Closed adfoster-r7 closed 11 months ago
Also replicated with the thm anonymous
room, possibly a regression in behavior:
6.0.2
msf5 > use smb_enumshares
Matching Modules
================
# Name Disclosure Date Rank Check Description
- ---- --------------- ---- ----- -----------
0 auxiliary/scanner/smb/smb_enumshares normal No SMB Share Enumeration
[*] Using auxiliary/scanner/smb/smb_enumshares
msf5 auxiliary(scanner/smb/smb_enumshares) > use 0
msf5 auxiliary(scanner/smb/smb_enumshares) > run rhosts=10.10.4.153
[+] 10.10.4.153:139 - print$ - (DISK) Printer Drivers
[+] 10.10.4.153:139 - pics - (DISK) My SMB Share Directory for Pics
[+] 10.10.4.153:139 - IPC$ - (IPC) IPC Service (anonymous server (Samba
[+] 10.10.4.153:139 - Ubuntu))
[*] 10.10.4.153: - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
6.0.3
msf6 auxiliary(scanner/smb/smb_enumshares) > run rhosts=10.10.4.153
[*] 10.10.4.153: - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf6 auxiliary(scanner/smb/smb_enumshares) > version
Framework: 6.0.3-dev-07acf7bd37
Console : 6.0.3-dev-07acf7bd37
Seems like an issue with Samba 4.3.11 which you can easily install with Ubuntu 16.04.
I could reproduce the issue against tryhackme's server but I couldn't with the same Samba version (4.3.11) on a local Ubuntu 16.04. Here are my notes:
msf6 auxiliary(scanner/smb/smb_enumshares) > set SMB::AlwaysEncrypt true
SMB::AlwaysEncrypt => true
msf6 auxiliary(scanner/smb/smb_enumshares) > run
[!] 172.16.60.1:139 - peer_native_os is only available with SMB1 (current version: SMB3) [!] 172.16.60.1:139 - peer_native_lm is only available with SMB1 (current version: SMB3) [+] 172.16.60.1:139 - temp - (DISK) [+] 172.16.60.1:139 - IPC$ - (IPC) IPC Service (847f03d07c9d server (Samba [+] 172.16.60.1:139 - Ubuntu)) [+] 172.16.60.1:139 - smbuser - (DISK) Home directory of smbuser [] 172.16.60.1: - Scanned 1 of 1 hosts (100% complete) [] Auxiliary module execution completed msf6 auxiliary(scanner/smb/smb_enumshares) > set SMB::AlwaysEncrypt false SMB::AlwaysEncrypt => false msf6 auxiliary(scanner/smb/smb_enumshares) > run
[!] 172.16.60.1:139 - peer_native_os is only available with SMB1 (current version: SMB3) [!] 172.16.60.1:139 - peer_native_lm is only available with SMB1 (current version: SMB3) [+] 172.16.60.1:139 - temp - (DISK) [+] 172.16.60.1:139 - IPC$ - (IPC) IPC Service (847f03d07c9d server (Samba [+] 172.16.60.1:139 - Ubuntu)) [+] 172.16.60.1:139 - smbuser - (DISK) Home directory of smbuser [] 172.16.60.1: - Scanned 1 of 1 hosts (100% complete) [] Auxiliary module execution completed
## TryHackMe
- Encryption seems to be broken on this Samba server and disabling it with `set SMB::AlwaysEncrypt false` gets rid of the encryption error:
Error: 10.10.34.174 RubySMB::Error::EncryptionError Communication error with the remote host: Socket read returned nil. The server supports encryption but was not able to handle the encrypted request.
