search

rapid7 / metasploit-framework

Metasploit Framework
https://www.metasploit.com/
Other
34.13k stars 13.97k forks source link

msfrpcd fails with "-j" option, missing certs #12356

Closed ghost closed 3 years ago

ghost commented 5 years ago

Steps to reproduce

  1. After succesfully running msfdb init and verifying msfdb status is running
  2. msfrpcd -U msf -P msf123 -j thinks db isn't running
  3. Runs correctly without the -j option

msfrpcd is checking for cert files which were not created by the msfdb init. Is the error in msfdb not creating them when it should? msfrpc json isn't restricted to the non-free msf is it? Perhaps the error message or the check for the db should be different here as well?

Line 204-209 of msfrpcd

    if json_rpc

      if !File.file?(ws_ssl_key_default) || !File.file?(ws_ssl_cert_default)
        $stdout.puts "[-] It doesn't appear msfdb has been run; please run 'msfdb init' first."
        abort
      end

Expected behavior

msf rpc service using json rather than message pack should be started.

Current behavior

prints error message [-] It doesn't appear msfdb has been run; please run 'msfdb init' first.

Nothing relevant in framework.log file

System stuff

Metasploit version

5.0.49-dev

I installed Metasploit with:

OS

Kali Linux Rolling

ghost commented 5 years ago

So I moved past the erorr by just creating those files with:

openssl req -newkey rsa:2048 -nodes -keyout msf-ws-key.pem -x509 -days 365 -out msf-ws-cert.pem

But the above questions still remain. Should msfdb be doing that already? And should I expect msfrpcd to work correctly now that I've made this cert and key?

Let me know if this should be in a different issue but it doesn't seem to have started. It prints out:

[*] JSON-RPC starting on 0.0.0.0:55553 (SSL)...
[*] URI: /api/v1/json-rpc
[*] JSON-RPC server log: /root/.msf4/logs/msf-json-rpc.log
[*] JSON-RPC server PID file: /root/.msf4/msf-json-rpc.pid

But there is nothing on port 55553 and the log file has the following erorr:

Writing PID to /root/.msf4/msf-json-rpc.pid
Exiting!
/usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/backports-3.15.0/lib/backports/std_lib.rb:9:in `require': cannot load such file -- swagger/blocks (LoadError)
    from /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/backports-3.15.0/lib/backports/std_lib.rb:9:in `require_with_backports'
    from /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/activesupport-4.2.11.1/lib/active_support/dependencies.rb:274:in `block in require'
    from /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/activesupport-4.2.11.1/lib/active_support/dependencies.rb:240:in `load_dependency'
    from /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/activesupport-4.2.11.1/lib/active_support/dependencies.rb:274:in `require'
    from /usr/share/metasploit-framework/lib/msf/core/web_services/json_rpc_app.rb:3:in `<top (required)>'
    from /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/backports-3.15.0/lib/backports/std_lib.rb:9:in `require'
    from /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/backports-3.15.0/lib/backports/std_lib.rb:9:in `require_with_backports'
    from /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/activesupport-4.2.11.1/lib/active_support/dependencies.rb:274:in `block in require'
    from /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/activesupport-4.2.11.1/lib/active_support/dependencies.rb:240:in `load_dependency'
    from /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/activesupport-4.2.11.1/lib/active_support/dependencies.rb:274:in `require'
    from /usr/share/metasploit-framework/msf-json-rpc.ru:19:in `block in <main>'
    from /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/rack-1.6.11/lib/rack/builder.rb:55:in `instance_eval'
    from /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/rack-1.6.11/lib/rack/builder.rb:55:in `initialize'
    from /usr/share/metasploit-framework/msf-json-rpc.ru:1:in `new'
    from /usr/share/metasploit-framework/msf-json-rpc.ru:1:in `<main>'
    from /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/thin-1.7.2/lib/rack/adapter/loader.rb:33:in `eval'
    from /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/thin-1.7.2/lib/rack/adapter/loader.rb:33:in `load'
    from /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/thin-1.7.2/lib/thin/controllers/controller.rb:182:in `load_rackup_config'
    from /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/thin-1.7.2/lib/thin/controllers/controller.rb:72:in `start'
    from /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/thin-1.7.2/lib/thin/runner.rb:203:in `run_command'
    from /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/thin-1.7.2/lib/thin/runner.rb:159:in `run!'
    from /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/thin-1.7.2/bin/thin:6:in `<top (required)>'
    from /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/bin/thin:23:in `load'
    from /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/bin/thin:23:in `<main>'

I tried gem install swagger-blocks but with the same result.

Explorer1092 commented 5 years ago

+1

Explorer1092 commented 5 years ago

@ebleiweiss-r7

bYasmine96 commented 4 years ago

any response?

github-actions[bot] commented 4 years ago

Hi!

This issue has been left open with no activity for a while now.

We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here. If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.

J0o1h commented 4 years ago

@makinbakonpancakes
You need to execute sudo bundle install --with development test install the extension

github-actions[bot] commented 3 years ago

Hi!

This issue has been left open with no activity for a while now.

We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here. If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.

github-actions[bot] commented 3 years ago

Hi again!

It’s been 60 days since anything happened on this issue, so we are going to close it. Please keep in mind that I’m only a robot, so if I’ve closed this issue in error please feel free to reopen this issue or create a new one if you need anything else.

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.