Creating payloads with the -o flag in msfconsole returns "no such file error" when atilda (~) is used

I tried using msfconsole to create a payload and output said payload to my home directory via the ~ character and received a "no such file or directory" error. Disclaimer, I am running on Apple Silicon and have not tested this behavior yet on Linux/Windows but plan to do so. Also I have not validated whether this issue is specific to creating all payloads in general or just with the specific one I was using but I will look into it soon.

Steps to reproduce

metasploit-framework/msfconsole 
use payload/osx/armle/shell/reverse_tcp 
set LHOST 10.255.104.146
LHOST => 10.255.104.146

generate -o ~/payload_test
[*] Writing 1244 bytes to ~/payload_test...
[-] Error while running command generate: No such file or directory @ rb_sysopen - ~/payload_test

Call stack:
/Users/corery/metasploit-framework/lib/msf/ui/console/command_dispatcher/payload.rb:197:in `initialize'
/Users/corery/metasploit-framework/lib/msf/ui/console/command_dispatcher/payload.rb:197:in `open'
/Users/corery/metasploit-framework/lib/msf/ui/console/command_dispatcher/payload.rb:197:in `cmd_generate'
/Users/corery/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:581:in `run_command'
/Users/corery/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:530:in `block in run_single'
/Users/corery/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:524:in `each'
/Users/corery/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:524:in `run_single'
/Users/corery/metasploit-framework/lib/rex/ui/text/shell.rb:168:in `block in run'
/Users/corery/metasploit-framework/lib/rex/ui/text/shell/history_manager.rb:33:in `with_context'
/Users/corery/metasploit-framework/lib/rex/ui/text/shell.rb:133:in `run'
/Users/corery/metasploit-framework/lib/metasploit/framework/command/console.rb:54:in `start'
/Users/corery/metasploit-framework/lib/metasploit/framework/command/

Next I tried creating the file in another terminal and then creating the payload, error still persist:

# in another shell: ~/touch payload_test

In msfconsole run generate again with already existing blank file:

generate -o ~/payload_test
[*] Writing 1244 bytes to ~/payload_test...
[-] Error while running command generate: No such file or directory @ rb_sysopen - ~/payload_test

Call stack:
/Users/corery/metasploit-framework/lib/msf/ui/console/command_dispatcher/payload.rb:197:in `initialize'
/Users/corery/metasploit-framework/lib/msf/ui/console/command_dispatcher/payload.rb:197:in `open'
/Users/corery/metasploit-framework/lib/msf/ui/console/command_dispatcher/payload.rb:197:in `cmd_generate'
/Users/corery/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:581:in `run_command'
/Users/corery/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:530:in `block in run_single'
/Users/corery/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:524:in `each'
/Users/corery/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:524:in `run_single'
/Users/corery/metasploit-framework/lib/rex/ui/text/shell.rb:168:in `block in run'
/Users/corery/metasploit-framework/lib/rex/ui/text/shell/history_manager.rb:33:in `with_context'
/Users/corery/metasploit-framework/lib/rex/ui/text/shell.rb:133:in `run'
/Users/corery/metasploit-framework/lib/metasploit/framework/command/console.rb:54:in `start'
/Users/corery/metasploit-framework/lib/metasploit/framework/command/base.rb:82:in `start'
metasploit-framework/msfconsole:23:in `<main>'

Removing the "~" and the payload generates to the home dir as expected:

msf6 payload(osx/armle/shell/reverse_tcp) > generate -o payload
[*] Writing 1244 bytes to payload...

Framework Version: 6.3.35-dev-18fb71496a Apple system running on M1, all other metasploit activities I've tried work fine

Expected behavior

Files should be able to be written using the "~" symbol to specify the Home PATH.

Behavior with debugging enabled:

Module/Datastore

The following global/module datastore, and database setup was configured before the issue occurred:

Collapse

``` [framework/core] loglevel=3 [framework/ui/console] ActiveModule=payload/osx/armle/shell/reverse_tcp [osx/armle/shell/reverse_tcp] LHOST=10.255.104.146 WORKSPACE= VERBOSE=false LPORT=4444 ReverseListenerBindPort= ReverseAllowProxy=false ReverseListenerComm= ReverseListenerBindAddress= ReverseListenerThreaded=false StagerRetryCount=10 StagerRetryWait=5 PingbackRetries=0 PingbackSleep=30 PayloadUUIDSeed= PayloadUUIDRaw= PayloadUUIDName= PayloadUUIDTracking=false EnableStageEncoding=false StageEncoder= StageEncoderSaveRegisters= StageEncodingFallback=true CreateSession=true InitialAutoRunScript= AutoRunScript= CommandShellCleanupCommand= AutoVerifySession=true ```

Database Configuration

The database contains the following information:

Collapse

``` Session Type: postgresql selected, no connection ```

History

The following commands were ran during the session and before this issue occurred:

Collapse

``` 94 set loglevel 3 95 use payload/osx/armle/shell/reverse_tcp 96 set LHOST 10.255.104.146 97 LHOST => 10.255.104.146use payload/osx/armle/shell/reverse_tcp 98 set LHOST 10.255.104.146 99 debug 100 generate -o ~/payload 101 debug ```

Framework Errors

The following framework errors occurred before the issue occurred:

Collapse

``` [12/05/2023 09:45:17] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported [12/05/2023 09:45:18] [e(0)] core: Thread Exception: ModuleCacheRebuild critical=true source: /Users/corery/metasploit-framework/lib/msf/ui/console/driver.rb:164:in `initialize' /Users/corery/metasploit-framework/lib/metasploit/framework/command/console.rb:66:in `new' /Users/corery/metasploit-framework/lib/metasploit/framework/command/console.rb:66:in `driver' /Users/corery/metasploit-framework/lib/metasploit/framework/command/console.rb:54:in `start' /Users/corery/metasploit-framework/lib/metasploit/framework/command/base.rb:82:in `start' metasploit-framework/msfconsole:23:in `