output:
msf6 auxiliary(scanner/smb/smb_enumshares) > set SMB::AlwaysEncrypt false SMB::AlwaysEncrypt => false msf6 auxiliary(scanner/smb/smb_enumshares) > run [-] 10.10.254.193:139 - Error: '10.10.254.193' 'RubySMB::Error::UnexpectedStatusCode' 'The server responded with an unexpected status code: STATUS_ACCESS_DENIED' [-] 10.10.254.193:445 - Error: '10.10.254.193' 'RubySMB::Error::UnexpectedStatusCode' 'The server responded with an unexpected status code: STATUS_ACCESS_DENIED' [] 10.10.254.193: - Scanned 1 of 1 hosts (100% complete) [] Auxiliary module execution completed
- The issue is now `TREE_CONNECT` returns `STATUS_ACCESS_DENIED` and I found that disabling signing fixed this. Even if the server sets the `Signing enabled` flag on the `NEGOTIATE` response packet (meaning it supports it), it fails verifying the signature on the `TREE_CONNECT` packet. The fix would be to change the `if` statement in RubySMB [smb3_sign](https://github.com/rapid7/ruby_smb/blob/master/lib/ruby_smb/client/signing.rb#L45), which forces the client to not always sign the `TREE_CONNECT` request:
if !session_key.empty? && signing_required ...
output:
msf6 auxiliary(scanner/smb/smb_enumshares) > run
[!] 10.10.254.193:139 - peer_native_os is only available with SMB1 (current version: SMB3) [!] 10.10.254.193:139 - peer_native_lm is only available with SMB1 (current version: SMB3) [+] 10.10.254.193:139 - print$ - (DISK) Printer Drivers [+] 10.10.254.193:139 - nerdherd_classified - (DISK) Samba on Ubuntu [+] 10.10.254.193:139 - IPC$ - (IPC) IPC Service (nerdherd server (Samba [+] 10.10.254.193:139 - Ubuntu)) [] 10.10.254.193: - Scanned 1 of 1 hosts (100% complete) [] Auxiliary module execution completed
However, according to the [protocol](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/973630a8-8aa1-4398-89a8-13cf830f194d), SMB3 with 3.1.1 dialect (the one selected by the server) requires the `TREE_CONNECT` request to **always** be signed. So, not-signing the `TREE_CONNECT` request is likely to break on other SMB/Samba servers, since it does not follow the protocol. I don't think it is a good idea.
- A workaround would be to disable SMB3, since it looks like it is broken on this server:
msf6 auxiliary(scanner/smb/smb_enumshares) > set SMB::AlwaysEncrypt false SMB::AlwaysEncrypt => false msf6 auxiliary(scanner/smb/smb_enumshares) > set SMB::ProtocolVersion 1,2 SMB::ProtocolVersion => 1,2 msf6 auxiliary(scanner/smb/smb_enumshares) > run
[!] 10.10.254.193:139 - peer_native_os is only available with SMB1 (current version: SMB2) [!] 10.10.254.193:139 - peer_native_lm is only available with SMB1 (current version: SMB2) [+] 10.10.254.193:139 - print$ - (DISK) Printer Drivers [+] 10.10.254.193:139 - nerdherd_classified - (DISK) Samba on Ubuntu [+] 10.10.254.193:139 - IPC$ - (IPC) IPC Service (nerdherd server (Samba [+] 10.10.254.193:139 - Ubuntu)) [] 10.10.254.193: - Scanned 1 of 1 hosts (100% complete) [] Auxiliary module execution completed
Just for posterity, I was able to replicate with docker, these are the steps I ran through:
Grabbing ubuntu 16.04 and installing docker:
docker run -it --rm -p 139:139 -p 445:445 ubuntu:16.04 /bin/bash
mkdir -p /tmp/foo
apt update
apt install -y samba
Verifying version is as expected:
$ samba --version
Version 4.3.11-Ubuntu
Adding the share:
cat << EOF >> /etc/samba/smb.conf
[foo_share]
comment = Foo samba share
path = /tmp/foo
read only = no
browsable = yes
EOF
Restart the service:
service smbd restart
Now that docker is set up, and bound to the host's ports - I was able to replicate Christophe's and Spencer's findings when scanning with Metasploit:
use scanner/smb/smb_enumusers
run RHOST=127.0.0.1 smb::alwaysencrypt=false
Error: 127.0.0.1 RubySMB::Error::EncryptionError Communication error with the remote host: Socket read returned nil. The server supports encryption but was not able to handle the encrypted request.
Error: 127.0.0.1 RubySMB::Error::EncryptionError Communication error with the remote host: Socket read returned nil. The server supports encryption but was not able to handle the encrypted request.
