search

rapid7 / metasploit-framework

Metasploit Framework
https://www.metasploit.com/
Other
34.29k stars 14.01k forks source link

Authentication Capture: SMB module crashing when scanned with nmap #19477

Closed loudpenguin closed 1 day ago

loudpenguin commented 2 months ago

Steps to reproduce

How'd you do it?

  1. Start smb capture module: 
    
msf6 > use auxiliary/server/capture/smb 
msf6 auxiliary(server/capture/smb) > run 
[*] Auxiliary module running as background job 21.
msf6 auxiliary(server/capture/smb) > 
[*] Server is running. Listening on 0.0.0.0:445
[*] Server started.

msf6 auxiliary(server/capture/smb) > 

2. Scan with nmap:

$ nmap -p 445 127.0.0.1 Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-09-19 11:49 EDT Nmap scan report for localhost (127.0.0.1) Host is up (0.000048s latency).

PORT STATE SERVICE 445/tcp open microsoft-ds

Nmap done: 1 IP address (1 host up) scanned in 0.02 seconds

3. Check if smb capture module is still running:

msf6 auxiliary(server/capture/smb) > [-] Auxiliary failed: Errno::ENOTCONN Transport endpoint is not connected - getpeername(2) [-] Call stack: [-] /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-socket-0.1.57/lib/rex/socket.rb:847:in getpeername' [-] /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-socket-0.1.57/lib/rex/socket.rb:847:ingetpeername_as_array' [-] /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-socket-0.1.57/lib/rex/socket/tcp_server.rb:57:in accept' [-] /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/ruby_smb-3.3.8/lib/ruby_smb/server.rb:75:inblock in run' [-] /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/ruby_smb-3.3.8/lib/ruby_smb/server.rb:74:in loop' [-] /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/ruby_smb-3.3.8/lib/ruby_smb/server.rb:74:inrun' [-] /usr/share/metasploit-framework/lib/rex/proto/smb/server.rb:88:in block in start' [-] /usr/share/metasploit-framework/lib/rex/thread_factory.rb:22:inblock in spawn' [-] /usr/share/metasploit-framework/lib/msf/core/thread_manager.rb:105:in `block in spawn' [*] Server stopped.


### Metasploit version

msf6 > version Framework: 6.4.9-dev Console : 6.4.9-dev


##  Module/Datastore

The following global/module datastore, and database setup was configured before the issue occurred:
<details>
<summary>Collapse</summary>

[framework/core] LogLevel=3

[framework/ui/console] ActiveModule=auxiliary/server/capture/smb

[server/capture/smb] SMBDomain=east78.local WORKSPACE= VERBOSE=false SRVHOST=0.0.0.0 SRVPORT=445 ListenerBindAddress= ListenerBindPort= ListenerComm= CAINPWFILE= JOHNPWFILE= CHALLENGE= TIMEOUT=5


</details>

##  Database Configuration

The database contains the following information:
<details>
<summary>Collapse</summary>

Session Type: postgresql selected, no connection


</details>

##  Framework Configuration

The features are configured as follows:
<details>
<summary>Collapse</summary>

| name | enabled |
|-:|-:|
| wrapped_tables | true |
| fully_interactive_shells | false |
| manager_commands | false |
| datastore_fallbacks | true |
| metasploit_payload_warnings | true |
| defer_module_loads | false |
| smb_session_type | true |
| postgresql_session_type | true |
| mysql_session_type | true |
| mssql_session_type | true |
| ldap_session_type | false |
| dns | true |
| hierarchical_search_table | true |

</details>

##  History

The following commands were ran during the session and before this issue occurred:
<details>
<summary>Collapse</summary>

