit-framework/lib/msf/core/rpc/json/dispatcher.rb:64:inprocess'
/root/metasploit-framework/lib/msf/core/web_services/servlet/json_rpc_servlet.rb:24:in block in post_rpc' /root/.rbenv/versions/3.0.5/lib/ruby/gems/3.0.0/gems/sinatra-3.1.0/lib/sinatra/base.rb:1763:incall'
/root/.rbenv/versions/3.0.5/lib/ruby/gems/3.0.0/gems/sinatra-3.1.0/lib/sinatra/base.rb:1763:in block in compile!' /root/.rbenv/versions/3.0.5/lib/ruby/gems/3.0.0/gems/sinatra-3.1.0/lib/sinatra/base.rb:1066:inblock (3 levels) in route!'
/root/.rbenv/versions/3.0.5/lib/ruby/gems/3.0.0/gems/sinatra-3.1.0/lib/sinatra/base.rb:1084:in route_eval' /root/.rbenv/versions/3.0.5/lib/ruby/gems/3.0.0/gems/sinatra-3.1.0/lib/sinatra/base.rb:1066:inblock (2 levels) in route!'
/root/.rbenv/versions/3.0.5/lib/ruby/gems/3.0.0/gems/sinatra-3.1.0/lib/sinatra/base.rb:1115:in block in process_route' /root/.rbenv/versions/3.0.5/lib/ruby/gems/3.0.0/gems/sinatra-3.1.0/lib/sinatra/base.rb:1113:incatch'
/root/.rbenv/versions/3.0.5/lib/ruby/gems/3.0.0/gems/sinatra-3.1.0/lib/sinatra/base.rb:1113:in process_route' /root/.rbenv/versions/3.0.5/lib/ruby/gems/3.0.0/gems/sinatra-3.1.0/lib/sinatra/base.rb:1064:inblock in route!'
/root/.rbenv/versions/3.0.5/lib/ruby/gems/3.0.0/gems/sinatra-3.1.0/lib/sinatra/base.rb:1061:in each' /root/.rbenv/versions/3.0.5/lib/ruby/gems/3.0.0/gems/sinatra-3.1.0/lib/sinatra/base.rb:1061:inroute!'
/root/.rbenv/versions/3.0.5/lib/ruby/gems/3.0.0/gems/sinatra-3.1.0/lib/sinatra/base.rb:1185:in block in dispatch!' /root/.rbenv/versions/3.0.5/lib/ruby/gems/3.0.0/gems/sinatra-3.1.0/lib/sinatra/base.rb:1156:incatch'
/root/.rbenv/versions/3.0.5/lib/ruby/gems/3.0.0/gems/sinatra-3.1.0/lib/sinatra/base.rb:1156:in invoke' /root/.rbenv/versions/3.0.5/lib/ruby/gems/3.0.0/gems/sinatra-3.1.0/lib/sinatra/base.rb:1180:indispatch!'
/root/.rbenv/versions/3.0.5/lib/ruby/gems/3.0.0/gems/sinatra-3.1.0/lib/sinatra/base.rb:996:in block in call!' /root/.rbenv/versions/3.0.5/lib/ruby/gems/3.0.0/gems/sinatra-3.1.0/lib/sinatra/base.rb:1156:incatch'
/root/.rbenv/versions/3.0.5/lib/ruby/gems/3.0.0/gems/sinatra-3.1.0/lib/sinatra/base.rb:1156:in invoke' /root/.rbenv/versions/3.0.5/lib/ruby/gems/3.0.0/gems/sinatra-3.1.0/lib/sinatra/base.rb:996:incall!'