[*] 127.0.0.1: - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
Running without encryption:
run RHOST=127.0.0.1 smb::alwaysencrypt=false
Error: 127.0.0.1 RubySMB::Error::UnexpectedStatusCode The server responded with an unexpected status code: STATUS_ACCESS_DENIED
Error: 127.0.0.1 RubySMB::Error::UnexpectedStatusCode The server responded with an unexpected status code: STATUS_ACCESS_DENIED
[*] 127.0.0.1: - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
Running with protocol version 1,2:
set SMB::ProtocolVersion 1,2
run RHOST=127.0.0.1 smb::alwaysencrypt=false
[!] 127.0.0.1:139 - peer_native_os is only available with SMB1 (current version: SMB2)
[!] 127.0.0.1:139 - peer_native_lm is only available with SMB1 (current version: SMB2)
[+] 127.0.0.1:139 - print$ - (DISK) Printer Drivers
[+] 127.0.0.1:139 - foo_share - (DISK) Samba share
[+] 127.0.0.1:139 - IPC$ - (IPC) IPC Service (2b17d92ee88b server (Samba
[+] 127.0.0.1:139 - Ubuntu))
[*] 127.0.0.1: - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
Installing smbclient
on a separate container works and targeting the host machine:
docker run -it --rm ubuntu:16.04 /bin/bash
apt install -y smbclient
smbclient -L //docker.for.mac.host.internal/ -U "anonymous"%" "
Result:
root@757b88788c6e:/# smbclient -L //docker.for.mac.host.internal/ -U "anonymous"%" "
WARNING: The "syslog" option is deprecated
Domain=[WORKGROUP] OS=[Windows 6.1] Server=[Samba 4.3.11-Ubuntu]
Sharename Type Comment
--------- ---- -------
print$ Disk Printer Drivers
foo_share Disk Samba share
IPC$ IPC IPC Service (2b17d92ee88b server (Samba, Ubuntu))
Domain=[WORKGROUP] OS=[Windows 6.1] Server=[Samba 4.3.11-Ubuntu]
Server Comment
--------- -------
Workgroup Master
--------- -------
I'm assuming smbclient worked as it's not encrypted by default, as if I run with smbclient's encryption enabled it fails:
root@757b88788c6e:/# smbclient -e -L //docker.for.mac.host.internal/ -U "anonymous"%" "
WARNING: The "syslog" option is deprecated
NTLMSSP packet check failed due to short signature (0 bytes)!
NTLMSSP NTLM2 packet check failed due to invalid signature!
session setup failed: NT_STATUS_ACCESS_DENIED
As everything is now pointing to this being an issue with the particular samba version; I wonder if there's any affordance we can add to Metasploit to help users know the steps they could run through to still try extract information out of the rhost
Looks like it's the same results for ubuntu 20.04 LTS and samba 4.11.6 - January 28, 2020
I can confirm I have this same issue with msfconsole 6.0.17-dev. Unfortunately, I do not have 100% verifiable information about the remote machine's exact distro or Samba version, as I am running into this during a challenge.
I spent some time to debug the smbd
server and found what might cause this error. It turns out packet signing with anonymous user is not accepted/supported. Samba server generate the signing-key based on an empty session-key, whereas RubySMB uses a properly calculated session-key. At this point, I'm not sure who is wrong. Signing might be disabled for anonymous users, but I need to confirm that.
I was able to make it work with any Samba version by using an authenticated session (with proper credentials). Signing works in this case.
I did more tests with RubySMB directly, forcing SMBv3 with anonymous access.
ruby examples/net_share_enum_all.rb <ip> '' '' 3
Here are my findings:
Session Key | Encryption | Result |
---|---|---|
Calculated | Enabled | Failure (no response - connection closed) |
Calculated | Disabled | Failure (STATUS_ACCESS_DENIED ) |
Empty | Enabled | Success |
Empty | Disabled | Success |
Session Key | Encryption | Result |
---|---|---|
Calculated | Enabled | Success |
Calculated | Disabled | Success |
Empty | Enabled | Failure (no response - connection closed) |
Empty | Disabled | Success |
As we can see, the behavior is different. An empty session key will work with Samba, but it will fail with Windows if encryption is enabled.
