search

rapid7 / metasploit-framework

Metasploit Framework
https://www.metasploit.com/
Other
33.79k stars 13.9k forks source link

DNS Resolver crash when starting Metasploit console #19464

Open adfoster-r7 opened 3 days ago

adfoster-r7 commented 3 days ago

Steps to reproduce

Installed Metasploit framework omnibus installer onto a VM without internet accesss and opened msfconsole:

C:\Users\Administrator>msfconsole
C:/metasploit-framework/embedded/lib/ruby/gems/3.2.0/gems/rex-core-0.1.32/lib/rex/compat.rb:381: warning: Win32API is deprecated after Ruby 1.9.1; use fiddle directly instead
Metasploit tip: Start commands with a space to avoid saving them to history
C:/metasploit-framework/embedded/framework/lib/net/dns/resolver.rb:1274:in `valid?': undefined method `=~' for ["localdomain"]:Array (NoMethodError)
        from C:/metasploit-framework/embedded/framework/lib/net/dns/resolver.rb:359:in `domain='
        from C:/metasploit-framework/embedded/framework/lib/net/dns/resolver.rb:1084:in `parse_config_file'
        from C:/metasploit-framework/embedded/framework/lib/rex/proto/dns/resolver.rb:66:in `initialize'
        from C:/metasploit-framework/embedded/framework/lib/rex/proto/dns/cached_resolver.rb:25:in `initialize'
        from C:/metasploit-framework/embedded/framework/lib/msf/ui/console/driver.rb:86:in `new'
        from C:/metasploit-framework/embedded/framework/lib/msf/ui/console/driver.rb:86:in `initialize'
        from C:/metasploit-framework/embedded/framework/lib/metasploit/framework/command/console.rb:66:in `new'
        from C:/metasploit-framework/embedded/framework/lib/metasploit/framework/command/console.rb:66:in `driver'
        from C:/metasploit-framework/embedded/framework/lib/metasploit/framework/command/console.rb:54:in `start'
        from C:/metasploit-framework/embedded/framework/lib/metasploit/framework/command/base.rb:82:in `start'
        from C:/metasploit-framework/bin/../embedded/framework/msfconsole:23:in `<main>'

image

Were you following a specific guide/tutorial or reading documentation?

No

Expected behavior

No crash; potentially a warning - but msfconsole should still open

Current behavior

Full crash

Metasploit version

v6.4.27-dev
adfoster-r7 commented 3 days ago

Code in question:

https://github.com/rapid7/metasploit-framework/blob/720723fa9ccccc48531e9d6d2fdf138d82e86076/lib/net/dns/resolver.rb#L1083-L1085

Evaluating the resolve expression:

msf6 > irb -e 'puts Win32::Resolv.get_resolv_info.inspect'
[["localdomain"], ["192.168.123.2"]]

I assume the orginal code was inspired by this, but it needs some extra tweaks:

https://github.com/ruby/ruby/blob/532af89e3b5b78dd3a6fe29c6cc64ad1b073afe2/lib/resolv.rb#L1010

It looks like framework's begin/rescue block needs to be expanded to include the window's section too too, there's only a wrapping begin/rescue around the non-windows scenario

cgranleese-r7 commented 1 day ago

I happened to hit this today while testing a PR.

Installed Metasploit framework omnibus installer onto a VM without internet accesss and opened msfconsole:

Mine was on a WM with internet access while installing Metasploit-Framework via the latest omnibus installer, happened on latest but not on the older build (metasploit-framework-6.4.27-20240915103549-1rapid7-1-x64.msi)

image

sfewer-r7 commented 5 hours ago

I ran into this this morning and have opened a pull request #19474 with a potential solution.