msfconsole，OpenSSL::PKey::PKeyError報錯解決辦法

L1119發表於2022-08-17

一、問題呈現

(kali㉿kali)-[~]$ msfconsole                
/usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:14:in `generate_key!': pkeys are immutable on OpenSSL 3.0 (OpenSSL::PKey::PKeyError)
        from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:14:in `<class:EcdsaSha2Nistp256>'
        from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:10:in `<class:ServerHostKeyAlgorithm>'
        from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:9:in `<class:Transport>'
        from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:8:in `<module:HrrRbSsh>'
        from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:7:in `<top (required)>'
        from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/zeitwerk-2.6.0/lib/zeitwerk/kernel.rb:35:in `require'
        from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/zeitwerk-2.6.0/lib/zeitwerk/kernel.rb:35:in `require'
        from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm.rb:19:in `<top (required)>'
        from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/zeitwerk-2.6.0/lib/zeitwerk/kernel.rb:35:in `require'
        from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/zeitwerk-2.6.0/lib/zeitwerk/kernel.rb:35:in `require'
        from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport.rb:16:in `<top (required)>'
        from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/zeitwerk-2.6.0/lib/zeitwerk/kernel.rb:35:in `require'
        from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/zeitwerk-2.6.0/lib/zeitwerk/kernel.rb:35:in `require'
        from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh.rb:15:in `<top (required)>'
        from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/zeitwerk-2.6.0/lib/zeitwerk/kernel.rb:35:in `require'
        from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/zeitwerk-2.6.0/lib/zeitwerk/kernel.rb:35:in `require'
        from /usr/share/metasploit-framework/lib/rex/proto/ssh/hrr_rb_ssh.rb:3:in `<top (required)>'
        from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/zeitwerk-2.6.0/lib/zeitwerk/kernel.rb:35:in `require'
        from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/zeitwerk-2.6.0/lib/zeitwerk/kernel.rb:35:in `require'
        from /usr/share/metasploit-framework/lib/rex/proto/ssh/connection.rb:2:in `<top (required)>'
        from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/zeitwerk-2.6.0/lib/zeitwerk/kernel.rb:35:in `require'
        from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/zeitwerk-2.6.0/lib/zeitwerk/kernel.rb:35:in `require'
        from /usr/share/metasploit-framework/lib/msf/core/handler/reverse_ssh.rb:146:in `default_version_string'
        from /usr/share/metasploit-framework/lib/msf/core/handler/reverse_ssh.rb:40:in `initialize'
        from /usr/share/metasploit-framework/lib/msf/base/sessions/command_shell_options.rb:16:in `initialize'
        from /usr/share/metasploit-framework/modules/payloads/singles/cmd/unix/reverse_ssh.rb:16:in `initialize'
        from /usr/share/metasploit-framework/lib/msf/core/payload_set.rb:95:in `new'
        from /usr/share/metasploit-framework/lib/msf/core/payload_set.rb:95:in `block (2 levels) in recalculate'
        from /usr/share/metasploit-framework/lib/msf/core/payload_set.rb:93:in `each_pair'
        from /usr/share/metasploit-framework/lib/msf/core/payload_set.rb:93:in `block in recalculate'
        from /usr/share/metasploit-framework/lib/msf/core/payload_set.rb:73:in `each_pair'
        from /usr/share/metasploit-framework/lib/msf/core/payload_set.rb:73:in `recalculate'
        from /usr/share/metasploit-framework/lib/msf/core/modules/loader/base.rb:258:in `block in load_modules'
        from /usr/share/metasploit-framework/lib/msf/core/modules/loader/base.rb:255:in `each'
        from /usr/share/metasploit-framework/lib/msf/core/modules/loader/base.rb:255:in `load_modules'
        from /usr/share/metasploit-framework/lib/msf/core/module_manager/loading.rb:170:in `block in load_modules'
        from /usr/share/metasploit-framework/lib/msf/core/module_manager/loading.rb:168:in `each'
        from /usr/share/metasploit-framework/lib/msf/core/module_manager/loading.rb:168:in `load_modules'
        from /usr/share/metasploit-framework/lib/msf/core/module_manager/module_paths.rb:41:in `block in add_module_path'
        from /usr/share/metasploit-framework/lib/msf/core/module_manager/module_paths.rb:40:in `each'
        from /usr/share/metasploit-framework/lib/msf/core/module_manager/module_paths.rb:40:in `add_module_path'
        from /usr/share/metasploit-framework/lib/msf/base/simple/framework/module_paths.rb:51:in `block in init_module_paths'
        from /usr/share/metasploit-framework/lib/msf/base/simple/framework/module_paths.rb:50:in `each'
        from /usr/share/metasploit-framework/lib/msf/base/simple/framework/module_paths.rb:50:in `init_module_paths'
        from /usr/share/metasploit-framework/lib/msf/ui/console/driver.rb:160:in `initialize'
        from /usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:60:in `new'
        from /usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:60:in `driver'
        from /usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:48:in `start'
        from /usr/share/metasploit-framework/lib/metasploit/framework/command/base.rb:82:in `start'
        from /usr/bin/msfconsole:23:in `<main>'