We can still force an empty session key when encryption is disabled, which will work with both platforms. But, with encryption enabled, it is another story.
workaround:
set SMB::AlwaysEncrypt false
set SMB::ProtocolVersion 1
Ran into this issue myself when I accidentally tested the PrintNightmare
module against a Samba SMB server on a Ubuntu 20.04 LTS host running Samba 4.6.2. Just in case this helps anyone. Error logs follow:
msf6 auxiliary(admin/dcerpc/cve_2021_1675_printnightmare) > check
[-] 192.168.224.128:445 - Auxiliary failed: RubySMB::Error::EncryptionError Communication error with the remote host: Socket read returned nil. The server supports encryption but was not able to handle the encrypted request.
[-] 192.168.224.128:445 - Call stack:
[-] 192.168.224.128:445 - /home/gwillcox/.rvm/gems/ruby-2.7.2@metasploit-framework/gems/ruby_smb-2.0.10/lib/ruby_smb/client.rb:535:in `rescue in recv_packet'
[-] 192.168.224.128:445 - /home/gwillcox/.rvm/gems/ruby-2.7.2@metasploit-framework/gems/ruby_smb-2.0.10/lib/ruby_smb/client.rb:531:in `recv_packet'
[-] 192.168.224.128:445 - /home/gwillcox/.rvm/gems/ruby-2.7.2@metasploit-framework/gems/ruby_smb-2.0.10/lib/ruby_smb/client.rb:459:in `send_recv'
[-] 192.168.224.128:445 - /home/gwillcox/.rvm/gems/ruby-2.7.2@metasploit-framework/gems/ruby_smb-2.0.10/lib/ruby_smb/client/tree_connect.rb:58:in `smb2_tree_connect'
[-] 192.168.224.128:445 - /home/gwillcox/.rvm/gems/ruby-2.7.2@metasploit-framework/gems/ruby_smb-2.0.10/lib/ruby_smb/client.rb:564:in `tree_connect'
[-] 192.168.224.128:445 - /home/gwillcox/git/metasploit-framework/lib/rex/proto/smb/simple_client.rb:168:in `connect'
[-] 192.168.224.128:445 - /home/gwillcox/git/metasploit-framework/lib/msf/core/exploit/remote/smb/client.rb:168:in `smb_login'
[-] 192.168.224.128:445 - /home/gwillcox/git/metasploit-framework/modules/auxiliary/admin/dcerpc/cve_2021_1675_printnightmare.rb:298:in `check'
[-] 192.168.224.128:445 - Check failed: The state could not be determined.
I had completely forgotten about this but it turns out it's been fixed since 6.1.30 released on February 17th, 2022. More specifically it was fixed in commit bd0aba3cca929a476b07a57e33f6d7d8ed975409 which bumps RubySMB from 3.0.2 to 3.0.3. This bump included the changes from two PRs: rapid7/ruby_smb#190 and rapid7/ruby_smb#193.
Old and broken:
msf6 auxiliary(scanner/smb/smb_enumshares) > run
[*] 127.0.0.1:139 - Starting module
[*] 127.0.0.1:445 - Starting module
[-] 127.0.0.1:445 - RubySMB encountered an error: Communication error with the remote host: Socket read returned nil. The server supports encryption but was not able to handle the encrypted request.
[*] 127.0.0.1: - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
New and fixed:
[*] 127.0.0.1:139 - Starting module
[*] 127.0.0.1:445 - Starting module
[!] 127.0.0.1:445 - peer_native_os is only available with SMB1 (current version: SMB3)
[!] 127.0.0.1:445 - peer_native_lm is only available with SMB1 (current version: SMB3)
[+] 127.0.0.1:445 - print$ - (DISK) Printer Drivers
[+] 127.0.0.1:445 - foo_share - (DISK) Foo samba share
[+] 127.0.0.1:445 - IPC$ - (IPC|SPECIAL) IPC Service (1d9536797547 server (Samba, Ubuntu))
[*] 127.0.0.1: - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution complete
Can confirm broken on previous versions, and working on the latest release now - thanks! :+1:
Steps to reproduce
Running against tryhackme's nerdherd room results in no shares output:
Example:
In case it's useful, version output:
Current behavior
There is no output:
For some of the other smb modules, there's more obvious logging that something's gone wrong:
Expected behavior
What should happen?
