search

rapid7 / metasploit-framework

Metasploit Framework
https://www.metasploit.com/
Other
34.14k stars 13.97k forks source link

[-] Error while running command search: wrong number of arguments (1 for 0) #4700

Closed ghost closed 9 years ago

ghost commented 9 years ago 
       =[ metasploit v4.11.0-dev [core:4.11.0.pre.dev api:1.0.0]]
+ -- --=[ 1390 exploits - 790 auxiliary - 226 post        ]
+ -- --=[ 356 payloads - 37 encoders - 8 nops             ]
+ -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]

msf > search ghost
[!] Database not connected or cache not built, using slow search
[-] Error while running command search: wrong number of arguments (1 for 0)

Call stack:
/opt/metasploit-framework/modules/post/windows/gather/enum_ad_users.rb:125:in `search_filter'
/opt/metasploit-framework/lib/msf/ui/console/command_dispatcher/core.rb:1501:in `block (2 levels) in cmd_search'
/opt/metasploit-framework/lib/msf/core/module_set.rb:77:in `each'
/opt/metasploit-framework/lib/msf/core/module_set.rb:77:in `each'
/opt/metasploit-framework/lib/msf/ui/console/command_dispatcher/core.rb:1495:in `block in cmd_search'
/opt/metasploit-framework/lib/msf/ui/console/command_dispatcher/core.rb:1488:in `each'
/opt/metasploit-framework/lib/msf/ui/console/command_dispatcher/core.rb:1488:in `cmd_search'
/opt/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:427:in `run_command'
/opt/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:389:in `block in run_single'
/opt/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:383:in `each'
/opt/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:383:in `run_single'
/opt/metasploit-framework/lib/rex/ui/text/shell.rb:200:in `run'
/opt/metasploit-framework/lib/metasploit/framework/command/console.rb:38:in `start'
/opt/metasploit-framework/lib/metasploit/framework/command/base.rb:82:in `start'
./msfconsole:48:in `<main>'

repaired:

  def search_filter (datastore)
    inner_filter = '(objectCategory=person)(objectClass=user)'
    inner_filter << '(!(lockoutTime>=1))' if datastore['EXCLUDE_LOCKED']
    inner_filter << '(!(userAccountControl:1.2.840.113556.1.4.803:=2))' if data$
    case datastore['UAC']
      when 'ANY'
      when 'NO_PASSWORD'
        inner_filter << '(userAccountControl:1.2.840.113556.1.4.803:=32)'
      when 'CHANGE_PASSWORD'
        inner_filter << '(!sAMAccountType=805306370)(pwdlastset=0)'
      when 'NEVER_EXPIRES'
        inner_filter << '(userAccountControl:1.2.840.113556.1.4.803:=65536)'
      when 'SMARTCARD_REQUIRED'
        inner_filter << '(userAccountControl:1.2.840.113556.1.4.803:=262144)'
      when 'NEVER_LOGGEDON'
        inner_filter << '(|(lastlogon=0)(!lastlogon=*))'
    end
ZedCode commented 9 years ago

Seeing exactly the same thing:

msf > search ghost
[!] Database not connected or cache not built, using slow search
[-] Error while running command search: wrong number of arguments (1 for 0)

Call stack:
/msf/modules/post/windows/gather/enum_ad_users.rb:125:in `search_filter'
/msf/lib/msf/ui/console/command_dispatcher/core.rb:1501:in `block (2 levels) in cmd_search'
/msf/lib/msf/core/module_set.rb:77:in `each'
/msf/lib/msf/core/module_set.rb:77:in `each'
/msf/lib/msf/ui/console/command_dispatcher/core.rb:1495:in `block in cmd_search'
/msf/lib/msf/ui/console/command_dispatcher/core.rb:1494:in `each'
/msf/lib/msf/ui/console/command_dispatcher/core.rb:1494:in `cmd_search'
/msf/lib/rex/ui/text/dispatcher_shell.rb:427:in `run_command'
/msf/lib/rex/ui/text/dispatcher_shell.rb:389:in `block in run_single'
/msf/lib/rex/ui/text/dispatcher_shell.rb:383:in `each'
/msf/lib/rex/ui/text/dispatcher_shell.rb:383:in `run_single'
/msf/lib/rex/ui/text/shell.rb:200:in `run'
/msf/lib/metasploit/framework/command/console.rb:38:in `start'
/msf/lib/metasploit/framework/command/base.rb:82:in `start'
./msfconsole:48:in `<main>'

