Anon-Exploiter commented 4 years ago

Steps to reproduce

Search the exploit search eternalblue
Try and include the exploit using use exploit/windows/smb/ms17_010_eternalblue_win8
Try and do tab completion, the exploit doesn't show up there either

The exploit shows up in search but while including it doesn't work. Sounds dumb but I think the exploit is either broken or wasn't included in the version I'm using.

Expected behavior

The exploit should show up in tab completion and should be loaded.

Current behavior

The exploit doesn't load and shows the following error:

[-] Failed to load module: exploit/windows/smb/ms17_010_eternalblue_win8

Here's tail of ~/.msf4/logs/framework.log (probably the exploit is broken)

[07/08/2020 13:25:40] [e(0)] core: Unable to load module /usr/share/metasploit-framework/modules/exploits/windows/smb/ms17_010_eternalblue_win8.py, unknown module type
[07/08/2020 13:28:26] [e(0)] core: /usr/share/metasploit-framework/modules/exploits/windows/smb/ms17_010_eternalblue_win8.rb failed to load - Errno::ENOENT No such file or directory @ rb_sysopen - /usr/share/metasploit-framework/modules/exploits/windows/smb/ms17_010_eternalblue_win8.rb
[07/08/2020 13:28:26] [e(0)] core: Unexpected output running /usr/share/metasploit-framework/modules/exploits/windows/smb/ms17_010_eternalblue_win8.py:
Traceback (most recent call last):
  File "/usr/share/metasploit-framework/modules/exploits/windows/smb/ms17_010_eternalblue_win8.py", line 178, in <module>
    ntfea9000 = (pack('<BBH', 0, 0, 0) + '\x00')*0x260  # with these fea, ntfea size is 0x1c80
TypeError: can't concat str to bytes

[07/08/2020 13:28:26] [e(0)] core: Unable to load module /usr/share/metasploit-framework/modules/exploits/windows/smb/ms17_010_eternalblue_win8.py, unknown module type

System stuff

Metasploit version

msf5 > version
Framework: 5.0.96-dev
Console  : 5.0.96-dev

I installed Metasploit with:

[x] Kali package via apt
[ ] Omnibus installer (nightly)
[ ] Commercial/Community installer (from http://www.rapid7.com/products/metasploit/download.jsp)
[ ] Source install (please specify ruby version)

OS

What OS are you running Metasploit on?

cat /etc/*release
PRETTY_NAME="Kali GNU/Linux Rolling"
NAME="Kali GNU/Linux"
ID=kali
VERSION="2020.2"
VERSION_ID="2020.2"
VERSION_CODENAME="kali-rolling"
ID_LIKE=debian
ANSI_COLOR="1;31"
HOME_URL="https://www.kali.org/"
SUPPORT_URL="https://forums.kali.org/"
BUG_REPORT_URL="https://bugs.kali.org/"

Anon-Exploiter commented 4 years ago

Ruby's version (if it helps)

$ ruby --version
ruby 2.7.1p83 (2020-03-31 revision a0c7c23c9c) [x86_64-linux-gnu]

timwr commented 4 years ago

I can't reproduce this:

msf5 > search eternalblue

Matching Modules
================

   #  Name                                           Disclosure Date  Rank     Check  Description
   -  ----                                           ---------------  ----     -----  -----------
   0  auxiliary/admin/smb/ms17_010_command           2017-03-14       normal   No     MS17-010 EternalRomance/EternalSynergy/EternalChampion SMB Remote Windows Command Execution
   1  auxiliary/scanner/smb/smb_ms17_010                              normal   No     MS17-010 SMB RCE Detection
   2  exploit/windows/smb/ms17_010_eternalblue       2017-03-14       average  Yes    MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption
   3  exploit/windows/smb/ms17_010_eternalblue_win8  2017-03-14       average  No     MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption for Win8+
   4  exploit/windows/smb/ms17_010_psexec            2017-03-14       normal   Yes    MS17-010 EternalRomance/EternalSynergy/EternalChampion SMB Remote Windows Code Execution
   5  exploit/windows/smb/smb_doublepulsar_rce       2017-04-14       great    Yes    SMB DOUBLEPULSAR Remote Code Execution

