bcoles
commented
2 years ago This is an issue with the BeEF modules which are not officially part of Metasploit.
Remove the BeEF modules or replace them with the latest version. https://github.com/rapid7/metasploit-framework/issues/11566#issuecomment-987574553
Steps to reproduce
How'd you do it?
`Step 1: The first step is to copy BeEF’s bind shellcode modules from /beef/modules/exploits/beefbind/shellcode_sources/msf to the appropriate Metasploit folders (on kali rolling you can find the Metasploit folders on /usr/share/Metasploit-framework/…).
sudo cp -fv /usr/share/beef-xss/modules/exploits/beefbind/shellcode_sources/msf/beef_bind-handler.rb /usr/share/metasploit-framework/lib/msf/core/handler/beef_bind.rb sudo cp -fv /usr/share/beef-xss/modules/exploits/beefbind/shellcode_sources/msf/beef_bind-stage-windows-x86.rb /usr/share/metasploit-framework/modules/payloads/stages/windows/beef_shell.rb sudo cp -fv /usr/share/beef-xss/modules/exploits/beefbind/shellcode_sources/msf/beef_bind-stager-windows-x86.rb /usr/share/metasploit-framework/modules/payloads/stagers/windows/beef_bind.rb sudo cp -fv /usr/share/beef-xss/modules/exploits/beefbind/shellcode_sources/msf/beef_bind-stage-linux-x86.rb /usr/share/metasploit-framework/modules/payloads/stages/linux/x86/beef_shell.rb sudo cp -fv /usr/share/beef-xss/modules/exploits/beefbind/shellcode_sources/msf/beef_bind-stager-linux-x86.rb /usr/share/metasploit-framework/modules/payloads/stagers/linux/x86/beef_bind.rb sudo cp -fv /usr/share/beef-xss/modules/exploits/beefbind/shellcode_sources/msf/beef_bind-stage-linux-x64.rb /usr/share/metasploit-framework/modules/payloads/stages/linux/x64/beef_shell.rb sudo cp -fv /usr/share/beef-xss/modules/exploits/beefbind/shellcode_sources/msf/beef_bind-stager-linux-x64.rb /usr/share/metasploit-framework/modules/payloads/stagers/linux/x64/beef_bind.rb
With BeEF bind shellcode modules inside Metasploit, you can use msfvenom to create the attack’s stager. By executing the following command, you will create a PowerShell based BeEF bind shellcode stager, which is also A/V resistant since it leverages .NET’s reflection capability.
msfvenom -a x86 --platform windows -p windows/beef_shell/beef_bind -f psh-reflection -o outfile.ps1
msfvenom -a x86 --platform windows -p windows/beef_shell/beef_bind -f psh-reflection -o outfile.ps1'
14: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/zeitwerk-2.5.1/lib/zeitwerk/loader.rb:312:in
Traceback (most recent call last): 40: from /usr/bin/msfvenom:472:in
<main>' 39: from /usr/bin/msfvenom:67:inframework' 38: from /usr/bin/msfvenom:44:ininit_framework' 37: from /usr/bin/msfvenom:27:inrequire_deps' 36: from /usr/lib/ruby/vendor_ruby/rubygems/core_ext/kernel_require.rb:85:inrequire' 35: from /usr/lib/ruby/vendor_ruby/rubygems/core_ext/kernel_require.rb:85:inrequire' 34: from /usr/share/metasploit-framework/lib/msfenv.rb:17:in<top (required)>' 33: from /usr/share/metasploit-framework/lib/msfenv.rb:17:inrequire' 32: from /usr/share/metasploit-framework/config/environment.rb:4:in<top (required)>' 31: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/railties-6.1.4.1/lib/rails/railtie.rb:207:inmethod_missing' 30: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/railties-6.1.4.1/lib/rails/railtie.rb:207:inpublic_send' 29: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/railties-6.1.4.1/lib/rails/application.rb:391:ininitialize!' 28: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/railties-6.1.4.1/lib/rails/initializable.rb:60:inrun_initializers' 27: from /usr/lib/ruby/2.7.0/tsort.rb:205:intsort_each' 26: from /usr/lib/ruby/2.7.0/tsort.rb:226:intsort_each' 25: from /usr/lib/ruby/2.7.0/tsort.rb:347:ineach_strongly_connected_component' 24: from /usr/lib/ruby/2.7.0/tsort.rb:347:incall' 23: from /usr/lib/ruby/2.7.0/tsort.rb:347:ineach' 22: from /usr/lib/ruby/2.7.0/tsort.rb:349:inblock in each_strongly_connected_component' 21: from /usr/lib/ruby/2.7.0/tsort.rb:431:ineach_strongly_connected_component_from' 20: from /usr/lib/ruby/2.7.0/tsort.rb:350:inblock (2 levels) in each_strongly_connected_component' 19: from /usr/lib/ruby/2.7.0/tsort.rb:228:inblock in tsort_each' 18: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/railties-6.1.4.1/lib/rails/initializable.rb:61:inblock in run_initializers' 17: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/railties-6.1.4.1/lib/rails/initializable.rb:32:inrun' 