search

rapid7 / metasploit-framework

Metasploit Framework
https://www.metasploit.com/
Other
33.79k stars 13.9k forks source link

exploit/linux/samba/is_known_pipename only works with SMB1 #13977

Open EmperorArthur opened 4 years ago

EmperorArthur commented 4 years ago

Steps to reproduce

First have a Samba server with SMB 1 disabled.

Within mfsconsole:

use use exploit/linux/samba/is_known_pipename
set RHOSTS <server_address>
set verbose true
exploit

Expected behavior

The exploit succeeds or fails.

Current behavior

Use Rex client (SMB1 only) to enumerate directories, since it is not compatible with RubySMB client Exploit failed [no-access]: Rex::Proto::SMB::Exceptions::LoginError Login Failed: undefined method `[]' for nil:NilClass

System stuff

Metasploit version

Framework: 6.0.1-dev- Console : 6.0.1-dev-

I installed Metasploit with:

OS

Ubuntu 19.10

Additional Information

The verbose log explains the problem pretty clearly. Line 128 forces use of SMB Version 1, and the server has it disabled. Replacing it with just connect fails because of the stuff = self.simple.client.find_first("\\*") line.

I was able to temporarily bypass the issue by commenting out the findfirst line, and everything which dealt with "stuff". The root folder of the share was writable, so it worked.

It may be worth adding an option to set the folder path within the share, and only falling back to searching if that is unset. Along with a note to that effect in the info section.

Due to my contract, I would require permission to share any code I have written during work hours with the community without explicit approval. Which means I can't actually submit a PR unless I did the work on my own time on my own computer at home.

github-actions[bot] commented 4 years ago

Hi!

This issue has been left open with no activity for a while now.

We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here. If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.

EmperorArthur commented 3 years ago

This issue still exists.

The offending file is this one. The problem is in def enumerate_directories(share).

Other important commands that I had to discover were:

set SMBUser <user>
set SMBPass <password>
set SMB::AlwaysEncrypt false
set SMB::ProtocolVersion 2,3

The first three are extremely important and are not mentioned in the normal info section.

In addition, "auxiliary/scanner/smb/smb_enumshares" actually gets the information that the exploit is missing.

This means there is a fix, I am just not sure how to implement it.

adfoster-r7 commented 3 years ago

@EmperorArthur Thanks for the error report; Would you mind trying this out again with the latest version of Metasploit, and attaching the output of the debug command?

  1. Start msfconsole
  2. Run the command set loglevel 3
  3. Take the steps necessary recreate your issue
  4. Run the debug command
  5. Copy all the output below the ===8<=== CUT AND PASTE EVERYTHING BELOW THIS LINE ===8<=== line and make sure to REMOVE ANY SENSITIVE INFORMATION.
  6. Replace these instructions and the paragraph above with the output from step 5.
cdelafuente-r7 commented 3 years ago

Thanks fo reporting this @EmperorArthur. It looks like this is more an improvement than a real bug. This module is not fully compatible with RubySMB and, by extension, SMB2/3. This will require some refactor to replace #find_first by something RubySMB already supports, like it has been done here. Also, I like the idea to add an option to set a path instead of automatically detecting it.

EmperorArthur commented 3 years ago

@cdelafuente-r7 Microsoft is very actively deprecating SMB1, to the point that many new versions of Windows aren't even including it, and everything except corporate upgrades is actively uninstalling it. Unless the exploit relies on SMB1, then it seems broken, or at least needs to be explicitly mentioned as a dependency.

@adfoster-r7 Here are the results you asked for. After looking at the logs, I performed an additional check and confirmed that the problem is coming from connect(versions: [1]). I have confirmed that the server min protocol is "SMB2_02".

What's interesting to me is the logs seem to indicate it thought it could negatie SMB1, but then failed when it actually tried to use that protocol.

Test Results

setg RHOSTS <ip_address>
use exploit/linux/samba/is_known_pipename
set SMBUser <user_name>
set SMBPass <password>
set SMB_SHARE_NAME <writable_folder>
set loglevel 3
set SMB::AlwaysEncrypt false
run

Results in:

[-] :445 - Exploit failed [no-access]: Rex::Proto::SMB::Exceptions::LoginError Login Failed: undefined method `[]' for nil:NilClass [*] Exploit completed, but no session was created.