smbclient
on kali works as expected:Interestingly, although
smbclient
works,cme
doesn't work:Output:
Metasploit version
Get this with the
version
command in msfconsole (orgit log -1 --pretty=oneline
for a source install).Module/Datastore
The following global/module datastore, and database setup was configured before the issue occurred:
Collapse
``` [framework/core] loglevel=3 [framework/database] default_db=local-https-data-service [framework/database/local-https-data-service] url=[Filtered] cert=[Filtered] skip_verify=[Filtered] api_token=[Filtered] [framework/features] wrapped_tables=true RHOST_HTTP_URL=true [framework/ui/console] ActiveModule=auxiliary/scanner/smb/smb_enumusers [scanner/smb/smb_enumusers] DCERPC::fake_bind_multi=false WORKSPACE= VERBOSE=false RHOSTS= SSL=false SSLVersion=Auto SSLVerifyMode=PEER SSLCipher= Proxies= CPORT= CHOST= ConnectTimeout=10 TCP::max_send_size=0 TCP::send_delay=0 NTLM::UseNTLMv2=true NTLM::UseNTLM2_session=true NTLM::SendLM=true NTLM::UseLMKey=false NTLM::SendNTLM=true NTLM::SendSPN=true SMB::pipe_evasion=false SMB::pipe_write_min_size=1 SMB::pipe_write_max_size=1024 SMB::pipe_read_min_size=1 SMB::pipe_read_max_size=1024 SMB::pad_data_level=0 SMB::pad_file_level=0 SMB::obscure_trans_pipe_level=0 SMBDirect=true SMBUser= SMBPass= SMBDomain=. SMBName=*SMBSERVER SMB::VerifySignature=false SMB::ChunkSize=500 SMB::Native_OS=Windows 2000 2195 SMB::Native_LM=Windows 2000 5.0 SMB::ProtocolVersion=1,2,3 SMB::AlwaysEncrypt=true DCERPC::max_frag_size=4096 DCERPC::fake_bind_multi_prepend=0 DCERPC::fake_bind_multi_append=0 DCERPC::smb_pipeio=rw DCERPC::ReadTimeout=10 THREADS=1 ShowProgress=true ShowProgressPercent=10 DB_ALL_USERS=false ```History
The following commands were ran during the session and before this issue occurred:
Collapse
``` 2914 run rhosts=10.10.34.174 2915 log 2916 run 2917 run rhosts=10.10.34.174 2918 version 2919 use smb_version 2920 run rhosts=10.10.34.174 2921 use smb_enumshares 2922 run rhosts=10.10.34.174 2923 use smb_enumusers 2924 use 0 2925 run rhosts=10.10.34.174 2926 version 2927 debug ```Framework Errors
The following framework errors occurred before the issue occurred:
Collapse
``` [11/05/2020 17:21:04] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported [11/05/2020 17:21:04] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported [11/05/2020 17:22:17] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported [11/05/2020 17:22:17] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported [11/05/2020 17:22:17] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported [11/05/2020 17:22:17] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported [11/05/2020 17:22:47] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported [11/05/2020 17:22:47] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported [11/05/2020 17:22:47] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported [11/05/2020 17:22:47] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported ```Web Service Errors
The following web service errors occurred before the issue occurred:
Collapse
``` No matching patterns were found in msf-ws.log. ```Framework Logs
The following framework logs were recorded before the issue occurred:
Collapse