15 jobs -k 2 16 show options 17 set uripath / 18 run 19 use auxiliary/server/capture/imap 20 run 21 use auxiliary/server/capture/ldap 22 run 23 use auxiliary/server/capture/mssql 24 run 25 use auxiliary/server/capture/mysql 26 run 27 use auxiliary/server/capture/postgresql 28 run 29 use auxiliary/server/capture/sip 30 run 31 use auxiliary/server/capture/smtp 32 run 33 use auxiliary/server/capture/telnet 34 run 35 jobs 36 use auxiliary/server/capture/vnc 37 run 38 use auxiliary/server/capture/drda 39 run 40 use auxiliary/server/capture/ftp 41 run 42 use auxiliary/server/capture/pop3 43 run 44 jobs 45 use auxiliary/server/capture/smb 46 run 47 use auxiliary/server/capture/smb 48 run 49 use auxiliary/server/capture/smb 50 run 51 info 52 run 53 back 54 use auxiliary/server/capture/smb 55 run 56 back 57 version 58 set LogLevel 3 59 jobs 60 jobs -K 61 clear 62 use auxiliary/server/capture/smb 63 run 64 debug


</details>

##  Framework Errors

The following framework errors occurred before the issue occurred:
<details>
<summary>Collapse</summary>

[09/19/2024 11:52:59] [e(0)] core: Error in stream server server monitor: stream closed in another thread

Call stack: /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-socket-0.1.57/lib/rex/socket/tcp_server.rb:46:in accept' /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-socket-0.1.57/lib/rex/socket/tcp_server.rb:46:inaccept' /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-core-0.1.32/lib/rex/io/stream_server.rb:142:in monitor_listener' /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-core-0.1.32/lib/rex/io/stream_server.rb:61:inblock in start' /usr/share/metasploit-framework/lib/rex/thread_factory.rb:22:in block in spawn' /usr/share/metasploit-framework/lib/msf/core/thread_manager.rb:105:inblock in spawn' [09/19/2024 11:52:59] [e(0)] core: Error in stream server server monitor: stream closed in another thread

Call stack: /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-socket-0.1.57/lib/rex/socket/tcp_server.rb:46:in accept' /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-socket-0.1.57/lib/rex/socket/tcp_server.rb:46:inaccept' /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-core-0.1.32/lib/rex/io/stream_server.rb:142:in monitor_listener' /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-core-0.1.32/lib/rex/io/stream_server.rb:61:inblock in start' /usr/share/metasploit-framework/lib/rex/thread_factory.rb:22:in block in spawn' /usr/share/metasploit-framework/lib/msf/core/thread_manager.rb:105:inblock in spawn' [09/19/2024 11:52:59] [e(0)] core: Error in stream server server monitor: stream closed in another thread

Call stack: /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-socket-0.1.57/lib/rex/socket/tcp_server.rb:46:in accept' /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-socket-0.1.57/lib/rex/socket/tcp_server.rb:46:inaccept' /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-core-0.1.32/lib/rex/io/stream_server.rb:142:in monitor_listener' /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-core-0.1.32/lib/rex/io/stream_server.rb:61:inblock in start' /usr/share/metasploit-framework/lib/rex/thread_factory.rb:22:in block in spawn' /usr/share/metasploit-framework/lib/msf/core/thread_manager.rb:105:inblock in spawn' [09/19/2024 11:52:59] [e(0)] core: Error in stream server server monitor: stream closed in another thread

Call stack: /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-socket-0.1.57/lib/rex/socket/tcp_server.rb:46:in accept' /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-socket-0.1.57/lib/rex/socket/tcp_server.rb:46:inaccept' /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-core-0.1.32/lib/rex/io/stream_server.rb:142:in monitor_listener' /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-core-0.1.32/lib/rex/io/stream_server.rb:61:inblock in start' /usr/share/metasploit-framework/lib/rex/thread_factory.rb:22:in block in spawn' /usr/share/metasploit-framework/lib/msf/core/thread_manager.rb:105:inblock in spawn' [09/19/2024 11:52:59] [e(0)] core: Error in stream server server monitor: stream closed in another thread [09/19/2024 11:52:59] [e(0)] core: Error in stream server server monitor: stream closed in another thread