Debug output

Module/Datastore

The following global/module datastore, and database setup was configured before the issue occurred:

Collapse ``` [framework/core] RHOSTS= [framework/database] default_db=local-https-data-service [framework/database/local-https-data-service] url=[Filtered] cert=[Filtered] skip_verify=[Filtered] api_token=[Filtered] [framework/ui/console] ActiveModule=exploit/linux/samba/is_known_pipename [linux/samba/is_known_pipename] DCERPC::fake_bind_multi=false SHELL=/bin/sh WORKSPACE= VERBOSE=false WfsDelay=0 EnableContextEncoding=false ContextInformationFile= DisablePayloadHandler=false RHOSTS= RPORT=445 SSL=false SSLVersion=Auto SSLVerifyMode=PEER SSLCipher= Proxies= CPORT= CHOST= ConnectTimeout=10 TCP::max_send_size=0 TCP::send_delay=0 DCERPC::max_frag_size=4096 DCERPC::fake_bind_multi_prepend=0 DCERPC::fake_bind_multi_append=0 DCERPC::smb_pipeio=rw DCERPC::ReadTimeout=10 NTLM::UseNTLMv2=true NTLM::UseNTLM2_session=true NTLM::SendLM=true NTLM::UseLMKey=false NTLM::SendNTLM=true NTLM::SendSPN=true SMB::pipe_evasion=false SMB::pipe_write_min_size=1 SMB::pipe_write_max_size=1024 SMB::pipe_read_min_size=1 SMB::pipe_read_max_size=1024 SMB::pad_data_level=0 SMB::pad_file_level=0 SMB::obscure_trans_pipe_level=0 SMBDirect=true SMBUser= SMBPass= SMBDomain=. SMBName=*SMBSERVER SMB::VerifySignature=false SMB::ChunkSize=500 SMB::Native_OS=Windows 2000 2195 SMB::Native_LM=Windows 2000 5.0 SMB::ProtocolVersion=1,2,3 SMB::AlwaysEncrypt=false SMB_SHARE_NAME= SMB_FOLDER= PAYLOAD=cmd/unix/interact loglevel=3 ```

History

The following commands were ran during the session and before this issue occurred:

Collapse ``` 465 setg RHOSTS 466 use exploit/linux/samba/is_known_pipename 467 set SMBUser 468 set SMBPass 469 set SMB_SHARE_NAME 470 set loglevel 3 471 set SMB::AlwaysEncrypt false 472 run 473 debug ```

Framework Errors

The following framework errors occurred before the issue occurred:

Collapse ``` [10/07/2020 16:16:48] [e(0)] core: Exploit failed (linux/samba/is_known_pipename): Rex::Proto::SMB::Exceptions::LoginError Login Failed: undefined method `[]' for nil:NilClass - Rex::Proto::SMB::Exceptions::LoginError Login Failed: undefined method `[]' for nil:NilClass [10/07/2020 16:17:10] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported [10/07/2020 16:17:10] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported [10/07/2020 16:17:10] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported [10/07/2020 16:17:10] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported [10/07/2020 16:17:10] [e(0)] core: Unable to load module /opt/metasploit-framework/embedded/framework/modules/auxiliary/gather/office365userenum.py, unknown module type [10/07/2020 16:17:10] [e(0)] core: Unable to load module /opt/metasploit-framework/embedded/framework/modules/auxiliary/scanner/msmail/exchange_enum.go - Errno::ENOENT No such file or directory - go [10/07/2020 16:17:10] [e(0)] core: Unable to load module /opt/metasploit-framework/embedded/framework/modules/auxiliary/scanner/msmail/onprem_enum.go - Errno::ENOENT No such file or directory - go [10/07/2020 16:17:10] [e(0)] core: Unable to load module /opt/metasploit-framework/embedded/framework/modules/auxiliary/scanner/msmail/host_id.go - Errno::ENOENT No such file or directory - go [10/07/2020 16:20:44] [e(0)] core: Exploit failed (linux/samba/is_known_pipename): Rex::Proto::SMB::Exceptions::LoginError Login Failed: undefined method `[]' for nil:NilClass - Rex::Proto::SMB::Exceptions::LoginError Login Failed: undefined method `[]' for nil:NilClass ```

Web Service Errors

The following web service errors occurred before the issue occurred:

Collapse ``` No matching patterns were found in msf-ws.log. ```

Framework Logs

The following framework logs were recorded before the issue occurred:

