search

sqlmapproject / sqlmap

Automatic SQL injection and database takeover tool
http://sqlmap.org
Other
31.74k stars 5.66k forks source link

Newer versions of Metasploit incompatible with sqlmap #2453

Closed stamparm closed 7 years ago

stamparm commented 7 years ago

When running (e.g.) --os-pwn msfconsole called from within the sqlmap automatically terminates with an error Session manipulation failed: no implicit conversion of nil into String (not displayed from sqlmap, but can be found inside $HOME/.msf4/logs/framework.log):

[03/30/2017 11:04:13] [w(0)] core: Session manipulation failed: no implicit conv
ersion of nil into String ["/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/ge
ms/rb-readline-0.5.4/lib/rbreadline.rb:2398:in `initialize'", "/opt/metasploit/a
pps/pro/vendor/bundle/ruby/2.3.0/gems/rb-readline-0.5.4/lib/rbreadline.rb:2398:i
n `new'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/rb-readline-0.
5.4/lib/rbreadline.rb:2398:in `rl_translate_keyseq'", "/opt/metasploit/apps/pro/
vendor/bundle/ruby/2.3.0/gems/rb-readline-0.5.4/lib/rbreadline.rb:2442:in `rl_bi
nd_key'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/rb-readline-0.
5.4/lib/rbreadline.rb:7019:in `prepare_terminal_settings'", "/opt/metasploit/app
s/pro/vendor/bundle/ruby/2.3.0/gems/rb-readline-0.5.4/lib/rbreadline.rb:7086:in 
`rl_prep_terminal'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/rb-
readline-0.5.4/lib/rbreadline.rb:4871:in `readline'", "/opt/metasploit/apps/pro/
vendor/bundle/ruby/2.3.0/gems/metasploit-framework-4.14.4/lib/rex/ui/text/input/
readline.rb:162:in `readline_with_output'", "/opt/metasploit/apps/pro/vendor/bun
dle/ruby/2.3.0/gems/metasploit-framework-4.14.4/lib/rex/ui/text/input/readline.r
b:100:in `pgets'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/metas
ploit-framework-4.14.4/lib/rex/ui/text/shell.rb:188:in `run'", "/opt/metasploit/
apps/pro/vendor/bundle/ruby/2.3.0/gems/metasploit-framework-4.14.4/lib/rex/post/
meterpreter/ui/console.rb:66:in `interact'", "/opt/metasploit/apps/pro/vendor/bu
ndle/ruby/2.3.0/gems/metasploit-framework-4.14.4/lib/msf/base/sessions/meterpret
er.rb:481:in `_interact'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/ge
ms/metasploit-framework-4.14.4/lib/rex/ui/interactive.rb:49:in `interact'", "/op
t/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/metasploit-framework-4.14.4/
lib/msf/ui/console/command_dispatcher/core.rb:1347:in `cmd_sessions'", "/opt/met
asploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/metasploit-framework-4.14.4/lib/r
ex/ui/text/dispatcher_shell.rb:430:in `run_command'", "/opt/metasploit/apps/pro/
vendor/bundle/ruby/2.3.0/gems/metasploit-framework-4.14.4/lib/rex/ui/text/dispat
cher_shell.rb:392:in `block in run_single'", "/opt/metasploit/apps/pro/vendor/bu
ndle/ruby/2.3.0/gems/metasploit-framework-4.14.4/lib/rex/ui/text/dispatcher_shel
l.rb:386:in `each'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/met
asploit-framework-4.14.4/lib/rex/ui/text/dispatcher_shell.rb:386:in `run_single'
", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/metasploit-framework-
4.14.4/lib/msf/ui/console/command_dispatcher/exploit.rb:141:in `cmd_exploit'", "
/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/metasploit-framework-4.14
.4/lib/rex/ui/text/dispatcher_shell.rb:430:in `run_command'", "/opt/metasploit/a
pps/pro/vendor/bundle/ruby/2.3.0/gems/metasploit-framework-4.14.4/lib/rex/ui/tex
t/dispatcher_shell.rb:392:in `block in run_single'", "/opt/metasploit/apps/pro/v
endor/bundle/ruby/2.3.0/gems/metasploit-framework-4.14.4/lib/rex/ui/text/dispatc
her_shell.rb:386:in `each'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/
gems/metasploit-framework-4.14.4/lib/rex/ui/text/dispatcher_shell.rb:386:in `run
_single'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/metasploit-fr
amework-4.14.4/lib/msf/ui/console/driver.rb:248:in `block in initialize'", "/opt
/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/metasploit-framework-4.14.4/l
ib/msf/ui/console/driver.rb:247:in `each'", "/opt/metasploit/apps/pro/vendor/bun
dle/ruby/2.3.0/gems/metasploit-framework-4.14.4/lib/msf/ui/console/driver.rb:247
:in `initialize'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/metas
ploit-framework-4.14.4/lib/metasploit/framework/command/console.rb:62:in `new'",
 "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/metasploit-framework-4.
14.4/lib/metasploit/framework/command/console.rb:62:in `driver'", "/opt/metasplo
it/apps/pro/vendor/bundle/ruby/2.3.0/gems/metasploit-framework-4.14.4/lib/metasp
loit/framework/command/console.rb:48:in `start'", "/opt/metasploit/apps/pro/vend
or/bundle/ruby/2.3.0/gems/metasploit-framework-4.14.4/lib/metasploit/framework/c
ommand/base.rb:82:in `start'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.
0/gems/metasploit-framework-4.14.4/msfconsole:48:in `<top (required)>'", "/opt/m
etasploit/apps/pro/vendor/bundle/ruby/2.3.0/bin/msfconsole:23:in `load'", "/opt/
metasploit/apps/pro/vendor/bundle/ruby/2.3.0/bin/msfconsole:23:in `<main>'"]

It seems that subprocess-ing the msfconsole is crashing because of the (included) library RbReadline, which doesn't like to be run inside the pseudo-terminal environment (similar issue: https://github.com/ConnorAtherton/rb-readline/pull/135). Easy fix would be to put the ss = StringScanner.new(seq.to_s) instead of the current (problematic) ss = StringScanner.new(seq) in metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/rb-readline-0.5.4/lib/rbreadline.rb:2398, but that would require patching of thirdparty code.

Also, it seems that rbreadline used by metasploit is causing problems all around (Google dork: rbreadline metasploit)

stamparm commented 7 years ago 
$ msfconsole --help
Usage: msfconsole [options]
...
    -L, --real-readline              Use the system Readline library instead of RbReadline
...
stamparm commented 7 years ago

Before: before

After 16bd3a1: now