msfconsole,OpenSSL::PKey::PKeyError報錯解決辦法
L1119發表於2022-08-17
一、問題呈現
(kali㉿kali)-[~]$ msfconsole /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:14:in `generate_key!': pkeys are immutable on OpenSSL 3.0 (OpenSSL::PKey::PKeyError) from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:14:in `<class:EcdsaSha2Nistp256>' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:10:in `<class:ServerHostKeyAlgorithm>' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:9:in `<class:Transport>' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:8:in `<module:HrrRbSsh>' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:7:in `<top (required)>' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/zeitwerk-2.6.0/lib/zeitwerk/kernel.rb:35:in `require' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/zeitwerk-2.6.0/lib/zeitwerk/kernel.rb:35:in `require' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm.rb:19:in `<top (required)>' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/zeitwerk-2.6.0/lib/zeitwerk/kernel.rb:35:in `require' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/zeitwerk-2.6.0/lib/zeitwerk/kernel.rb:35:in `require' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport.rb:16:in `<top (required)>' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/zeitwerk-2.6.0/lib/zeitwerk/kernel.rb:35:in `require' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/zeitwerk-2.6.0/lib/zeitwerk/kernel.rb:35:in `require' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh.rb:15:in `<top (required)>' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/zeitwerk-2.6.0/lib/zeitwerk/kernel.rb:35:in `require' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/zeitwerk-2.6.0/lib/zeitwerk/kernel.rb:35:in `require' from /usr/share/metasploit-framework/lib/rex/proto/ssh/hrr_rb_ssh.rb:3:in `<top (required)>' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/zeitwerk-2.6.0/lib/zeitwerk/kernel.rb:35:in `require' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/zeitwerk-2.6.0/lib/zeitwerk/kernel.rb:35:in `require' from /usr/share/metasploit-framework/lib/rex/proto/ssh/connection.rb:2:in `<top (required)>' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/zeitwerk-2.6.0/lib/zeitwerk/kernel.rb:35:in `require' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/zeitwerk-2.6.0/lib/zeitwerk/kernel.rb:35:in `require' from /usr/share/metasploit-framework/lib/msf/core/handler/reverse_ssh.rb:146:in `default_version_string' from /usr/share/metasploit-framework/lib/msf/core/handler/reverse_ssh.rb:40:in `initialize' from /usr/share/metasploit-framework/lib/msf/base/sessions/command_shell_options.rb:16:in `initialize' from /usr/share/metasploit-framework/modules/payloads/singles/cmd/unix/reverse_ssh.rb:16:in `initialize' from /usr/share/metasploit-framework/lib/msf/core/payload_set.rb:95:in `new' from /usr/share/metasploit-framework/lib/msf/core/payload_set.rb:95:in `block (2 levels) in recalculate' from /usr/share/metasploit-framework/lib/msf/core/payload_set.rb:93:in `each_pair' from /usr/share/metasploit-framework/lib/msf/core/payload_set.rb:93:in `block in recalculate' from /usr/share/metasploit-framework/lib/msf/core/payload_set.rb:73:in `each_pair' from /usr/share/metasploit-framework/lib/msf/core/payload_set.rb:73:in `recalculate' from /usr/share/metasploit-framework/lib/msf/core/modules/loader/base.rb:258:in `block in load_modules' from /usr/share/metasploit-framework/lib/msf/core/modules/loader/base.rb:255:in `each' from /usr/share/metasploit-framework/lib/msf/core/modules/loader/base.rb:255:in `load_modules' from /usr/share/metasploit-framework/lib/msf/core/module_manager/loading.rb:170:in `block in load_modules' from /usr/share/metasploit-framework/lib/msf/core/module_manager/loading.rb:168:in `each' from /usr/share/metasploit-framework/lib/msf/core/module_manager/loading.rb:168:in `load_modules' from /usr/share/metasploit-framework/lib/msf/core/module_manager/module_paths.rb:41:in `block in add_module_path' from /usr/share/metasploit-framework/lib/msf/core/module_manager/module_paths.rb:40:in `each' from /usr/share/metasploit-framework/lib/msf/core/module_manager/module_paths.rb:40:in `add_module_path' from /usr/share/metasploit-framework/lib/msf/base/simple/framework/module_paths.rb:51:in `block in init_module_paths' from /usr/share/metasploit-framework/lib/msf/base/simple/framework/module_paths.rb:50:in `each' from /usr/share/metasploit-framework/lib/msf/base/simple/framework/module_paths.rb:50:in `init_module_paths' from /usr/share/metasploit-framework/lib/msf/ui/console/driver.rb:160:in `initialize' from /usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:60:in `new' from /usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:60:in `driver' from /usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:48:in `start' from /usr/share/metasploit-framework/lib/metasploit/framework/command/base.rb:82:in `start' from /usr/bin/msfconsole:23:in `<main>'
二、解決辦法
Ubuntu (除了 Kali 之外的任何東西)
安裝最新的Metasploit框架版本,該版本與較舊的opensl版本捆綁在一起:https://docs.metasploit.com/docs/using-metasploit/getting-started/nightly-installers.html
Kali
將此修補程式本地應用於/usr/share/metasploit-framework/lib/msf/core/handler/reverse_ssh.rb
diff --git a/lib/msf/core/handler/reverse_ssh.rb b/lib/msf/core/handler/reverse_ssh.rb index 9917ad4460..cf2b1bc472 100644 --- a/lib/msf/core/handler/reverse_ssh.rb +++ b/lib/msf/core/handler/reverse_ssh.rb @@ -145,8 +145,12 @@ module Msf def default_version_string require 'rex/proto/ssh/connection' Rex::Proto::Ssh::Connection.default_options['local_version'] + rescue OpenSSL::OpenSSLError => e + print_error("ReverseSSH handler did not load with OpenSSL version #{OpenSSL::VERSION}") + elog(e) + 'SSH-2.0-OpenSSH_5.3p1' rescue LoadError => e print_error("This handler requires PTY access not available on all platforms.") elog(e) 'SSH-2.0-OpenSSH_5.3p1' end
將表粗部分新增到對應reverse_ssh.rb中,可正常使用metasploit,效果如下
(kali㉿kali)-[/usr/…/lib/msf/core/handler] $ msfconsole /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:11: warning: already initialized constant HrrRbSsh::Transport::ServerHostKeyAlgorithm::EcdsaSha2Nistp256::NAME /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:11: warning: previous definition of NAME was here /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:12: warning: already initialized constant HrrRbSsh::Transport::ServerHostKeyAlgorithm::EcdsaSha2Nistp256::PREFERENCE /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:12: warning: previous definition of PREFERENCE was here /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:13: warning: already initialized constant HrrRbSsh::Transport::ServerHostKeyAlgorithm::EcdsaSha2Nistp256::IDENTIFIER /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:13: warning: previous definition of IDENTIFIER was here /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:11: warning: already initialized constant HrrRbSsh::Transport::ServerHostKeyAlgorithm::EcdsaSha2Nistp256::NAME /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:11: warning: previous definition of NAME was here /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:12: warning: already initialized constant HrrRbSsh::Transport::ServerHostKeyAlgorithm::EcdsaSha2Nistp256::PREFERENCE /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:12: warning: previous definition of PREFERENCE was here /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:13: warning: already initialized constant HrrRbSsh::Transport::ServerHostKeyAlgorithm::EcdsaSha2Nistp256::IDENTIFIER /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:13: warning: previous definition of IDENTIFIER was here `:oDFo:` ./ymM0dayMmy/. -+dHJ5aGFyZGVyIQ==+- `:sm~~Destroy.No.Data~~s:` -+h2~~Maintain.No.Persistence~~h+- `:odNo2~~Above.All.Else.Do.No.Harm~~Ndo:` ./etc/shadow.0days-Data'%20OR%201=1--.No.0MN8'/. -++SecKCoin++e.AMd` `.-://///+hbove.913.ElsMNh+- -~/.ssh/id_rsa.Des- `htN01UserWroteMe!- :dopeAW.No<nano>o :is:TЯiKC.sudo-.A: :we're.all.alike'` The.PFYroy.No.D7: :PLACEDRINKHERE!: yxp_cmdshell.Ab0: :msf>exploit -j. :Ns.BOB&ALICEes7: :---srwxrwx:-.` `MS146.52.No.Per: :<script>.Ac816/ sENbove3101.404: :NT_AUTHORITY.Do `T:/shSYSTEM-.N: :09.14.2011.raid /STFU|wall.No.Pr: :hevnsntSurb025N. dNVRGOING2GIVUUP: :#OUTHOUSE- -s: /corykennedyData: :$nmap -oS SSo.6178306Ence: :Awsm.da: /shMTl#beats3o.No.: :Ring0: `dDestRoyREXKC3ta/M: :23d: sSETEC.ASTRONOMYist: /- /yo- .ence.N:(){ :|: & };: `:Shall.We.Play.A.Game?tron/ ```-ooy.if1ghtf0r+ehUser5` ..th3.H1V3.U2VjRFNN.jMh+.` `MjM~~WE.ARE.se~~MMjMs +~KANSAS.CITY's~-` J~HAKCERS~./.` .esc:wq!:` +++ATH` ` =[ metasploit v6.2.6-dev ] + -- --=[ 2227 exploits - 1175 auxiliary - 398 post ] + -- --=[ 867 payloads - 45 encoders - 11 nops ] + -- --=[ 9 evasion ] Metasploit tip: You can pivot connections over sessions started with the ssh_login modules msf6 >
相關文章
- zblogphp提示“ Call to undefined function openssl_pkey_get_public()”的原因和解決辦法2024-08-17PHPUndefinedFunction
- sysctl -P 報錯解決辦法2016-03-01
- cnpm link 報錯解決辦法2018-04-10NPM
- git報錯400的解決辦法2024-04-05Git
- Mybatis批量更新SQL報錯☞解決辦法2018-08-31MyBatisSQL
- 執行Docker命令報錯解決辦法2018-01-02Docker
- isNaN("abc")編譯報錯解決辦法2012-12-26NaN編譯
- 安裝ionic 報錯 安裝canvas報錯 解決辦法2018-02-06Canvas
- Could not resolve host: 'localhost 報錯解決辦法2018-01-14localhost
- 安裝sysbench過程報錯,解決辦法2015-06-02
- 建庫時EM報錯的解決辦法2008-09-26
- IOConsole Updater 報錯解決辦法2012-02-26
- myeclipse專案報錯終極解決辦法2016-08-08Eclipse
- sphinx :undefined reference to `libiconv' 報錯解決辦法2013-11-30Undefined
- VMware 啟動報錯 "Failed to lock the file"解決辦法2008-08-30AI
- oracle 10g emctl 報錯的解決辦法2011-06-01Oracle 10g
- man出錯解決辦法2010-11-03
- Jsp Unescaped xml character報錯的解決辦法2018-10-12JSXML
- Docker Hello World容器執行報錯的解決辦法2018-10-03Docker
- vue報錯:the template root disallows ‘v-for‘ directives解決辦法2020-11-09Vue
- Laravel Mix - 執行 NPM install 報錯解決辦法2018-03-29LaravelNPM
- 客戶系統報錯:soft lockup的解決辦法2016-09-28
- ORA-38706&ORA-38707報錯解決辦法2016-08-18
- VirtualBox-4.3.0啟動報錯及解決辦法2013-10-18
- Perl CPAN安裝報錯CPAN::Modulelist的解決辦法2009-08-13
- SAP錯誤提示解決辦法2009-06-28
- 關於npm install安裝報錯的解決辦法2019-05-31NPM
- Maven下載jar包慢,pom報錯的解決辦法2019-02-10MavenJAR
- SVN報錯“Failed to run the WC DB work queue associated with”解決辦法2021-06-19AI
- 關於Chrome報錯 ERR_NAME_NOT_RESOLVED 解決辦法2021-08-17Chrome
- PHP報錯“Parseerror:syntaxerror,unexpectedT_VARIABLE”的解決辦法2016-07-08PHPError
- npm報錯"A complete log of this run can be found in:"的解決辦法2024-06-04NPM
- Ubuntu 報錯:無法獲得鎖 /var/lib/dpkg/lock解決辦法2018-11-03Ubuntu
- 連線oracle錯誤解決辦法2016-10-08Oracle
- nginxFastCGI錯誤Primaryscriptunknown解決辦法2017-11-20NginxAST
- Unable to locate package錯誤解決辦法2014-04-20Package
- oracle 1455 錯誤解決辦法2012-06-04Oracle
- 畢設之錯誤解決辦法2024-04-07