Collapse ``` [10/07/2020 16:14:20] [e(0)] core: Unable to load module /opt/metasploit-framework/embedded/framework/modules/auxiliary/gather/office365userenum.py, unknown module type [10/07/2020 16:14:20] [e(0)] core: Unable to load module /opt/metasploit-framework/embedded/framework/modules/auxiliary/scanner/msmail/exchange_enum.go - Errno::ENOENT No such file or directory - go [10/07/2020 16:14:20] [e(0)] core: Unable to load module /opt/metasploit-framework/embedded/framework/modules/auxiliary/scanner/msmail/onprem_enum.go - Errno::ENOENT No such file or directory - go [10/07/2020 16:14:20] [e(0)] core: Unable to load module /opt/metasploit-framework/embedded/framework/modules/auxiliary/scanner/msmail/host_id.go - Errno::ENOENT No such file or directory - go [10/07/2020 16:14:24] [d(0)] core: SMB version(s) to negotiate: [1, 2, 3] [10/07/2020 16:14:24] [d(0)] core: Negotiated SMB version: SMB3 [10/07/2020 16:14:24] [d(0)] core: SMB version(s) to negotiate: [1] [10/07/2020 16:14:24] [d(0)] core: Negotiated SMB version: SMB1 [10/07/2020 16:14:24] [d(0)] core: SMB version(s) to negotiate: [1, 2, 3] [10/07/2020 16:14:25] [d(0)] core: Negotiated SMB version: SMB3 [10/07/2020 16:14:25] [e(0)] core: Exploit failed (linux/samba/is_known_pipename): Rex::Proto::SMB::Exceptions::LoginError Login Failed: undefined method `[]' for nil:NilClass - Rex::Proto::SMB::Exceptions::LoginError Login Failed: undefined method `[]' for nil:NilClass [10/07/2020 16:14:38] [d(0)] core: SMB version(s) to negotiate: [1, 2, 3] [10/07/2020 16:14:38] [d(0)] core: Negotiated SMB version: SMB3 [10/07/2020 16:14:38] [d(0)] core: SMB version(s) to negotiate: [1] [10/07/2020 16:14:38] [d(0)] core: Negotiated SMB version: SMB1 [10/07/2020 16:14:38] [d(0)] core: SMB version(s) to negotiate: [1, 2, 3] [10/07/2020 16:14:38] [d(0)] core: Negotiated SMB version: SMB3 [10/07/2020 16:14:38] [e(0)] core: Exploit failed (linux/samba/is_known_pipename): Rex::Proto::SMB::Exceptions::LoginError Login Failed: undefined method `[]' for nil:NilClass - Rex::Proto::SMB::Exceptions::LoginError Login Failed: undefined method `[]' for nil:NilClass [10/07/2020 16:16:22] [i(0)] core: Default data service found. Attempting to connect... [10/07/2020 16:16:26] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported [10/07/2020 16:16:26] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported [10/07/2020 16:16:26] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported [10/07/2020 16:16:26] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported [10/07/2020 16:16:26] [e(0)] core: Unable to load module /opt/metasploit-framework/embedded/framework/modules/auxiliary/gather/office365userenum.py, unknown module type [10/07/2020 16:16:26] [e(0)] core: Unable to load module /opt/metasploit-framework/embedded/framework/modules/auxiliary/scanner/msmail/exchange_enum.go - Errno::ENOENT No such file or directory - go [10/07/2020 16:16:26] [e(0)] core: Unable to load module /opt/metasploit-framework/embedded/framework/modules/auxiliary/scanner/msmail/onprem_enum.go - Errno::ENOENT No such file or directory - go [10/07/2020 16:16:26] [e(0)] core: Unable to load module /opt/metasploit-framework/embedded/framework/modules/auxiliary/scanner/msmail/host_id.go - Errno::ENOENT No such file or directory - go [10/07/2020 16:16:48] [d(0)] core: SMB version(s) to negotiate: [1, 2, 3] [10/07/2020 16:16:48] [d(0)] core: Negotiated SMB version: SMB3 [10/07/2020 16:16:48] [d(0)] core: SMB version(s) to negotiate: [1] [10/07/2020 16:16:48] [d(0)] core: Negotiated SMB version: SMB1 [10/07/2020 16:16:48] [d(0)] core: SMB version(s) to negotiate: [1, 2, 3] [10/07/2020 16:16:48] [d(0)] core: Negotiated SMB version: SMB3 [10/07/2020 16:16:48] [e(0)] core: Exploit failed (linux/samba/is_known_pipename): Rex::Proto::SMB::Exceptions::LoginError Login Failed: undefined method `[]' for nil:NilClass - Rex::Proto::SMB::Exceptions::LoginError Login Failed: undefined method `[]' for nil:NilClass [10/07/2020 16:17:06] [i(0)] core: Default data service found. Attempting to connect... [10/07/2020 16:17:10] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported [10/07/2020 16:17:10] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported [10/07/2020 16:17:10] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported [10/07/2020 16:17:10] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported [10/07/2020 16:17:10] [e(0)] core: Unable to load module /opt/metasploit-framework/embedded/framework/modules/auxiliary/gather/office365userenum.py, unknown module type [10/07/2020 16:17:10] [e(0)] core: Unable to load module /opt/metasploit-framework/embedded/framework/modules/auxiliary/scanner/msmail/exchange_enum.go - Errno::ENOENT No such file or directory - go [10/07/2020 16:17:10] [e(0)] core: Unable to load module /opt/metasploit-framework/embedded/framework/modules/auxiliary/scanner/msmail/onprem_enum.go - Errno::ENOENT No such file or directory - go [10/07/2020 16:17:10] [e(0)] core: Unable to load module /opt/metasploit-framework/embedded/framework/modules/auxiliary/scanner/msmail/host_id.go - Errno::ENOENT No such file or directory - go [10/07/2020 16:20:44] [d(0)] core: SMB version(s) to negotiate: [1, 2, 3] [10/07/2020 16:20:44] [d(0)] core: Negotiated SMB version: SMB3 [10/07/2020 16:20:44] [d(0)] core: SMB version(s) to negotiate: [1] [10/07/2020 16:20:44] [d(0)] core: Negotiated SMB version: SMB1 [10/07/2020 16:20:44] [d(0)] core: SMB version(s) to negotiate: [1, 2, 3] [10/07/2020 16:20:44] [d(0)] core: Negotiated SMB version: SMB3 [10/07/2020 16:20:44] [e(0)] core: Exploit failed (linux/samba/is_known_pipename): Rex::Proto::SMB::Exceptions::LoginError Login Failed: undefined method `[]' for nil:NilClass - Rex::Proto::SMB::Exceptions::LoginError Login Failed: undefined method `[]' for nil:NilClass ```