Interact with a module by name or index, for example use 5 or use exploit/windows/smb/smb_doublepulsar_rce

msf5 > use exploit/windows/smb/ms17_010_eternalblue_win8
[*] No payload configured, defaulting to windows/x64/meterpreter/reverse_tcp
msf5 exploit(windows/smb/ms17_010_eternalblue_win8) >

My guess is we have different versions of python. Perhaps you can try something like this: https://github.com/rapid7/metasploit-framework/compare/master...timwr:fix_13825

bcoles commented 4 years ago

Dupe of #13344 ~which is a dupe of #13478~

Anon-Exploiter commented 4 years ago

Sorry for creating a dupe.

~~So the solution if anyone comes across this issue is to replace python3 with python2 in the shebang in the python exploit.~~

~~The following one-liner will do:~~

~~sed -i 's/python3/python2/g' /usr/share/metasploit-framework/modules/exploits/windows/smb/ms17_010_eternalblue_win8.py~~

~~POC:~~

Relooking at it again, changing python3 to python2 does fix it but while running the exploit impacket isn't loaded with python2 which is required for the exploit to run.

The initial error was:

I can't find a solution to this, for fixing it for python3, we've to replace each instance of '\x00' with b'\x00'. Is that the intended solution? Please correct me if I'm wrong.

Replacing those instances does fix it but it isn't a good fix, there might be other errors too if ran against a legit target.

bcoles commented 4 years ago

I can't find a solution to this, for fixing it for python3, we've to replace each instance of '\x00' with b'\x00'. Is that the intended solution? Please correct me if I'm wrong.

Replacing those instances does fix it but it isn't a good fix, there might be other errors too if ran against a legit target.

There is currently no official solution. Note that replacing '\x00' with b'\x00' is unlikely to be sufficient. Refer to #13478.

Anon-Exploiter commented 4 years ago

Thanks @bcoles, I'll see if I can fix the exploit in my free time with proper implementation and against a target as written by @acammack-r7 in the issue.

Again, thanks for the support guys, closing this.

alexmello3 commented 3 years ago

Hello everyone! I made a simple change that works.

In the first line, replace this:

!/usr/bin/env python3

for this:

!/usr/bin/env python

And the metasploit can load it now!

poealone commented 3 years ago

Hello everyone! I made a simple change that works.

In the first line, replace this:

!/usr/bin/env python3

for this:

!/usr/bin/env python

And the metasploit can load it now

what did you edit?

bichou commented 3 years ago

Hello everyone! I made a simple change that works. In the first line, replace this:

!/usr/bin/env python3

for this:

!/usr/bin/env python

And the metasploit can load it now

what did you edit?

nano metasploit-framework/modules/exploits/windows/smb/ms17_010_eternalblue_win8.py

F-Masood commented 3 years ago

Hello everyone! I made a simple change that works. In the first line, replace this:

!/usr/bin/env python3

for this:

!/usr/bin/env python

And the metasploit can load it now

what did you edit?

nano metasploit-framework/modules/exploits/windows/smb/ms17_010_eternalblue_win8.py

nano modules/exploits/windows/smb/ms17_010_eternalblue_win8.py Does solve the problem ! but now it says IMPACKET is missing, however it is installed, any clue ? ps: Iam on msf6 > version Framework: 6.0.15-dev Console : 6.0.15-de

narekkay commented 3 years ago

In a fresh tab type "pip install impacket", Then I got the error "Target not vulnerable for this exploit", I switched from the eternalblue_win8 to the one without win8 👍

hazarky commented 3 years ago

@alexmello3 thank you, your comment worked!

rapid7 / metasploit-framework

[Bug] Eternalblue win8 exploit doesn't load #13825

Steps to reproduce

Expected behavior

Current behavior

System stuff

Metasploit version

I installed Metasploit with:

OS

Ruby's version (if it helps)

!/usr/bin/env python3

!/usr/bin/env python

!/usr/bin/env python3

!/usr/bin/env python

!/usr/bin/env python3

!/usr/bin/env python

!/usr/bin/env python3

!/usr/bin/env python