search

rapid7 / metasploit-framework

Metasploit Framework
https://www.metasploit.com/
Other
34.15k stars 13.97k forks source link

msfvenom fails with uninitialized constant Rex (NameError) #9763

Closed sbrun closed 6 years ago

sbrun commented 6 years ago

Steps to reproduce

I updated the package for Kali to the latest released version: 4.16.46 During the tests I got an error when running

msfvenom -b '\x00\xff'

Current behavior

It fails with :

Traceback (most recent call last):
    8: from /usr/bin/msfvenom:287:in `<main>'
    7: from /usr/bin/msfvenom:174:in `parse_args'
    6: from /usr/lib/ruby/2.5.0/optparse.rb:1648:in `parse!'
    5: from /usr/lib/ruby/2.5.0/optparse.rb:1626:in `permute!'
    4: from /usr/lib/ruby/2.5.0/optparse.rb:1532:in `order!'
    3: from /usr/lib/ruby/2.5.0/optparse.rb:1538:in `parse_in_order'
    2: from /usr/lib/ruby/2.5.0/optparse.rb:1538:in `catch'
    1: from /usr/lib/ruby/2.5.0/optparse.rb:1584:in `block in parse_in_order'
/usr/bin/msfvenom:138:in `block in parse_args': uninitialized constant Rex (NameError)

Other informations

I noticed that the code of msfvenom has changed. The line 'require rex' has moved into the function require_deps. Rex is not loaded before use in parse_args.

I fixed it in the package, version 4.16.46-0kali1 with the following patch, but you probably want to fix it in another way

--- a/msfvenom
+++ b/msfvenom
@@ -60,6 +60,8 @@ end
 def parse_args(args)
   opts = {}
   datastore = {}
+  # load dependencies (require rex)
+  require_deps unless @framework_loaded
   opt = OptionParser.new
   banner = "MsfVenom - a Metasploit standalone payload generator.\n"
   banner << "Also a replacement for msfpayload and msfencode.\n"

System stuff

Metasploit version

4.16.46 with ruby2.5

I installed Metasploit with:

OS

kali-rolling

busterb commented 6 years ago

Hi @sbrun when you say 'during the tests', does that mean you have a test suite? I'm sure we'd love to integrate to avoid this in the future.

sbrun commented 6 years ago

Yes we create a test suite. You can find the latest version here: http://git.kali.org/gitweb/?p=packages/metasploit-framework.git;a=blob_plain;f=debian/tests/runtests.sh;hb=d07ad0906a20d5c2334a0eea50e2c75fc9f38503 Some tests might only work with the Kali package (we add commands in the path).

wvu commented 6 years ago

Hmm, I'm amazed I missed that. Apologies.

wvu commented 6 years ago

Fixed in #9765. Sorry about that.