search

rapid7 / metasploit-framework

Metasploit Framework
https://www.metasploit.com/
Other
34.23k stars 14k forks source link

Msfvenom no longer works #19384

Open Dramelac opened 3 months ago

Dramelac commented 3 months ago

Steps to reproduce

Ruby version of my shell:

$ ruby -v
ruby 3.1.5p252 (2024-04-23 revision 1945f8dc0e) [x86_64-linux]

So far everything work and i can successfully run msfconsole:

$ ./msfconsole --version
Calling `DidYouMean::SPELL_CHECKERS.merge!(error_name => spell_checker)' has been deprecated. Please call `DidYouMean.correct_error(error_name, spell_checker)' instead.
Framework Version: 6.4.22-dev-233f6dc4d2

But when trying to run msvenom, i receive this error:

$ ./msfvenom --list platforms
Error: No options
MsfVenom - a Metasploit standalone payload generator.
Also a replacement for msfpayload and msfencode.
Usage: ./msfvenom [options] <var=val>
Example: ./msfvenom -p windows/meterpreter/reverse_tcp LHOST=<IP> -f exe -o payload.exe

Options:
    -l, --list            <type>     List all modules for [type]. Types are: payloads, encoders, nops, platforms, archs, encrypt, formats, all
    -p, --payload         <payload>  Payload to use (--list payloads to list, --list-options for arguments). Specify '-' or STDIN for custom
        --list-options               List --payload <value>'s standard, advanced and evasion options
    -f, --format          <format>   Output format (use --list formats to list)
    -e, --encoder         <encoder>  The encoder to use (use --list encoders to list)
        --service-name    <value>    The service name to use when generating a service binary
        --sec-name        <value>    The new section name to use when generating large Windows binaries. Default: random 4-character alpha string
        --smallest                   Generate the smallest possible payload using all available encoders
        --encrypt         <value>    The type of encryption or encoding to apply to the shellcode (use --list encrypt to list)
        --encrypt-key     <value>    A key to be used for --encrypt
        --encrypt-iv      <value>    An initialization vector for --encrypt
    -a, --arch            <arch>     The architecture to use for --payload and --encoders (use --list archs to list)
        --platform        <platform> The platform for --payload (use --list platforms to list)
    -o, --out             <path>     Save the payload to a file
    -b, --bad-chars       <list>     Characters to avoid example: '\x00\xff'
    -n, --nopsled         <length>   Prepend a nopsled of [length] size on to the payload
        --pad-nops                   Use nopsled size specified by -n <length> as the total payload size, auto-prepending a nopsled of quantity (nops minus payload length)
    -s, --space           <length>   The maximum size of the resulting payload
        --encoder-space   <length>   The maximum size of the encoded payload (defaults to the -s value)
    -i, --iterations      <count>    The number of times to encode the payload
    -c, --add-code        <path>     Specify an additional win32 shellcode file to include
    -x, --template        <path>     Specify a custom executable file to use as a template
    -k, --keep                       Preserve the --template behaviour and inject the payload as a new thread
    -v, --var-name        <value>    Specify a custom variable name to use for certain output formats
    -t, --timeout         <second>   The number of seconds to wait when reading the payload from STDIN (default 30, 0 to disable)
    -h, --help                       Show this message

Were you following a specific guide/tutorial or reading documentation?

I followed this doc: https://docs.metasploit.com/docs/development/get-started/setting-up-a-metasploit-development-environment.html#install-ruby Just used rvm to manage the current ruby environment.

Expected behavior

msfvenom should parse the arguments and run (listing platforms with my example)

Current behavior

An error message, unable to parse options and printing the help message.

Metasploit version

233f6dc4d284e80102db84d972511ab9641234d6 (HEAD -> master, origin/master, origin/HEAD) Bump version of framework to 6.4.22

Additional Information

I tried using previous 'known' working version of metasploit by checkout to older tags but i got the same outcome. The error might come from a new version of a dependencies breaking the tools.

Thanks for the help !

smcintyre-r7 commented 2 months ago

I can't reproduce this. I'm using the exact same version of Ruby and framework.

  : metasploit-framework:(HEAD17:08:59 fedora-vm ~-msf ruby -v
ruby 3.1.5p252 (2024-04-23 revision 1945f8dc0e) [x86_64-linux]
  : metasploit-framework:(HEAD17:09:30 fedora-vm ~-msf ./msfconsole --version
Calling `DidYouMean::SPELL_CHECKERS.merge!(error_name => spell_checker)' has been deprecated. Please call `DidYouMean.correct_error(error_name, spell_checker)' instead.
Framework Version: 6.4.22-dev-233f6dc4d2
  : metasploit-framework:(HEAD17:09:37 fedora-vm ~-msf ./msfvenom --list platforms
Calling `DidYouMean::SPELL_CHECKERS.merge!(error_name => spell_checker)' has been deprecated. Please call `DidYouMean.correct_error(error_name, spell_checker)' instead.