16: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/railties-6.1.4.1/lib/rails/initializable.rb:32:ininstance_exec' 15: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/railties-6.1.4.1/lib/rails/application/finisher.rb:133:inblock ineager_load_all' 13: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/zeitwerk-2.5.1/lib/zeitwerk/loader.rb:312:ineach' 12: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/zeitwerk-2.5.1/lib/zeitwerk/loader.rb:212:ineager_load' 11: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/zeitwerk-2.5.1/lib/zeitwerk/loader.rb:212:insynchronize' 10: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/zeitwerk-2.5.1/lib/zeitwerk/loader.rb:227:inblock in eager_load' 9: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/zeitwerk-2.5.1/lib/zeitwerk/loader/helpers.rb:18:inls' 8: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/zeitwerk-2.5.1/lib/zeitwerk/loader/helpers.rb:18:ineach_child' 7: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/zeitwerk-2.5.1/lib/zeitwerk/loader/helpers.rb:26:inblock in ls' 6: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/zeitwerk-2.5.1/lib/zeitwerk/loader.rb:232:inblock (2 levels) in eager_load' 5: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/zeitwerk-2.5.1/lib/zeitwerk/loader/helpers.rb:95:incget' 4: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/zeitwerk-2.5.1/lib/zeitwerk/loader/helpers.rb:95:inconst_get' 3: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/zeitwerk-2.5.1/lib/zeitwerk/kernel.rb:27:inrequire' 2: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/zeitwerk-2.5.1/lib/zeitwerk/kernel.rb:27:intap' 1: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/zeitwerk-2.5.1/lib/zeitwerk/kernel.rb:28:inblock in require' /usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/zeitwerk-2.5.1/lib/zeitwerk/loader/callbacks.rb:25:inon_file_autoloaded': expected file /usr/share/metasploit-framework/lib/msf/core/handler/beef_bind.rb to define constant Msf::Handler::BeefBind, but didn't (Zeitwerk::NameError)This section should also tell us any relevant information about the environment; for example, if an exploit that used to work is failing, tell us the victim operating system and service versions.
uname -a: 'Linux hostname 5.14.0-kali4-arm64 #1 SMP Debian 5.14.16-1kali1 (2021-11-05) aarch64 GNU/Linux' ruby --version
ruby 2.7.4p191 (2021-07-07 revision a21a3b7d23) [aarch64-linux-gnu]
Were you following a specific guide/tutorial or reading documentation?
If yes link the guide/tutorial or documentation you were following here, otherwise you may omit this section.
Expected behavior
What should happen?
Current behavior
What happens instead?
msfconsole --version ░▒▓ 1 ✘ at 21:02:31 ▓▒░ Traceback (most recent call last): 36: from /usr/bin/msfconsole:18:in'
14: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/zeitwerk-2.5.1/lib/zeitwerk/loader.rb:312:in
<main>' 35: from /usr/bin/msfconsole:18:inrequire' 34: from /usr/share/metasploit-framework/lib/msfenv.rb:17:in<top (required)>' 33: from /usr/share/metasploit-framework/lib/msfenv.rb:17:inrequire' 32: from /usr/share/metasploit-framework/config/environment.rb:4:in<top (required)>' 31: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/railties-6.1.4.1/lib/rails/railtie.rb:207:inmethod_missing' 30: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/railties-6.1.4.1/lib/rails/railtie.rb:207:inpublic_send' 29: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/railties-6.1.4.1/lib/rails/application.rb:391:ininitialize!' 28: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/railties-6.1.4.1/lib/rails/initializable.rb:60:inrun_initializers' 27: from /usr/lib/ruby/2.7.0/tsort.rb:205:intsort_each' 26: from /usr/lib/ruby/2.7.0/tsort.rb:226:intsort_each' 25: from /usr/lib/ruby/2.7.0/tsort.rb:347:ineach_strongly_connected_component' 24: from /usr/lib/ruby/2.7.0/tsort.rb:347:incall' 23: from /usr/lib/ruby/2.7.0/tsort.rb:347:ineach' 22: from /usr/lib/ruby/2.7.0/tsort.rb:349:inblock in each_strongly_connected_component' 21: from /usr/lib/ruby/2.7.0/tsort.rb:431:ineach_strongly_connected_component_from' 20: from /usr/lib/ruby/2.7.0/tsort.rb:350:inblock (2 levels) in each_strongly_connected_component' 19: from /usr/lib/ruby/2.7.0/tsort.rb:228:inblock in tsort_each' 