Built inside of docker with a fresh checkout today. The DB appears to be connected and working, at least:

msf > db_status
[*] postgresql connected to msf_database

I also attempted to upgrade Ruby from 1.9.3 to 2.1.5 and rebuilt my Docker container to the same results. (It's been a while since I rebuilt this container, so I was trying all the basics).

EDIT:

Seems to be working after I let it finish building the DB:

msf > search ghost

Matching Modules
================

   Name                                            Disclosure Date  Rank    Description
   ----                                            ---------------  ----    -----------
   auxiliary/scanner/http/wordpress_ghost_scanner                   normal  WordPress XMLRPC Ghost Vulnerability Scanner
   auxiliary/server/capture/printjob_capture                        normal  Printjob Capture Service
   exploit/windows/http/sws_connection_bof         2012-07-20       normal  Simple Web Server Connection Header Buffer Overflow

I think the problem only exists in the slow search.

wvu commented 9 years ago

Checking this out now. Thanks for the report.

wvu commented 9 years ago 
msf > search ghost

Matching Modules
================

   Name                                            Disclosure Date  Rank    Description
   ----                                            ---------------  ----    -----------
   auxiliary/scanner/http/wordpress_ghost_scanner                   normal  WordPress XMLRPC Ghost Vulnerability Scanner
   auxiliary/server/capture/printjob_capture                        normal  Printjob Capture Service
   exploit/windows/http/sws_connection_bof         2012-07-20       normal  Simple Web Server Connection Header Buffer Overflow

msf > db_disconnect 
msf > search ghost
[!] Database not connected or cache not built, using slow search
[-] Error while running command search: wrong number of arguments (1 for 0)

Call stack:
/home/wvu/metasploit-framework/modules/post/windows/gather/enum_ad_users.rb:125:in `search_filter'
/home/wvu/metasploit-framework/lib/msf/ui/console/command_dispatcher/core.rb:1501:in `block (2 levels) in cmd_search'
/home/wvu/metasploit-framework/lib/msf/core/module_set.rb:77:in `each'
/home/wvu/metasploit-framework/lib/msf/core/module_set.rb:77:in `each'
/home/wvu/metasploit-framework/lib/msf/ui/console/command_dispatcher/core.rb:1495:in `block in cmd_search'
/home/wvu/metasploit-framework/lib/msf/ui/console/command_dispatcher/core.rb:1494:in `each'
/home/wvu/metasploit-framework/lib/msf/ui/console/command_dispatcher/core.rb:1494:in `cmd_search'
/home/wvu/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:427:in `run_command'
/home/wvu/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:389:in `block in run_single'
/home/wvu/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:383:in `each'
/home/wvu/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:383:in `run_single'
/home/wvu/metasploit-framework/lib/rex/ui/text/shell.rb:200:in `run'
/home/wvu/metasploit-framework/lib/metasploit/framework/command/console.rb:38:in `start'
/home/wvu/metasploit-framework/lib/metasploit/framework/command/base.rb:82:in `start'
./msfconsole:48:in `<main>'
msf >
OJ commented 9 years ago

I've seen this a few times in the last couple of days as well on master.

wvu commented 9 years ago

@wchen-r7 can repro, too.

wchen-r7 commented 9 years ago

If you change the method name search_filter in the enum_ad_users.rb module, you fix the prob.

wvu commented 9 years ago

Yup, fixing. Thanks, everyone.

Meatballs1 commented 9 years ago

Lol this is an awesome bug, how do we prevent it in future?

wchen-r7 commented 9 years ago

Cucumber.

Meatballs1 commented 9 years ago

Celery.

wvu commented 9 years ago

Spinach!

Spinach