Framework Platforms [--platform <value>]
========================================

    Name
    ----
    aix
    android
    apple_ios
    arista
    brocade
    bsd
    bsdi
    cisco
    firefox
    freebsd
    hardware
    hpux
    irix
    java
    javascript
    juniper
    linux
    mainframe
    mikrotik
    multi
    netbsd
    netware
    nodejs
    openbsd
    osx
    php
    python
    r
    ruby
    solaris
    unifi
    unix
    unknown
    windows

  : metasploit-framework:(HEAD17:09:40 fedora-vm ~-msf 

Is the msfvenom file you're executing the script that we ship or is it some kind of custom wrapper?

Dramelac commented 2 months ago

I use the repository script directly.

I tried with a new debian 12 container and no problem either, it must be coming from my environment but I don't see what / why...

What's weird is that msfconsole works so the current env and dependencies should be fine but not with msfvenom.

Does msfvenom handle dependencies differently from msfconsole now?

jvoisin commented 2 months ago

I can reproduce the issue here, with rbenv using ruby 5.1.3, latest metasploit version from git:

$ ruby -v
ruby 3.1.5p252 (2024-04-23 revision 1945f8dc0e) [aarch64-linux]
$ ./msfconsole --version
Framework Version: 6.4.28-dev-2305fc4e9c
$ ./msfvenom -l pouet
Invalid type (pouet). These are valid: payloads, encoders, nops, platforms, archs, encrypt, formats, all
$ ./msfvenom --list platforms
Error: No options
MsfVenom - a Metasploit standalone payload generator.
Also a replacement for msfpayload and msfencode.
Usage: ./msfvenom [options] <var=val>
Example: ./msfvenom -p windows/meterpreter/reverse_tcp LHOST=<IP> -f exe -o payload.exe

Options:
    -l, --list            <type>     List all modules for [type]. Types are: payloads, encoders, nops, platforms, archs, encrypt, formats, all
    -p, --payload         <payload>  Payload to use (--list payloads to list, --list-options for arguments). Specify '-' or STDIN for custom
        --list-options               List --payload <value>'s standard, advanced and evasion options
    -f, --format          <format>   Output format (use --list formats to list)
    -e, --encoder         <encoder>  The encoder to use (use --list encoders to list)
        --service-name    <value>    The service name to use when generating a service binary
        --sec-name        <value>    The new section name to use when generating large Windows binaries. Default: random 4-character alpha string
        --smallest                   Generate the smallest possible payload using all available encoders
        --encrypt         <value>    The type of encryption or encoding to apply to the shellcode (use --list encrypt to list)
        --encrypt-key     <value>    A key to be used for --encrypt
        --encrypt-iv      <value>    An initialization vector for --encrypt
    -a, --arch            <arch>     The architecture to use for --payload and --encoders (use --list archs to list)
        --platform        <platform> The platform for --payload (use --list platforms to list)
    -o, --out             <path>     Save the payload to a file
    -b, --bad-chars       <list>     Characters to avoid example: '\x00\xff'
    -n, --nopsled         <length>   Prepend a nopsled of [length] size on to the payload
        --pad-nops                   Use nopsled size specified by -n <length> as the total payload size, auto-prepending a nopsled of quantity (nops minus payload length)
    -s, --space           <length>   The maximum size of the resulting payload
        --encoder-space   <length>   The maximum size of the encoded payload (defaults to the -s value)
    -i, --iterations      <count>    The number of times to encode the payload
    -c, --add-code        <path>     Specify an additional win32 shellcode file to include
    -x, --template        <path>     Specify a custom executable file to use as a template
    -k, --keep                       Preserve the --template behaviour and inject the payload as a new thread
    -v, --var-name        <value>    Specify a custom variable name to use for certain output formats
    -t, --timeout         <second>   The number of seconds to wait when reading the payload from STDIN (default 30, 0 to disable)
    -h, --help                       Show this message
[1]
$

Interestingly, ./msfvenom -h works, and so does ./msfvenom -s 1

jvoisin commented 1 month ago

Prefixing the command with bundle exec fixes the issue.

Dramelac commented 1 month ago

Thank you @jvoisin , indeed using bundle exec fix the issue for me too thank you very much ! I don't know if it's somewhere an error in the project to be dependent on bundle exec or not so I let the maintainer decide if this issue should stay open or can be closed :)

github-actions[bot] commented 1 week ago

Hi!

This issue has been left open with no activity for a while now.

We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here. If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.