``` [11/05/2020 17:22:47] [d(2)] core: Built staged payload osx/armle/shell/bind_tcp. [11/05/2020 17:22:47] [d(2)] core: Stager osx/armle/reverse_tcp and stage bsdi/x86/shell have incompatible platforms: ["OSX"] - ["BSDi"] [11/05/2020 17:22:47] [d(2)] core: Stager osx/armle/reverse_tcp and stage windows/patchupdllinject have incompatible platforms: ["OSX"] - ["Windows"] [11/05/2020 17:22:47] [d(2)] core: Stager osx/armle/reverse_tcp and stage windows/vncinject have incompatible platforms: ["OSX"] - ["Windows"] [11/05/2020 17:22:47] [d(2)] core: Stager osx/armle/reverse_tcp and stage windows/shell have incompatible platforms: ["OSX"] - ["Windows"] [11/05/2020 17:22:47] [d(2)] core: Stager osx/armle/reverse_tcp and stage windows/peinject have incompatible platforms: ["OSX"] - ["Windows"] [11/05/2020 17:22:47] [d(2)] core: Stager osx/armle/reverse_tcp and stage windows/meterpreter have incompatible platforms: ["OSX"] - ["Windows"] [11/05/2020 17:22:47] [d(2)] core: Stager osx/armle/reverse_tcp and stage windows/upexec have incompatible platforms: ["OSX"] - ["Windows"] [11/05/2020 17:22:47] [d(2)] core: Stager osx/armle/reverse_tcp and stage windows/x64/vncinject have incompatible platforms: ["OSX"] - ["Windows"] [11/05/2020 17:22:47] [d(2)] core: Stager osx/armle/reverse_tcp and stage windows/x64/shell have incompatible platforms: ["OSX"] - ["Windows"] [11/05/2020 17:22:47] [d(2)] core: Stager osx/armle/reverse_tcp and stage windows/x64/peinject have incompatible platforms: ["OSX"] - ["Windows"] [11/05/2020 17:22:47] [d(2)] core: Stager osx/armle/reverse_tcp and stage windows/x64/meterpreter have incompatible platforms: ["OSX"] - ["Windows"] [11/05/2020 17:22:47] [d(2)] core: Stager osx/armle/reverse_tcp and stage windows/patchupmeterpreter have incompatible platforms: ["OSX"] - ["Windows"] [11/05/2020 17:22:47] [d(2)] core: Stager osx/armle/reverse_tcp and stage windows/dllinject have incompatible platforms: ["OSX"] - ["Windows"] [11/05/2020 17:22:47] [d(2)] core: Stager osx/armle/reverse_tcp and stage android/shell have incompatible platforms: ["OSX"] - ["Android"] [11/05/2020 17:22:47] [d(2)] core: Stager osx/armle/reverse_tcp and stage android/meterpreter have incompatible platforms: ["OSX"] - ["Android"] [11/05/2020 17:22:47] [d(2)] core: Stager osx/armle/reverse_tcp and stage linux/aarch64/shell have incompatible platforms: ["OSX"] - ["Linux"] [11/05/2020 17:22:47] [d(2)] core: Stager osx/armle/reverse_tcp and stage linux/aarch64/meterpreter have incompatible platforms: ["OSX"] - ["Linux"] [11/05/2020 17:22:47] [d(2)] core: Stager osx/armle/reverse_tcp and stage linux/x86/shell have incompatible platforms: ["OSX"] - ["Linux"] [11/05/2020 17:22:47] [d(2)] core: Stager osx/armle/reverse_tcp and stage linux/x86/meterpreter have incompatible platforms: ["OSX"] - ["Linux"] [11/05/2020 17:22:47] [d(2)] core: Stager osx/armle/reverse_tcp and stage linux/mipsle/shell have incompatible platforms: ["OSX"] - ["Linux"] [11/05/2020 17:22:47] [d(2)] core: Stager osx/armle/reverse_tcp and stage linux/mipsle/meterpreter have incompatible platforms: ["OSX"] - ["Linux"] [11/05/2020 17:22:47] [d(2)] core: Stager osx/armle/reverse_tcp and stage linux/x64/shell have incompatible platforms: ["OSX"] - ["Linux"] [11/05/2020 17:22:47] [d(2)] core: Stager osx/armle/reverse_tcp and stage linux/x64/meterpreter have incompatible platforms: ["OSX"] - ["Linux"] [11/05/2020 17:22:47] [d(2)] core: Stager osx/armle/reverse_tcp and stage linux/armle/shell have incompatible platforms: ["OSX"] - ["Linux"] [11/05/2020 17:22:47] [d(2)] core: Stager osx/armle/reverse_tcp and stage linux/armle/meterpreter have incompatible platforms: ["OSX"] - ["Linux"] [11/05/2020 17:22:47] [d(2)] core: Stager osx/armle/reverse_tcp and stage linux/mipsbe/shell have incompatible platforms: ["OSX"] - ["Linux"] [11/05/2020 17:22:47] [d(2)] core: Stager osx/armle/reverse_tcp and stage linux/mipsbe/meterpreter have incompatible platforms: ["OSX"] - ["Linux"] [11/05/2020 17:22:47] [d(2)] core: Stager osx/armle/reverse_tcp and stage php/meterpreter have incompatible platforms: ["OSX"] - ["PHP"] [11/05/2020 17:22:47] [d(2)] core: Stager osx/armle/reverse_tcp and stage bsd/x86/shell have incompatible platforms: ["OSX"] - ["BSD"] [11/05/2020 17:22:47] [d(2)] core: Stager osx/armle/reverse_tcp and stage java/shell have incompatible platforms: ["OSX"] - ["Java"] [11/05/2020 17:22:47] [d(2)] core: Stager osx/armle/reverse_tcp and stage java/meterpreter have incompatible platforms: ["OSX"] - ["Java"] [11/05/2020 17:22:47] [d(2)] core: Stager osx/armle/reverse_tcp and stage multi/meterpreter have incompatible platforms: ["OSX"] - ["Multi"] [11/05/2020 17:22:47] [d(2)] core: Stager osx/armle/reverse_tcp and stage netware/shell have incompatible platforms: ["OSX"] - ["Netware"] [11/05/2020 17:22:47] [d(2)] core: Stager osx/armle/reverse_tcp and stage python/meterpreter have incompatible platforms: ["OSX"] - ["Python"] [11/05/2020 17:22:47] [d(2)] core: Stager osx/armle/reverse_tcp and stage osx/x86/isight have incompatible architectures: armle - x86 [11/05/2020 17:22:47] [d(2)] core: Stager osx/armle/reverse_tcp and stage osx/x86/bundleinject have incompatible architectures: armle - x86 [11/05/2020 17:22:47] [d(2)] core: Stager osx/armle/reverse_tcp and stage osx/x86/vforkshell have incompatible architectures: armle - x86 [11/05/2020 17:22:47] [d(2)] core: Stager osx/armle/reverse_tcp and stage osx/ppc/shell have incompatible architectures: armle - ppc [11/05/2020 17:22:47] [d(2)] core: Stager osx/armle/reverse_tcp and stage osx/x64/meterpreter have incompatible architectures: armle - x64 [11/05/2020 17:22:47] [d(2)] core: Stager osx/armle/reverse_tcp and stage osx/x64/dupandexecve have incompatible architectures: armle - x64 [11/05/2020 17:22:47] [d(1)] core: Module is compatible with [11/05/2020 17:22:47] [d(2)] core: Built staged payload osx/armle/execute/reverse_tcp. [11/05/2020 17:22:47] [d(1)] core: Module is compatible with [11/05/2020 17:22:47] [d(2)] core: Built staged payload osx/armle/shell/reverse_tcp. [11/05/2020 17:22:55] [i(2)] core: Reloading auxiliary module scanner/smb/smb_enumusers. Ambiguous module warnings are safe to ignore [11/05/2020 17:22:57] [d(0)] core: SMB version(s) to negotiate: [1, 2, 3] [11/05/2020 17:22:57] [d(0)] core: Negotiated SMB version: SMB3 [11/05/2020 17:22:57] [d(0)] core: SMB version(s) to negotiate: [1, 2, 3] [11/05/2020 17:22:57] [d(0)] core: Negotiated SMB version: SMB3 ```Web Service Logs
The following web service logs were recorded before the issue occurred:
Collapse
``` ```Version/Install
The versions and install method of your Metasploit setup:
Collapse
``` Framework: 6.0.15-dev-9076f2cc83 Ruby: ruby 2.7.2p137 (2020-10-01 revision 5445e04352) [x86_64-darwin19] Install Root: /Users/adfoster/Documents/code/metasploit-framework Session Type: Connected to remote_data_service: (https://localhost:5443). Connection type: http. Install Method: Git Clone ```