/root/.rbenv/versions/3.0.5/lib/ruby/gems/3.0.0/gems/sinatra-3.1.0/lib/sinatra/base.rb:985:in call' /root/.rbenv/versions/3.0.5/lib/ruby/gems/3.0.0/gems/warden-1.2.9/lib/warden/manager.rb:36:inblock in call'
/root/.rbenv/versions/3.0.5/lib/ruby/gems/3.0.0/gems/warden-1.2.9/lib/warden/manager.rb:34:in catch' /root/.rbenv/versions/3.0.5/lib/ruby/gems/3.0.0/gems/warden-1.2.9/lib/warden/manager.rb:34:incall'
/root/.rbenv/versions/3.0.5/lib/ruby/gems/3.0.0/gems/rack-protection-3.1.0/lib/rack/protection/xss_header.rb:20:in call' /root/.rbenv/versions/3.0.5/lib/ruby/gems/3.0.0/gems/rack-protection-3.1.0/lib/rack/protection/base.rb:53:incall'
/root/.rbenv/versions/3.0.5/lib/ruby/gems/3.0.0/gems/rack-protection-3.1.0/lib/rack/protection/base.rb:53:in call' /root/.rbenv/versions/3.0.5/lib/ruby/gems/3.0.0/gems/rack-protection-3.1.0/lib/rack/protection/path_traversal.rb:18:incall'
/root/.rbenv/versions/3.0.5/lib/ruby/gems/3.0.0/gems/rack-protection-3.1.0/lib/rack/protection/json_csrf.rb:28:in call' /root/.rbenv/versions/3.0.5/lib/ruby/gems/3.0.0/gems/rack-protection-3.1.0/lib/rack/protection/base.rb:53:incall'
/root/.rbenv/versions/3.0.5/lib/ruby/gems/3.0.0/gems/rack-protection-3.1.0/lib/rack/protection/base.rb:53:in call' /root/.rbenv/versions/3.0.5/lib/ruby/gems/3.0.0/gems/rack-protection-3.1.0/lib/rack/protection/frame_options.rb:33:incall'
/root/.rbenv/versions/3.0.5/lib/ruby/gems/3.0.0/gems/rack-2.2.7/lib/rack/session/abstract/id.rb:266:in context' /root/.rbenv/versions/3.0.5/lib/ruby/gems/3.0.0/gems/rack-2.2.7/lib/rack/session/abstract/id.rb:260:incall'
/root/.rbenv/versions/3.0.5/lib/ruby/gems/3.0.0/gems/rack-2.2.7/lib/rack/null_logger.rb:11:in call' /root/.rbenv/versions/3.0.5/lib/ruby/gems/3.0.0/gems/rack-2.2.7/lib/rack/head.rb:12:incall'
/root/metasploit-framework/lib/msf/core/web_services/json_rpc_exception_handling.rb:10:in call' /root/.rbenv/versions/3.0.5/lib/ruby/gems/3.0.0/gems/sinatra-3.1.0/lib/sinatra/base.rb:219:incall'
/root/.rbenv/versions/3.0.5/lib/ruby/gems/3.0.0/gems/sinatra-3.1.0/lib/sinatra/base.rb:2074:in call' /root/.rbenv/versions/3.0.5/lib/ruby/gems/3.0.0/gems/sinatra-3.1.0/lib/sinatra/base.rb:1633:inblock in call'
/root/.rbenv/versions/3.0.5/lib/ruby/gems/3.0.0/gems/sinatra-3.1.0/lib/sinatra/base.rb:1849:in synchronize' /root/.rbenv/versions/3.0.5/lib/ruby/gems/3.0.0/gems/sinatra-3.1.0/lib/sinatra/base.rb:1633:incall'
/root/.rbenv/versions/3.0.5/lib/ruby/gems/3.0.0/gems/thin-1.8.2/lib/thin/connection.rb:86:in block in pre_process' /root/.rbenv/versions/3.0.5/lib/ruby/gems/3.0.0/gems/thin-1.8.2/lib/thin/connection.rb:84:incatch'
/root/.rbenv/versions/3.0.5/lib/ruby/gems/3.0.0/gems/thin-1.8.2/lib/thin/connection.rb:84:in pre_process' /root/.rbenv/versions/3.0.5/lib/ruby/gems/3.0.0/gems/thin-1.8.2/lib/thin/connection.rb:53:inprocess'
/root/.rbenv/versions/3.0.5/lib/ruby/gems/3.0.0/gems/thin-1.8.2/lib/thin/connection.rb:39:in receive_data' /root/.rbenv/versions/3.0.5/lib/ruby/gems/3.0.0/gems/eventmachine-1.2.7/lib/eventmachine.rb:195:inrun_machine'
/root/.rbenv/versions/3.0.5/lib/ruby/gems/3.0.0/gems/eventmachine-1.2.7/lib/eventmachine.rb:195:in run' /root/.rbenv/versions/3.0.5/lib/ruby/gems/3.0.0/gems/thin-1.8.2/lib/thin/backends/base.rb:75:instart'
/root/.rbenv/versions/3.0.5/lib/ruby/gems/3.0.0/gems/thin-1.8.2/lib/thin/server.rb:162:in start' /root/.rbenv/versions/3.0.5/lib/ruby/gems/3.0.0/gems/thin-1.8.2/lib/thin/controllers/controller.rb:87:instart'
/root/.rbenv/versions/3.0.5/lib/ruby/gems/3.0.0/gems/thin-1.8.2/lib/thin/runner.rb:203:in run_command' /root/.rbenv/versions/3.0.5/lib/ruby/gems/3.0.0/gems/thin-1.8.2/lib/thin/runner.rb:159:inrun!'
/root/.rbenv/versions/3.0.5/lib/ruby/gems/3.0.0/gems/thin-1.8.2/bin/thin:6:in <top (required)>' /root/.rbenv/versions/3.0.5/bin/thin:25:inload'
/root/.rbenv/versions/3.0.5/bin/thin:25:in `
FunnyWolf
commented
1 year ago 无法复现msfconsole不存在session但是webui上存在session这种情况,暂时关闭改issus
我不知道 这是 正常的 还是不正常的😣 创建 一个监听载荷 (tcp http https都试过). 当目标成功运行 已成功上线 ,但是 目标关闭 进程 或 直接关机 viper 还是会有显示。 在命令 msf6 > sessions
截图
@Funnywolf