Lubricy / armitage

Automatically exported from code.google.com/p/armitage
0 stars 0 forks source link

Cortana - invalid handle when running smart_hashdump #120

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?

$session_id = "5"; #Insert your own session id here
cmd($console, "use windows/gather/smart_hashdump");
cmd_set($console, %(session=>$session_id));
cmd($console, "run");

Print the output from the on console event. 

What is the expected output? What do you see instead?

Better than 50% of the time, I'm getting an invalid handle error from 
smart_hashdump. Specifically: 

"[-] Meterpreter Exception: Rex::Post::Meterpreter::RequestError 
stdapi_registry_enum_key: Operation failed: The handle is invalid."

This does not happen when executing the smart_hashdump command from a console 
inside of Armitage.

What version of Metasploit are you using (type: svn info)? On which
operating system?

Revision 16057, Backtrack 5r3 (inside VirtualBox)

Which database are you using?
msf3dev

Please provide any additional information below.

This may be related to Metasploit bug #6815. However, smart_hashdump almost 
always works inside armitage itself, and rarely works from cortana. 

Original issue reported on code.google.com by ChopperC...@gmail.com on 19 Nov 2012 at 11:13

GoogleCodeExporter commented 9 years ago
This bug report is incomplete. When filing a bug report that involves invoking 
a Metasploit module, it's very important to give me the exact operating system 
you're running the module against. sysinfo output from meterpreter helps. In 
these cases, I can quickly try to reproduce the same issue in my own setup.

That said:

From my own experience, I highly doubt that this is a Cortana issue. Cortana 
and the module launcher in Armitage both interact with the framework in the 
exact same way. cmd, cmd_set, etc. are just wrappers on top of the ConsoleQueue 
class in Armitage. If I'm wrong about this, you're welcome to give me better 
evidence (with a lot of details) and I'll pursue it. 

smart_hashdump does fail 50% of the time or more... on some operating systems. 
On Windows XP/2003 systems, smart_hashdump barely ever works for me. It will 
work occasionally. There's a race condition. I don't know the cause. 

On Windows 7/Vista systems--depending on your privilege level AND the process 
that you're resident in, smart_hashdump should work consistently. 

I recommend smart_hashdump against Vista/7 systems or domain controllers. Use 
the hashdump command in meterpreter otherwise.

-- Raphael

Original comment by rsmu...@gmail.com on 20 Nov 2012 at 8:28