Call stack: /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-socket-0.1.57/lib/rex/socket/tcp_server.rb:46:in accept' /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-socket-0.1.57/lib/rex/socket/tcp_server.rb:46:inaccept' /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-core-0.1.32/lib/rex/io/stream_server.rb:142:in monitor_listener' /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-core-0.1.32/lib/rex/io/stream_server.rb:61:inblock in start' /usr/share/metasploit-framework/lib/rex/thread_factory.rb:22:in block in spawn' /usr/share/metasploit-framework/lib/msf/core/thread_manager.rb:105:inblock in spawn' [09/19/2024 11:52:59] [e(0)] core: Error in stream server server monitor: stream closed in another thread

Call stack: /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-socket-0.1.57/lib/rex/socket/tcp_server.rb:46:in accept' /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-socket-0.1.57/lib/rex/socket/tcp_server.rb:46:inaccept' /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-core-0.1.32/lib/rex/io/stream_server.rb:142:in monitor_listener' /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-core-0.1.32/lib/rex/io/stream_server.rb:61:inblock in start' /usr/share/metasploit-framework/lib/rex/thread_factory.rb:22:in block in spawn' /usr/share/metasploit-framework/lib/msf/core/thread_manager.rb:105:inblock in spawn' [09/19/2024 11:52:59] [e(0)] core: Error in stream server server monitor: stream closed in another thread

Call stack: /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-socket-0.1.57/lib/rex/socket/tcp_server.rb:46:in accept' /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-socket-0.1.57/lib/rex/socket/tcp_server.rb:46:inaccept' /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-core-0.1.32/lib/rex/io/stream_server.rb:142:in monitor_listener' /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-core-0.1.32/lib/rex/io/stream_server.rb:61:inblock in start' /usr/share/metasploit-framework/lib/rex/thread_factory.rb:22:in block in spawn' /usr/share/metasploit-framework/lib/msf/core/thread_manager.rb:105:inblock in spawn' [09/19/2024 11:53:19] [e(0)] core: Thread Exception: SMBServerListener(0.0.0.0:445) critical=false source: /usr/share/metasploit-framework/lib/metasploit/framework/thread_factory_provider.rb:25:in spawn' /usr/share/metasploit-framework/lib/rex/thread_factory.rb:22:inspawn' /usr/share/metasploit-framework/lib/rex/proto/smb/server.rb:86:in start' /usr/share/metasploit-framework/lib/rex/service_manager.rb:80:instart' /usr/share/metasploit-framework/lib/rex/service_manager.rb:24:in start' /usr/share/metasploit-framework/lib/msf/core/exploit/remote/smb/server.rb:25:instart_service' /usr/share/metasploit-framework/modules/auxiliary/server/capture/smb.rb:75:in start_service' /usr/share/metasploit-framework/lib/msf/core/exploit/remote/socket_server.rb:42:inexploit' /usr/share/metasploit-framework/lib/msf/base/simple/auxiliary.rb:179:in job_run_proc' /usr/share/metasploit-framework/lib/msf/base/simple/auxiliary.rb:79:inblock in run_simple' /usr/share/metasploit-framework/lib/rex/job.rb:49:in block in start' /usr/share/metasploit-framework/lib/rex/thread_factory.rb:22:inblock in spawn' /usr/share/metasploit-framework/lib/msf/core/thread_manager.rb:105:in block in spawn' - Errno::ENOTCONN Transport endpoint is not connected - getpeername(2) Call stack: /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-socket-0.1.57/lib/rex/socket.rb:847:ingetpeername' /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-socket-0.1.57/lib/rex/socket.rb:847:in getpeername_as_array' /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-socket-0.1.57/lib/rex/socket/tcp_server.rb:57:inaccept' /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/ruby_smb-3.3.8/lib/ruby_smb/server.rb:75:in block in run' /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/ruby_smb-3.3.8/lib/ruby_smb/server.rb:74:inloop' /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/ruby_smb-3.3.8/lib/ruby_smb/server.rb:74:in run' /usr/share/metasploit-framework/lib/rex/proto/smb/server.rb:88:inblock in start' /usr/share/metasploit-framework/lib/rex/thread_factory.rb:22:in block in spawn' /usr/share/metasploit-framework/lib/msf/core/thread_manager.rb:105:inblock in spawn' [09/19/2024 11:53:19] [e(0)] core: Auxiliary failed - Errno::ENOTCONN Transport endpoint is not connected - getpeername(2) Call stack: /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-socket-0.1.57/lib/rex/socket.rb:847:in getpeername' /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-socket-0.1.57/lib/rex/socket.rb:847:ingetpeername_as_array' /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-socket-0.1.57/lib/rex/socket/tcp_server.rb:57:in accept' /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/ruby_smb-3.3.8/lib/ruby_smb/server.rb:75:inblock in run' /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/ruby_smb-3.3.8/lib/ruby_smb/server.rb:74:in loop' /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/ruby_smb-3.3.8/lib/ruby_smb/server.rb:74:inrun' /usr/share/metasploit-framework/lib/rex/proto/smb/server.rb:88:in block in start' /usr/share/metasploit-framework/lib/rex/thread_factory.rb:22:inblock in spawn' /usr/share/metasploit-framework/lib/msf/core/thread_manager.rb:105:in `block in spawn'


