Msfconsole module listing crash upon autocompletion

[maaaaz]

Hello, I would like to report a crash affecting the latest msfconsole version on Kali. It seems to be related to readline. Steps to reproduce:

1. Type use auxiliary/scanner/http/
2. Press tab to list all modules
3. msfconsole crashes

Before pasting the log, I would like to add that starting msfconsole with the -L option does not lead to the crash.

root@kali:~# msfconsole

  +-------------------------------------------------------+
  |  METASPLOIT by Rapid7                                 |
  +---------------------------+---------------------------+
  |      __________________   |                           |
  |  ==c(______(o(______(_()  | |""""""""""""|======[***  |
  |             )=\           | |  EXPLOIT   \            |
  |            // \\          | |_____________\_______    |
  |           //   \\         | |==[msf >]============\   |
  |          //     \\        | |______________________\  |
  |         // RECON \\       | \(@)(@)(@)(@)(@)(@)(@)/   |
  |        //         \\      |  *********************    |
  +---------------------------+---------------------------+
  |      o O o                |        \'\/\/\/'/         |
  |              o O          |         )======(          |
  |                 o         |       .'  LOOT  '.        |
  | |^^^^^^^^^^^^^^|l___      |      /    _||__   \       |
  | |    PAYLOAD     |""\___, |     /    (_||_     \      |
  | |________________|__|)__| |    |     __||_)     |     |
  | |(@)(@)"""**|(@)(@)**|(@) |    "       ||       "     |
  |  = = = = = = = = = = = =  |     '--------------'      |
  +---------------------------+---------------------------+

Tired of typing 'set RHOSTS'? Click & pwn with Metasploit Pro
Learn more on http://rapid7.com/metasploit

       =[ metasploit v4.11.4-2015071402                   ]
+ -- --=[ 1476 exploits - 931 auxiliary - 246 post        ]
+ -- --=[ 432 payloads - 37 encoders - 8 nops             ]
+ -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]