' - ArgumentError wrong number of arguments (given 3, expected 1..2) [12/05/2023 09:48:22] [e(0)] core: Exploit failed (multi/handler): Interrupt - Interrupt [12/05/2023 09:49:37] [e(0)] core: Exploit failed (multi/handler): Interrupt - Interrupt [12/06/2023 16:56:16] [e(0)] core: Failed to connect to the database: No database YAML file [12/06/2023 16:56:17] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported [12/06/2023 16:56:17] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported [12/06/2023 16:56:20] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported [12/06/2023 16:56:20] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported [12/06/2023 16:56:21] [e(0)] core: Thread Exception: ModuleCacheRebuild critical=true source: /Users/corery/metasploit-framework/lib/msf/ui/console/driver.rb:164:in `initialize' /Users/corery/metasploit-framework/lib/metasploit/framework/command/console.rb:66:in `new' /Users/corery/metasploit-framework/lib/metasploit/framework/command/console.rb:66:in `driver' /Users/corery/metasploit-framework/lib/metasploit/framework/command/console.rb:54:in `start' /Users/corery/metasploit-framework/lib/metasploit/framework/command/base.rb:82:in `start' metasploit-framework/msfconsole:23:in `

' - ArgumentError wrong number of arguments (given 3, expected 1..2) ```

Web Service Errors

The following web service errors occurred before the issue occurred:

Collapse

``` msf-ws.log does not exist. ```

Framework Logs

The following framework logs were recorded before the issue occurred:

Collapse

``` [10/16/2023 17:50:57] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported [10/16/2023 17:51:00] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported [10/16/2023 17:51:00] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported [10/16/2023 17:54:31] [e(0)] core: Exploit failed (multi/handler): Interrupt - Interrupt [10/16/2023 18:02:24] [e(0)] core: Exploit failed (multi/handler): SignalException SIGHUP - SignalException SIGHUP [12/05/2023 08:57:03] [e(0)] core: Failed to connect to the database: No database YAML file [12/05/2023 08:57:05] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported [12/05/2023 08:57:05] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported [12/05/2023 08:57:07] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported [12/05/2023 08:57:08] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported [12/05/2023 08:57:09] [e(0)] core: Thread Exception: ModuleCacheRebuild critical=true source: /Users/corery/metasploit-framework/lib/msf/ui/console/driver.rb:164:in `initialize' /Users/corery/metasploit-framework/lib/metasploit/framework/command/console.rb:66:in `new' /Users/corery/metasploit-framework/lib/metasploit/framework/command/console.rb:66:in `driver' /Users/corery/metasploit-framework/lib/metasploit/framework/command/console.rb:54:in `start' /Users/corery/metasploit-framework/lib/metasploit/framework/command/base.rb:82:in `start' metasploit-framework/msfconsole:23:in `

' - ArgumentError wrong number of arguments (given 3, expected 1..2) [12/05/2023 09:14:26] [e(0)] core: Module auxiliary/ not found, and no loading errors found. If you're using a custom module refer to our wiki: https://docs.metasploit.com/docs/using-metasploit/intermediate/running-private-modules.html [12/05/2023 09:15:09] [e(0)] core: Module auxiliary/listener not found, and no loading errors found. If you're using a custom module refer to our wiki: https://docs.metasploit.com/docs/using-metasploit/intermediate/running-private-modules.html [12/05/2023 09:18:27] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported [12/05/2023 09:19:56] [e(0)] core: Exploit failed (multi/handler): Interrupt - Interrupt [12/05/2023 09:20:08] [e(0)] core: Module payload/osx/armle/ not found, and no loading errors found. If you're using a custom module refer to our wiki: https://docs.metasploit.com/docs/using-metasploit/intermediate/running-private-modules.html [12/05/2023 09:23:56] [w(0)] core: Payload generation failed: Unsupported buffer format: elf [12/05/2023 09:36:45] [e(0)] core: Exploit failed (multi/handler): Interrupt - Interrupt [12/05/2023 09:45:13] [e(0)] core: Failed to connect to the database: No database YAML file [12/05/2023 09:45:14] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported [12/05/2023 09:45:14] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported [12/05/2023 09:45:17] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported [12/05/2023 09:45:17] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported [12/05/2023 09:45:18] [e(0)] core: Thread Exception: ModuleCacheRebuild critical=true source: /Users/corery/metasploit-framework/lib/msf/ui/console/driver.rb:164:in `initialize' /Users/corery/metasploit-framework/lib/metasploit/framework/command/console.rb:66:in `new' /Users/corery/metasploit-framework/lib/metasploit/framework/command/console.rb:66:in `driver' /Users/corery/metasploit-framework/lib/metasploit/framework/command/console.rb:54:in `start' /Users/corery/metasploit-framework/lib/metasploit/framework/command/base.rb:82:in `start' metasploit-framework/msfconsole:23:in `

' - ArgumentError wrong number of arguments (given 3, expected 1..2) ```

Web Service Logs

The following web service logs were recorded before the issue occurred:

Collapse

``` msf-ws.log does not exist. ```

Version/Install

The versions and install method of your Metasploit setup:

Collapse

``` Framework: 6.3.35-dev-18fb71496a Ruby: ruby 3.0.5p211 (2022-11-24 revision ba5cf0f7c5) [arm64-darwin21] OpenSSL: OpenSSL 1.1.1t 7 Feb 2023 Install Root: /Users/corery/metasploit-framework Session Type: postgresql selected, no connection Install Method: Git Clone ```

rapid7 / metasploit-framework