daniruiz
commented
9 months ago Reverting this change in lib/msf/core/encoded_payload.rb fixed it
https://github.com/rapid7/metasploit-framework/commit/2cf045d3c423a50e5a9431028d544684fcf6b032#diff-04259b28321bf8503bd140edb1f74b5c1b8be1f43ce0253880e06671b41a6b53R345
Steps to reproduce
Make sure to use latest update of metasploit, from kali:
open metasploit and try to run this module with the default configs
Note: Same exploit was running fine with same configuration before doing update on both an old and latest iso of kali
Expected behavior
The exploit should work fine as it was before running the update
Current behavior
Syntax error with some ruby module
Metasploit version
Framework: 6.3.55-dev
Console : 6.3.55-dev
Additional Information
Module/Datastore
The following global/module datastore, and database setup was configured before the issue occurred:
Collapse
``` [framework/ui/console] ActiveModule=exploit/multi/browser/chrome_cve_2021_21220_v8_insufficient_validation [multi/browser/chrome_cve_2021_21220_v8_insufficient_validation] WORKSPACE= VERBOSE=false EnableContextEncoding=false ContextInformationFile= DisablePayloadHandler=false SRVHOST=0.0.0.0 SRVPORT=8080 ListenerBindAddress= ListenerBindPort= ListenerComm= SSL=false SSLCert= SSLCompression=false SSLCipher= SSLVersion=Auto TCP::max_send_size=0 TCP::send_delay=0 URIPATH= HTTP::no_cache=false HTTP::chunked=false HTTP::header_folding=false HTTP::junk_headers=false HTTP::compression=none HTTP::server_name=Apache URIHOST= URIPORT= SendRobots=false LHOST=192.5.5.4 LPORT=4444 ReverseListenerBindPort= ReverseAllowProxy=false ReverseListenerComm= ReverseListenerBindAddress= ReverseListenerThreaded=false StagerRetryCount=10 StagerRetryWait=5 AutoLoadStdapi=true AutoVerifySessionTimeout=30 InitialAutoRunScript= AutoRunScript= AutoSystemInfo=true EnableUnicodeEncoding=false HandlerSSLCert= SessionRetryTotal=3600 SessionRetryWait=10 SessionExpirationTimeout=604800 SessionCommunicationTimeout=300 PayloadProcessCommandLine= AutoUnhookProcess=false MeterpreterDebugBuild=false MeterpreterDebugLogging= PingbackRetries=0 PingbackSleep=30 PayloadUUIDSeed= PayloadUUIDRaw= PayloadUUIDName= PayloadUUIDTracking=false EnableStageEncoding=false StageEncoder= StageEncoderSaveRegisters= StageEncodingFallback=true PrependFork=false PrependSetresuid=false PrependSetreuid=false PrependSetuid=false PrependSetresgid=false PrependSetregid=false PrependSetgid=false PrependChrootBreak=false AppendExit=false MeterpreterTryToFork=false ```Database Configuration
The database contains the following information:
Collapse
``` Session Type: postgresql selected, no connection ```History
The following commands were ran during the session and before this issue occurred:
Collapse
``` 0 use multi/browser/chrome_cve_2021_21220_v8_insufficient_validation 1 options 2 run 3 sudo run 4 run 5 id 6 debug ```Framework Errors
The following framework errors occurred before the issue occurred:
Collapse
``` [02/12/2024 10:16:14] [e(0)] core: Failed to connect to the database: No database YAML file [02/12/2024 10:16:32] [e(0)] core: Exploit failed (multi/browser/chrome_cve_2021_21220_v8_insufficient_validation) - NoMethodError undefined method `each_module' for [["x64/simple", Msf::Modules::Nop__X64__Simple::MetasploitModule]]:Array Did you mean? each_slice [02/12/2024 10:16:36] [e(0)] core: Exploit failed (multi/browser/chrome_cve_2021_21220_v8_insufficient_validation) - NoMethodError undefined method `each_module' for [["x64/simple", Msf::Modules::Nop__X64__Simple::MetasploitModule]]:Array Did you mean? each_slice [02/12/2024 10:16:41] [e(0)] core: Exploit failed (multi/browser/chrome_cve_2021_21220_v8_insufficient_validation) - NoMethodError undefined method `each_module' for [["x64/simple", Msf::Modules::Nop__X64__Simple::MetasploitModule]]:Array Did you mean? each_slice ```Web Service Errors
The following web service errors occurred before the issue occurred:
Collapse
``` msf-ws.log does not exist. ```Framework Logs
The following framework logs were recorded before the issue occurred:
Collapse
``` [02/12/2024 10:16:14] [e(0)] core: Failed to connect to the database: No database YAML file [02/12/2024 10:16:32] [e(0)] core: Exploit failed (multi/browser/chrome_cve_2021_21220_v8_insufficient_validation) - NoMethodError undefined method `each_module' for [["x64/simple", Msf::Modules::Nop__X64__Simple::MetasploitModule]]:Array Did you mean? each_slice [02/12/2024 10:16:36] [e(0)] core: Exploit failed (multi/browser/chrome_cve_2021_21220_v8_insufficient_validation) - NoMethodError undefined method `each_module' for [["x64/simple", Msf::Modules::Nop__X64__Simple::MetasploitModule]]:Array Did you mean? each_slice [02/12/2024 10:16:41] [e(0)] core: Exploit failed (multi/browser/chrome_cve_2021_21220_v8_insufficient_validation) - NoMethodError undefined method `each_module' for [["x64/simple", Msf::Modules::Nop__X64__Simple::MetasploitModule]]:Array Did you mean? each_slice ```Web Service Logs
The following web service logs were recorded before the issue occurred:
Collapse
``` msf-ws.log does not exist. ```Version/Install
The versions and install method of your Metasploit setup:
Collapse
``` Framework: 6.3.55-dev Ruby: ruby 3.1.2p20 (2022-04-12 revision 4491bb740a) [x86_64-linux-gnu] OpenSSL: OpenSSL 3.1.4 24 Oct 2023 Install Root: /usr/share/metasploit-framework Session Type: postgresql selected, no connection Install Method: Other - Please specify ```