18: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/railties-6.1.4.1/lib/rails/initializable.rb:61:inblock in run_initializers' 17: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/railties-6.1.4.1/lib/rails/initializable.rb:32:inrun' 16: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/railties-6.1.4.1/lib/rails/initializable.rb:32:ininstance_exec' 15: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/railties-6.1.4.1/lib/rails/application/finisher.rb:133:inblock ineager_load_all' 13: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/zeitwerk-2.5.1/lib/zeitwerk/loader.rb:312:ineach' 12: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/zeitwerk-2.5.1/lib/zeitwerk/loader.rb:212:ineager_load' 11: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/zeitwerk-2.5.1/lib/zeitwerk/loader.rb:212:insynchronize' 10: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/zeitwerk-2.5.1/lib/zeitwerk/loader.rb:227:inblock in eager_load' 9: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/zeitwerk-2.5.1/lib/zeitwerk/loader/helpers.rb:18:inls' 8: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/zeitwerk-2.5.1/lib/zeitwerk/loader/helpers.rb:18:ineach_child' 7: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/zeitwerk-2.5.1/lib/zeitwerk/loader/helpers.rb:26:inblock in ls' 6: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/zeitwerk-2.5.1/lib/zeitwerk/loader.rb:232:inblock (2 levels) in eager_load' 5: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/zeitwerk-2.5.1/lib/zeitwerk/loader/helpers.rb:95:incget' 4: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/zeitwerk-2.5.1/lib/zeitwerk/loader/helpers.rb:95:inconst_get' 3: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/zeitwerk-2.5.1/lib/zeitwerk/kernel.rb:27:inrequire' 2: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/zeitwerk-2.5.1/lib/zeitwerk/kernel.rb:27:intap' 1: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/zeitwerk-2.5.1/lib/zeitwerk/kernel.rb:28:inblock in require' /usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/zeitwerk-2.5.1/lib/zeitwerk/loader/callbacks.rb:25:in `on_file_autoloaded': expected file /usr/share/metasploit-framework/lib/msf/core/handler/beef_bind.rb to define constant Msf::Handler::BeefBind, but didn't (Zeitwerk::NameError)Metasploit version
Get this with the
versioncommand in msfconsole (orgit log -1 --pretty=onelinefor a source install).Additional Information
If your version is less than
5.0.96, please update to the latest version and ensure your issue is still present.If the issue is encountered within
msfconsole, please run thedebugcommand using the instructions below. If the issue is encountered outisdemsfconsole, or the issue causesmsfconsoleto crash on startup, please delete this section.metasploit v6.1.14-dev
msfconsoleset loglevel 3debugcommand===8<=== CUT AND PASTE EVERYTHING BELOW THIS LINE ===8<===line and make sure to REMOVE ANY SENSITIVE INFORMATION.``
Module/Datastore
The following global/module datastore, and database setup was configured before the issue occurred:
Collapse
``` [framework/core] ConsoleLogging=True LogLevel=3 Prompt=kill MeterpreterPrompt=we_re_in TimestampOutput=true SessionLogging=true PromptChar=#-> ```History
The following commands were ran during the session and before this issue occurred:
Collapse
``` 16 set loglevel 3 17 debug ```Framework Errors
The following framework errors occurred before the issue occurred:
Collapse
``` [12/07/2021 21:10:49] [e(0)] core: Unexpected output running /usr/share/metasploit-framework/modules/auxiliary/scanner/msmail/onprem_enum.go: /usr/share/metasploit-framework/modules/auxiliary/scanner/msmail/onprem_enum.go:7:2: package metasploit/module is not in GOROOT (/usr/lib/go-1.17/src/metasploit/module) /usr/share/metasploit-framework/modules/auxiliary/scanner/msmail/onprem_enum.go:8:2: package msmail is not in GOROOT (/usr/lib/go-1.17/src/msmail) [12/07/2021 21:10:49] [e(0)] core: /usr/share/metasploit-framework/modules/auxiliary/scanner/msmail/onprem_enum.go failed to load - LoadError Try running file manually to check for errors or dependency issues. [12/07/2021 21:10:49] [e(0)] core: Unexpected output running /usr/share/metasploit-framework/modules/auxiliary/scanner/msmail/host_id.go: /usr/share/metasploit-framework/modules/auxiliary/scanner/msmail/host_id.go:6:2: package metasploit/module is not in GOROOT (/usr/lib/go-1.17/src/metasploit/module) /usr/share/metasploit-framework/modules/auxiliary/scanner/msmail/host_id.go:7:2: package msmail is not in GOROOT (/usr/lib/go-1.17/src/msmail) [12/07/2021 21:10:49] [e(0)] core: /usr/share/metasploit-framework/modules/auxiliary/scanner/msmail/host_id.go failed to load - LoadError Try running file manually to check for errors or dependency issues. [12/07/2021 21:11:18] [e(0)] core: Unexpected output running /usr/share/metasploit-framework/modules/auxiliary/scanner/msmail/exchange_enum.go: /usr/share/metasploit-framework/modules/auxiliary/scanner/msmail/exchange_enum.go:8:2: package metasploit/module is not in GOROOT (/usr/lib/go-1.17/src/metasploit/module) /usr/share/metasploit-framework/modules/auxiliary/scanner/msmail/exchange_enum.go:9:2: package msmail is not in GOROOT (/usr/lib/go-1.17/src/msmail) [12/07/2021 21:11:18] [e(0)] core: /usr/share/metasploit-framework/modules/auxiliary/scanner/msmail/exchange_enum.go failed to load - LoadError Try running file manually to check for errors or dependency issues. [12/07/2021 21:11:18] [e(0)] core: Unexpected output running /usr/share/metasploit-framework/modules/auxiliary/scanner/msmail/host_id.go: /usr/share/metasploit-framework/modules/auxiliary/scanner/msmail/host_id.go:6:2: package metasploit/module is not in GOROOT (/usr/lib/go-1.17/src/metasploit/module) /usr/share/metasploit-framework/modules/auxiliary/scanner/msmail/host_id.go:7:2: package msmail is not in GOROOT (/usr/lib/go-1.17/src/msmail) [12/07/2021 21:11:18] [e(0)] core: /usr/share/metasploit-framework/modules/auxiliary/scanner/msmail/host_id.go failed to load - LoadError Try running file manually to check for errors or dependency issues. [12/07/2021 21:11:18] [e(0)] core: Unexpected output running /usr/share/metasploit-framework/modules/auxiliary/scanner/msmail/onprem_enum.go: /usr/share/metasploit-framework/modules/auxiliary/scanner/msmail/onprem_enum.go:7:2: package metasploit/module is not in GOROOT (/usr/lib/go-1.17/src/metasploit/module) /usr/share/metasploit-framework/modules/auxiliary/scanner/msmail/onprem_enum.go:8:2: package msmail is not in GOROOT (/usr/lib/go-1.17/src/msmail) [12/07/2021 21:11:18] [e(0)] core: /usr/share/metasploit-framework/modules/auxiliary/scanner/msmail/onprem_enum.go failed to load - LoadError Try running file manually to check for errors or dependency issues. ```Web Service Errors
The following web service errors occurred before the issue occurred:
Collapse
``` msf-ws.log does not exist. ```Framework Logs
The following framework logs were recorded before the issue occurred:
Collapse
``` /usr/share/metasploit-framework/lib/msf/core/payload_generator.rb:163:in `initialize' /usr/bin/msfvenom:476:in `new' /usr/bin/msfvenom:476:in `Web Service Logs
The following web service logs were recorded before the issue occurred:
Collapse
``` msf-ws.log does not exist. ```Version/Install
The versions and install method of your Metasploit setup:
Collapse
``` Framework: 6.1.14-dev Ruby: ruby 2.7.4p191 (2021-07-07 revision a21a3b7d23) [aarch64-linux-gnu] Install Root: /usr/share/metasploit-framework Session Type: Connected to msf. Connection type: postgresql. Install Method: Other - Please specify `````
To get the version I had to delete the offending .rb file the trace complains about:
░▒▓ ~ ▓▒░ sudo rm -rfv /usr/share/metasploit-framework/lib/msf/core/handler/beef_bind.rb ░▒▓ 1 ✘ at 21:07:51 ▓▒░ [sudo] password for winnie: removed '/usr/share/metasploit-framework/lib/msf/core/handler/beef_bind.rb' ░▒▓ ~ ▓▒░ msfvenom -a x86 --platform windows -p windows/beef_shell/beef_bind -f psh-reflection -o outfile.ps1 ░▒▓ ✔ at 21:09:57 ▓▒░ Error: invalid payload: windows/beef_shell/beef_bind
░▒▓ ~ ▓▒░ msfconsole ░▒▓ 2 ✘ at 21:10:02 ▓▒░ [!] The following modules could not be loaded! [!] /usr/share/metasploit-framework/modules/payloads/stagers/linux/x86/beef_bind.rb [!] /usr/share/metasploit-framework/modules/payloads/stagers/linux/x64/beef_bind.rb [!] /usr/share/metasploit-framework/modules/payloads/stagers/windows/beef_bind.rb [!] /usr/share/metasploit-framework/modules/auxiliary/scanner/msmail/exchange_enum.go [!] /usr/share/metasploit-framework/modules/auxiliary/scanner/msmail/onprem_enum.go [!] /usr/share/metasploit-framework/modules/auxiliary/scanner/msmail/host_id.go [!] Please see /home/winnie/.msf4/logs/framework.log for details.