</details>

##  Web Service Errors

The following web service errors occurred before the issue occurred:
<details>
<summary>Collapse</summary>

msf-ws.log does not exist.


</details>

##  Framework Logs

The following framework logs were recorded before the issue occurred:
<details>
<summary>Collapse</summary>

/usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-socket-0.1.57/lib/rex/socket/tcp_server.rb:46:in accept' /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-socket-0.1.57/lib/rex/socket/tcp_server.rb:46:inaccept' /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-core-0.1.32/lib/rex/io/stream_server.rb:142:in monitor_listener' /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-core-0.1.32/lib/rex/io/stream_server.rb:61:inblock in start' /usr/share/metasploit-framework/lib/rex/thread_factory.rb:22:in block in spawn' /usr/share/metasploit-framework/lib/msf/core/thread_manager.rb:105:inblock in spawn' [09/19/2024 11:52:59] [e(0)] core: Error in stream server server monitor: stream closed in another thread

Call stack: /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-socket-0.1.57/lib/rex/socket/tcp_server.rb:46:in accept' /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-socket-0.1.57/lib/rex/socket/tcp_server.rb:46:inaccept' /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-core-0.1.32/lib/rex/io/stream_server.rb:142:in monitor_listener' /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-core-0.1.32/lib/rex/io/stream_server.rb:61:inblock in start' /usr/share/metasploit-framework/lib/rex/thread_factory.rb:22:in block in spawn' /usr/share/metasploit-framework/lib/msf/core/thread_manager.rb:105:inblock in spawn' [09/19/2024 11:53:19] [e(0)] core: Thread Exception: SMBServerListener(0.0.0.0:445) critical=false source: /usr/share/metasploit-framework/lib/metasploit/framework/thread_factory_provider.rb:25:in spawn' /usr/share/metasploit-framework/lib/rex/thread_factory.rb:22:inspawn' /usr/share/metasploit-framework/lib/rex/proto/smb/server.rb:86:in start' /usr/share/metasploit-framework/lib/rex/service_manager.rb:80:instart' /usr/share/metasploit-framework/lib/rex/service_manager.rb:24:in start' /usr/share/metasploit-framework/lib/msf/core/exploit/remote/smb/server.rb:25:instart_service' /usr/share/metasploit-framework/modules/auxiliary/server/capture/smb.rb:75:in start_service' /usr/share/metasploit-framework/lib/msf/core/exploit/remote/socket_server.rb:42:inexploit' /usr/share/metasploit-framework/lib/msf/base/simple/auxiliary.rb:179:in job_run_proc' /usr/share/metasploit-framework/lib/msf/base/simple/auxiliary.rb:79:inblock in run_simple' /usr/share/metasploit-framework/lib/rex/job.rb:49:in block in start' /usr/share/metasploit-framework/lib/rex/thread_factory.rb:22:inblock in spawn' /usr/share/metasploit-framework/lib/msf/core/thread_manager.rb:105:in block in spawn' - Errno::ENOTCONN Transport endpoint is not connected - getpeername(2) Call stack: /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-socket-0.1.57/lib/rex/socket.rb:847:ingetpeername' /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-socket-0.1.57/lib/rex/socket.rb:847:in getpeername_as_array' /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-socket-0.1.57/lib/rex/socket/tcp_server.rb:57:inaccept' /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/ruby_smb-3.3.8/lib/ruby_smb/server.rb:75:in