msf > use auxiliary/scanner/http/
Display all 192 possibilities? (y or n)
use auxiliary/scanner/http/a10networks_ax_directory_traversal         use auxiliary/scanner/http/manageengine_deviceexpert_user_creds
use auxiliary/scanner/http/accellion_fta_statecode_file_read          use auxiliary/scanner/http/manageengine_securitymanager_traversal
use auxiliary/scanner/http/adobe_xml_inject                           use auxiliary/scanner/http/mediawiki_svg_fileaccess
use auxiliary/scanner/http/allegro_rompager_misfortune_cookie         use auxiliary/scanner/http/mod_negotiation_brute
use auxiliary/scanner/http/apache_activemq_source_disclosure          use auxiliary/scanner/http/mod_negotiation_scanner
use auxiliary/scanner/http/apache_activemq_traversal                  use auxiliary/scanner/http/ms09_020_webdav_unicode_bypass
use auxiliary/scanner/http/apache_mod_cgi_bash_env                    use auxiliary/scanner/http/ms15_034_http_sys_memory_dump
use auxiliary/scanner/http/apache_userdir_enum                        use auxiliary/scanner/http/mybook_live_login
use auxiliary/scanner/http/appletv_login                              use auxiliary/scanner/http/netdecision_traversal
use auxiliary/scanner/http/atlassian_crowd_fileaccess                 use auxiliary/scanner/http/netgear_sph200d_traversal
use auxiliary/scanner/http/axis_local_file_include                    use auxiliary/scanner/http/nginx_source_disclosure
use auxiliary/scanner/http/axis_login                                 use auxiliary/scanner/http/novell_file_reporter_fsfui_fileaccess
use auxiliary/scanner/http/backup_file                                use auxiliary/scanner/http/novell_file_reporter_srs_fileaccess
use auxiliary/scanner/http/barracuda_directory_traversal              use auxiliary/scanner/http/novell_mdm_creds
use auxiliary/scanner/http/bitweaver_overlay_type_traversal           use auxiliary/scanner/http/ntlm_info_enumeration
use auxiliary/scanner/http/blind_sql_query                            use auxiliary/scanner/http/open_proxy
use auxiliary/scanner/http/bmc_trackit_passwd_reset                   use auxiliary/scanner/http/openmind_messageos_login
use auxiliary/scanner/http/brute_dirs                                 use auxiliary/scanner/http/options
use auxiliary/scanner/http/buffalo_login                              use auxiliary/scanner/http/oracle_demantra_database_credentials_leak
use auxiliary/scanner/http/canon_wireless                             use auxiliary/scanner/http/oracle_demantra_file_retrieval
use auxiliary/scanner/http/cert                                       use auxiliary/scanner/http/oracle_ilom_login
use auxiliary/scanner/http/chef_webui_login                           use auxiliary/scanner/http/owa_iis_internal_ip
use auxiliary/scanner/http/chromecast_webserver                       use auxiliary/scanner/http/owa_login
use auxiliary/scanner/http/cisco_asa_asdm                             use auxiliary/scanner/http/pocketpad_login
use auxiliary/scanner/http/cisco_device_manager                       use auxiliary/scanner/http/prev_dir_same_name_file
use auxiliary/scanner/http/cisco_ios_auth_bypass                      use auxiliary/scanner/http/radware_appdirector_enum
use auxiliary/scanner/http/cisco_ironport_enum                        use auxiliary/scanner/http/rails_json_yaml_scanner
use auxiliary/scanner/http/cisco_nac_manager_traversal                use auxiliary/scanner/http/rails_mass_assignment
use auxiliary/scanner/http/cisco_ssl_vpn                              use auxiliary/scanner/http/rails_xml_yaml_scanner
use auxiliary/scanner/http/cisco_ssl_vpn_priv_esc                     use auxiliary/scanner/http/replace_ext
use auxiliary/scanner/http/clansphere_traversal                       use auxiliary/scanner/http/rewrite_proxy_bypass
use auxiliary/scanner/http/coldfusion_locale_traversal                use auxiliary/scanner/http/rfcode_reader_enum
/opt/metasploit/apps/pro/vendor/bundle/ruby/2.1.0/gems/rb-readline-r7-0.5.2.0/lib/rbreadline.rb:6497:in `_rl_internal_pager': private method `puts' called for #<Rex::Ui::Text::Output::Tee:0xea0d878> (NoMethodError)
    from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.1.0/gems/rb-readline-r7-0.5.2.0/lib/rbreadline.rb:8384:in `block in rl_display_match_list'
    from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.1.0/gems/activesupport-4.0.13/lib/active_support/core_ext/range/each.rb:7:in `each'
    from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.1.0/gems/activesupport-4.0.13/lib/active_support/core_ext/range/each.rb:7:in `each_with_time_with_zone'
    from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.1.0/gems/rb-readline-r7-0.5.2.0/lib/rbreadline.rb:8366:in `rl_display_match_list'
    from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.1.0/gems/rb-readline-r7-0.5.2.0/lib/rbreadline.rb:6730:in `display_matches'
    from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.1.0/gems/rb-readline-r7-0.5.2.0/lib/rbreadline.rb:6824:in `rl_complete_internal'
    from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.1.0/gems/rb-readline-r7-0.5.2.0/lib/rbreadline.rb:6852:in `rl_complete'
    from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.1.0/gems/rb-readline-r7-0.5.2.0/lib/rbreadline.rb:4329:in `_rl_dispatch_subseq'
    from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.1.0/gems/rb-readline-r7-0.5.2.0/lib/rbreadline.rb:4318:in `_rl_dispatch'
    from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.1.0/gems/rb-readline-r7-0.5.2.0/lib/rbreadline.rb:4734:in `readline_internal_charloop'
    from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.1.0/gems/rb-readline-r7-0.5.2.0/lib/rbreadline.rb:4808:in `readline_internal'
    from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.1.0/gems/rb-readline-r7-0.5.2.0/lib/rbreadline.rb:4830:in `readline'
    from /usr/share/metasploit-framework/lib/rex/ui/text/input/readline.rb:132:in `readline_with_output'
    from /usr/share/metasploit-framework/lib/rex/ui/text/input/readline.rb:86:in `pgets'
    from /usr/share/metasploit-framework/lib/rex/ui/text/shell.rb:187:in `run'
    from /usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:48:in `start'
    from /usr/share/metasploit-framework/lib/metasploit/framework/command/base.rb:82:in `start'
    from /opt/metasploit/apps/pro/msf3/msfconsole:48:in `<main>'
root@kali:~#

Thank you.

[void-in]

The problem with rbreadline has been reported multiple times but AFAIK the problem was resolved. What version of ruby you are using?

[maaaaz]

The latest version on Kali:

root@kali:~# ruby -v
ruby 1.9.3p194 (2012-04-20 revision 35410) [i486-linux]

[wvu]

We've been using Ruby 2.1.x for a long time now.

[void-in]

@maaaaz That would explain. Just like @wvu-r7 pointed out, you need to update your ruby version to 2.1.x (presently the framework is using 2.1.6). You can easily do this through rvm.

[wvu]

@maaaaz: FWIW, https://github.com/rapid7/metasploit-framework/wiki/Setting-Up-a-Metasploit-Development-Environment has been updated to support Kali.