search

rapid7 / metasploit-framework

Metasploit Framework
https://www.metasploit.com/
Other
34.04k stars 13.94k forks source link

No results from search can't import module #17267

Closed financialeducation closed 1 year ago

financialeducation commented 1 year ago

Msfconsole doesn't recognise the imported auxiliary/scanner/ Here is what I did

https://i.imgur.com/pnXMuz0.png

git clone https://github.com/TaroballzChen/CVE-2022-41040-metasploit-ProxyNotShell.git cd https://github.com/advisories/GHSA-6ph7-8wxv-6gf2-metasploit-ProxyNotShell mkdir -p ~/.msf4/modules/auxiliary/scanner/http cp microsoft_exchange_server_proxynotshell_ssrf.py ~/.msf4/modules/auxiliary/scanner/http/ chmod +x ~/.msf4/modules/auxiliary/scanner/http/microsoft_exchange_server_proxynotshell_ssrf.py msfconsole search microsoft_exchange_server_proxynotshell_ssrf [-] No results from search msf6 > search microsoft exchange

Matching Modules
================

   #   Name                                                          Disclosure Date  Rank       Check  Description
   -   ----                                                          ---------------  ----       -----  -----------
   0   exploit/windows/http/exchange_ecp_viewstate                   2020-02-11       excellent  Yes    Exchange Control Panel ViewState Deserialization
   1   auxiliary/scanner/http/exchange_web_server_pushsubscription   2019-01-21       normal     No     Microsoft Exchange Privilege Escalation Exploit
   2   auxiliary/gather/exchange_proxylogon_collector                2021-03-02       normal     No     Microsoft Exchange ProxyLogon Collector
   3   exploit/windows/http/exchange_proxylogon_rce                  2021-03-02       excellent  Yes    Microsoft Exchange ProxyLogon RCE
   4   auxiliary/scanner/http/exchange_proxylogon                    2021-03-02       normal     No     Microsoft Exchange ProxyLogon Scanner
   5   exploit/windows/http/exchange_proxyshell_rce                  2021-04-06       excellent  Yes    Microsoft Exchange ProxyShell RCE
   6   exploit/windows/http/exchange_chainedserializationbinder_rce  2021-12-09       excellent  Yes    Microsoft Exchange Server ChainedSerializationBinder RCE
   7   exploit/windows/http/exchange_ecp_dlp_policy                  2021-01-12       excellent  Yes    Microsoft Exchange Server DlpUtils AddTenantDlpPolicy RCE
   8   exploit/linux/local/cve_2021_38648_omigod                     2021-09-14       excellent  Yes    Microsoft OMI Management Interface Authentication Bypass
   9   auxiliary/gather/office365userenum                            2018-09-05       normal     No     Office 365 User Enumeration
   10  auxiliary/scanner/http/owa_iis_internal_ip                    2012-12-17       normal     No     Outlook Web App (OWA) / Client Access Server (CAS) IIS HTTP Internal IP Disclosure
   11  post/windows/gather/exchange                                                   normal     No     Windows Gather Exchange Server Mailboxes

Interact with a module by name or index. For example info 11, use 11 or use post/windows/gather/exchange

tail ./../logs/framework.log

[11/14/2022 17:38:46] [e(0)] core: Unexpected output running /root/.msf4/modules/auxiliary/scanner/http/microsoft_exchange_server_proxynotshell_ssrf.py:
/usr/local/lib/python3.10/dist-packages/requests-2.20.0-py3.10.egg/requests/init.py:89: RequestsDependencyWarning: urllib3 (1.26.5) or chardet (4.0.0) doesn't match a supported version!
warnings.warn("urllib3 ({}) or chardet ({}) doesn't match a supported "
Brief explanation of the module.

after removing pip uninstall urllib3 this is the error I am getting

/.msf4/modules# tail ./../logs/framework.log
from distutils.version import StrictVersion

[11/16/2022 11:57:07] [d(0)] core: HistoryManager.push_context name: :msfconsole
[11/16/2022 11:58:25] [d(0)] core: HistoryManager.pop_context name: :msfconsole
[11/16/2022 11:58:30] [e(0)] core: Failed to connect to the database: No database YAML file
[11/16/2022 11:58:43] [e(0)] core: Unexpected output running /opt/metasploit-framework/embedded/framework/modules/exploits/linux/smtp/haraka.py:
/opt/metasploit-framework/embedded/framework/modules/exploits/linux/smtp/haraka.py:14: DeprecationWarning: The distutils package is deprecated and slated for removal in Python 3.12. Use setuptools or check PEP 632 for potential alternatives
from distutils.version import StrictVersion
smcintyre-r7 commented 1 year ago

There's probably something wrong with the Python module and hosting environment. #17267 adds a native Metasploit module for the same vulnerability though that includes an exploit instead of just checking for the SSRF.