block in run' /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/ruby_smb-3.3.8/lib/ruby_smb/server.rb:74:inloop' /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/ruby_smb-3.3.8/lib/ruby_smb/server.rb:74:in run' /usr/share/metasploit-framework/lib/rex/proto/smb/server.rb:88:inblock in start' /usr/share/metasploit-framework/lib/rex/thread_factory.rb:22:in block in spawn' /usr/share/metasploit-framework/lib/msf/core/thread_manager.rb:105:inblock in spawn' [09/19/2024 11:53:19] [e(0)] core: Auxiliary failed - Errno::ENOTCONN Transport endpoint is not connected - getpeername(2) Call stack: /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-socket-0.1.57/lib/rex/socket.rb:847:in getpeername' /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-socket-0.1.57/lib/rex/socket.rb:847:ingetpeername_as_array' /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/rex-socket-0.1.57/lib/rex/socket/tcp_server.rb:57:in accept' /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/ruby_smb-3.3.8/lib/ruby_smb/server.rb:75:inblock in run' /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/ruby_smb-3.3.8/lib/ruby_smb/server.rb:74:in loop' /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/ruby_smb-3.3.8/lib/ruby_smb/server.rb:74:inrun' /usr/share/metasploit-framework/lib/rex/proto/smb/server.rb:88:in block in start' /usr/share/metasploit-framework/lib/rex/thread_factory.rb:22:inblock in spawn' /usr/share/metasploit-framework/lib/msf/core/thread_manager.rb:105:in `block in spawn'


</details>

##  Web Service Logs

The following web service logs were recorded before the issue occurred:
<details>
<summary>Collapse</summary>

msf-ws.log does not exist.


</details>

##  Version/Install

The versions and install method of your Metasploit setup:
<details>
<summary>Collapse</summary>

Framework: 6.4.9-dev Ruby: ruby 3.1.2p20 (2022-04-12 revision 4491bb740a) [x86_64-linux-gnu] OpenSSL: OpenSSL 3.1.5 30 Jan 2024 Install Root: /usr/share/metasploit-framework Session Type: postgresql selected, no connection Install Method: Other - Please specify



</details>
smcintyre-r7 commented 2 months ago

Does this happen for you consistently? I ask because I'm not able to reproduce it.

loudpenguin commented 2 months ago

Yes it does. Mostly use MSF from Kali as a package. Unsure if that plays a role in anything.

smcintyre-r7 commented 2 months ago

So I was able to reproduce this on Kali with Metasploit 6.4.9. After I updated to 6.4.20 which was the latest available as of today, I am no longer able to reproduce the issue. Can you check what version you're running and if there are updates available? If there are updates, can you please check if you're still having the issue with the latest version?

github-actions[bot] commented 1 month ago

Hi!

This issue has been left open with no activity for a while now.

We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here. If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.

github-actions[bot] commented 1 day ago

Hi again!

It’s been 60 days since anything happened on this issue, so we are going to close it. Please keep in mind that I’m only a robot, so if I’ve closed this issue in error please feel free to reopen this issue or create a new one if you need anything else.

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.