Web Service Logs

The following web service logs were recorded before the issue occurred:

Collapse ``` /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:1072:in `invoke' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:919:in `call!' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:908:in `call' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/warden-1.2.8/lib/warden/manager.rb:36:in `block in call' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/warden-1.2.8/lib/warden/manager.rb:34:in `catch' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/warden-1.2.8/lib/warden/manager.rb:34:in `call' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/rack-protection-2.0.8.1/lib/rack/protection/xss_header.rb:18:in `call' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/rack-protection-2.0.8.1/lib/rack/protection/base.rb:50:in `call' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/rack-protection-2.0.8.1/lib/rack/protection/base.rb:50:in `call' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/rack-protection-2.0.8.1/lib/rack/protection/path_traversal.rb:16:in `call' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/rack-protection-2.0.8.1/lib/rack/protection/json_csrf.rb:26:in `call' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/rack-protection-2.0.8.1/lib/rack/protection/base.rb:50:in `call' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/rack-protection-2.0.8.1/lib/rack/protection/base.rb:50:in `call' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/rack-protection-2.0.8.1/lib/rack/protection/frame_options.rb:31:in `call' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/rack-2.2.3/lib/rack/session/abstract/id.rb:266:in `context' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/rack-2.2.3/lib/rack/session/abstract/id.rb:260:in `call' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/rack-2.2.3/lib/rack/null_logger.rb:11:in `call' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/rack-2.2.3/lib/rack/head.rb:12:in `call' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:194:in `call' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:1951:in `call' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:1503:in `block in call' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:1730:in `synchronize' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:1503:in `call' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/thin-1.7.2/lib/thin/connection.rb:86:in `block in pre_process' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/thin-1.7.2/lib/thin/connection.rb:84:in `catch' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/thin-1.7.2/lib/thin/connection.rb:84:in `pre_process' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/thin-1.7.2/lib/thin/connection.rb:53:in `process' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/thin-1.7.2/lib/thin/connection.rb:39:in `receive_data' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/eventmachine-1.2.7/lib/eventmachine.rb:195:in `run_machine' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/eventmachine-1.2.7/lib/eventmachine.rb:195:in `run' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/thin-1.7.2/lib/thin/backends/base.rb:73:in `start' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/thin-1.7.2/lib/thin/server.rb:162:in `start' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/thin-1.7.2/lib/thin/controllers/controller.rb:87:in `start' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/thin-1.7.2/lib/thin/runner.rb:203:in `run_command' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/thin-1.7.2/lib/thin/runner.rb:159:in `run!' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/thin-1.7.2/bin/thin:6:in `' /opt/metasploit-framework/embedded/bin/thin:23:in `load' /opt/metasploit-framework/embedded/bin/thin:23:in `
' 2020-08-10 11:55:52 - ActiveRecord::StatementInvalid - PG::UnableToSend: no connection to the server : SELECT "users".* FROM "users" WHERE "users"."username" = $1 ORDER BY "users"."id" ASC LIMIT $2: /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/activerecord-5.2.4.3/lib/active_record/connection_adapters/postgresql_adapter.rb:622:in `exec_prepared' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/activerecord-5.2.4.3/lib/active_record/connection_adapters/postgresql_adapter.rb:622:in `block (2 levels) in exec_cache' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/activesupport-5.2.4.3/lib/active_support/dependencies/interlock.rb:48:in `block in permit_concurrent_loads' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/activesupport-5.2.4.3/lib/active_support/concurrency/share_lock.rb:187:in `yield_shares' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/activesupport-5.2.4.3/lib/active_support/dependencies/interlock.rb:47:in `permit_concurrent_loads' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/activerecord-5.2.4.3/lib/active_record/connection_adapters/postgresql_adapter.rb:621:in `block in exec_cache' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/activerecord-5.2.4.3/lib/active_record/connection_adapters/abstract_adapter.rb:581:in `block (2 levels) in log' /opt/metasploit-framework/embedded/lib/ruby/2.6.0/monitor.rb:235:in `mon_synchronize' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/activerecord-5.2.4.3/lib/active_record/connection_adapters/abstract_adapter.rb:580:in `block in log' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/activesupport-5.2.4.3/lib/active_support/notifications/instrumenter.rb:23:in `instrument' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/activerecord-5.2.4.3/lib/active_record/connection_adapters/abstract_adapter.rb:571:in `log' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/activerecord-5.2.4.3/lib/active_record/connection_adapters/postgresql_adapter.rb:620:in `exec_cache' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/activerecord-5.2.4.3/lib/active_record/connection_adapters/postgresql_adapter.rb:600:in `execute_and_clear' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/activerecord-5.2.4.3/lib/active_record/connection_adapters/postgresql/database_statements.rb:81:in `exec_query' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/activerecord-5.2.4.3/lib/active_record/connection_adapters/abstract/database_statements.rb:482:in `select_prepared' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/activerecord-5.2.4.3/lib/active_record/connection_adapters/abstract/database_statements.rb:68:in `select_all' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/activerecord-5.2.4.3/lib/active_record/connection_adapters/abstract/query_cache.rb:106:in `select_all' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/activerecord-5.2.4.3/lib/active_record/querying.rb:41:in `find_by_sql' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/activerecord-5.2.4.3/lib/active_record/relation.rb:560:in `block in exec_queries' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/activerecord-5.2.4.3/lib/active_record/relation.rb:584:in `skip_query_cache_if_necessary' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/activerecord-5.2.4.3/lib/active_record/relation.rb:547:in `exec_queries' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/activerecord-5.2.4.3/lib/active_record/relation.rb:422:in `load' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/activerecord-5.2.4.3/lib/active_record/relation.rb:200:in `records' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/activerecord-5.2.4.3/lib/active_record/relation.rb:195:in `to_ary' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/activerecord-5.2.4.3/lib/active_record/relation/finder_methods.rb:532:in `find_nth_with_limit' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/activerecord-5.2.4.3/lib/active_record/relation/finder_methods.rb:517:in `find_nth' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/activerecord-5.2.4.3/lib/active_record/relation/finder_methods.rb:125:in `first' /opt/metasploit-framework/embedded/framework/lib/msf/core/web_services/authentication/strategies/user_password.rb:35:in `authenticate!' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/warden-1.2.8/lib/warden/strategies/base.rb:54:in `_run!' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/warden-1.2.8/lib/warden/proxy.rb:369:in `block in _run_strategies_for' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/warden-1.2.8/lib/warden/proxy.rb:365:in `each' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/warden-1.2.8/lib/warden/proxy.rb:365:in `_run_strategies_for' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/warden-1.2.8/lib/warden/proxy.rb:335:in `_perform_authentication' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/warden-1.2.8/lib/warden/proxy.rb:133:in `authenticate!' /opt/metasploit-framework/embedded/framework/lib/msf/core/web_services/servlet/auth_servlet.rb:59:in `block in post_login' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:1636:in `call' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:1636:in `block in compile!' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:987:in `block (3 levels) in route!' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:1006:in `route_eval' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:987:in `block (2 levels) in route!' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:1035:in `block in process_route' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:1033:in `catch' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:1033:in `process_route' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:985:in `block in route!' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:984:in `each' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:984:in `route!' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:1098:in `block in dispatch!' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:1072:in `block in invoke' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:1072:in `catch' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:1072:in `invoke' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:1095:in `dispatch!' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:919:in `block in call!' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:1072:in `block in invoke' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:1072:in `catch' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:1072:in `invoke' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:919:in `call!' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:908:in `call' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/warden-1.2.8/lib/warden/manager.rb:36:in `block in call' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/warden-1.2.8/lib/warden/manager.rb:34:in `catch' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/warden-1.2.8/lib/warden/manager.rb:34:in `call' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/rack-protection-2.0.8.1/lib/rack/protection/xss_header.rb:18:in `call' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/rack-protection-2.0.8.1/lib/rack/protection/base.rb:50:in `call' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/rack-protection-2.0.8.1/lib/rack/protection/base.rb:50:in `call' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/rack-protection-2.0.8.1/lib/rack/protection/path_traversal.rb:16:in `call' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/rack-protection-2.0.8.1/lib/rack/protection/json_csrf.rb:26:in `call' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/rack-protection-2.0.8.1/lib/rack/protection/base.rb:50:in `call' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/rack-protection-2.0.8.1/lib/rack/protection/base.rb:50:in `call' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/rack-protection-2.0.8.1/lib/rack/protection/frame_options.rb:31:in `call' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/rack-2.2.3/lib/rack/session/abstract/id.rb:266:in `context' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/rack-2.2.3/lib/rack/session/abstract/id.rb:260:in `call' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/rack-2.2.3/lib/rack/null_logger.rb:11:in `call' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/rack-2.2.3/lib/rack/head.rb:12:in `call' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:194:in `call' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:1951:in `call' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:1503:in `block in call' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:1730:in `synchronize' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/sinatra-2.0.8.1/lib/sinatra/base.rb:1503:in `call' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/thin-1.7.2/lib/thin/connection.rb:86:in `block in pre_process' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/thin-1.7.2/lib/thin/connection.rb:84:in `catch' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/thin-1.7.2/lib/thin/connection.rb:84:in `pre_process' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/thin-1.7.2/lib/thin/connection.rb:53:in `process' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/thin-1.7.2/lib/thin/connection.rb:39:in `receive_data' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/eventmachine-1.2.7/lib/eventmachine.rb:195:in `run_machine' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/eventmachine-1.2.7/lib/eventmachine.rb:195:in `run' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/thin-1.7.2/lib/thin/backends/base.rb:73:in `start' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/thin-1.7.2/lib/thin/server.rb:162:in `start' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/thin-1.7.2/lib/thin/controllers/controller.rb:87:in `start' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/thin-1.7.2/lib/thin/runner.rb:203:in `run_command' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/thin-1.7.2/lib/thin/runner.rb:159:in `run!' /opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/thin-1.7.2/bin/thin:6:in `' /opt/metasploit-framework/embedded/bin/thin:23:in `load' /opt/metasploit-framework/embedded/bin/thin:23:in `
' Exiting! Writing PID to /home/arthur/.msf4/msf-ws.pid Thin web server (v1.7.2 codename Bachmanity) Maximum connections set to 1024 Listening on localhost:5443, CTRL+C to stop Writing PID to /home/arthur/.msf4/msf-ws.pid Thin web server (v1.7.2 codename Bachmanity) Maximum connections set to 1024 Listening on localhost:5443, CTRL+C to stop Restarting ... Writing PID to /home/arthur/.msf4/msf-ws.pid Thin web server (v1.7.2 codename Bachmanity) Maximum connections set to 1024 Listening on localhost:5443, CTRL+C to stop Writing PID to /home/arthur/.msf4/msf-ws.pid Thin web server (v1.7.2 codename Bachmanity) Maximum connections set to 1024 Listening on localhost:5443, CTRL+C to stop ```

Version/Install

The versions and install method of your Metasploit setup:

Collapse ``` Framework: 6.0.10-dev- Ruby: ruby 2.6.6p146 (2020-03-31 revision 67876) [x86_64-linux] Install Root: /opt/metasploit-framework/embedded/framework Session Type: Connected to remote_data_service: (https://localhost:5443). Connection type: http. Connection name: #. Install Method: Omnibus Installer ```