二、解決辦法

Ubuntu （除了 Kali 之外的任何東西）

安裝最新的Metasploit框架版本，該版本與較舊的opensl版本捆綁在一起：https://docs.metasploit.com/docs/using-metasploit/getting-started/nightly-installers.html

Kali

將此修補程式本地應用於/usr/share/metasploit-framework/lib/msf/core/handler/reverse_ssh.rb

diff --git a/lib/msf/core/handler/reverse_ssh.rb b/lib/msf/core/handler/reverse_ssh.rb
index 9917ad4460..cf2b1bc472 100644
--- a/lib/msf/core/handler/reverse_ssh.rb
+++ b/lib/msf/core/handler/reverse_ssh.rb
@@ -145,8 +145,12 @@ module Msf
       def default_version_string         
           require 'rex/proto/ssh/connection'
         Rex::Proto::Ssh::Connection.default_options['local_version']
+          rescue OpenSSL::OpenSSLError => e
+        print_error("ReverseSSH handler did not load with OpenSSL version #{OpenSSL::VERSION}")
+        elog(e)
+        'SSH-2.0-OpenSSH_5.3p1'
       rescue LoadError => e        
       print_error("This handler requires PTY access not available on all platforms.")
         elog(e)
         'SSH-2.0-OpenSSH_5.3p1'
       end

將表粗部分新增到對應reverse_ssh.rb中，可正常使用metasploit，效果如下

(kali㉿kali)-[/usr/…/lib/msf/core/handler]
$ msfconsole 
/usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:11: warning: already initialized constant HrrRbSsh::Transport::ServerHostKeyAlgorithm::EcdsaSha2Nistp256::NAME
/usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:11: warning: previous definition of NAME was here
/usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:12: warning: already initialized constant HrrRbSsh::Transport::ServerHostKeyAlgorithm::EcdsaSha2Nistp256::PREFERENCE
/usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:12: warning: previous definition of PREFERENCE was here
/usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:13: warning: already initialized constant HrrRbSsh::Transport::ServerHostKeyAlgorithm::EcdsaSha2Nistp256::IDENTIFIER
/usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:13: warning: previous definition of IDENTIFIER was here
/usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:11: warning: already initialized constant HrrRbSsh::Transport::ServerHostKeyAlgorithm::EcdsaSha2Nistp256::NAME
/usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:11: warning: previous definition of NAME was here
/usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:12: warning: already initialized constant HrrRbSsh::Transport::ServerHostKeyAlgorithm::EcdsaSha2Nistp256::PREFERENCE
/usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:12: warning: previous definition of PREFERENCE was here
/usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:13: warning: already initialized constant HrrRbSsh::Transport::ServerHostKeyAlgorithm::EcdsaSha2Nistp256::IDENTIFIER
/usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:13: warning: previous definition of IDENTIFIER was here
                                                  
                                              `:oDFo:`                            
                                           ./ymM0dayMmy/.                                                           
                                        -+dHJ5aGFyZGVyIQ==+-                                                        
                                    `:sm~~Destroy.No.Data~~s:`                                                     
                                 -+h2~~Maintain.No.Persistence~~h+-                                                 
                             `:odNo2~~Above.All.Else.Do.No.Harm~~Ndo:`                                              
                          ./etc/shadow.0days-Data'%20OR%201=1--.No.0MN8'/.                                          
                       -++SecKCoin++e.AMd`       `.-://///+hbove.913.ElsMNh+-                                       
                      -~/.ssh/id_rsa.Des-                  `htN01UserWroteMe!-                                      
                      :dopeAW.No<nano>o                     :is:TЯiKC.sudo-.A:                                      
                      :we're.all.alike'`                     The.PFYroy.No.D7:                                      
                      :PLACEDRINKHERE!:                      yxp_cmdshell.Ab0:                                      
                      :msf>exploit -j.                       :Ns.BOB&ALICEes7:                                      
                      :---srwxrwx:-.`                        `MS146.52.No.Per:                                      
                      :<script>.Ac816/                        sENbove3101.404:                                      
                      :NT_AUTHORITY.Do                        `T:/shSYSTEM-.N:                                      
                      :09.14.2011.raid                       /STFU|wall.No.Pr:                                      
                      :hevnsntSurb025N.                      dNVRGOING2GIVUUP:                                      
                      :#OUTHOUSE-  -s:                       /corykennedyData:                                      
                      :$nmap -oS                              SSo.6178306Ence:                                      
                      :Awsm.da:                            /shMTl#beats3o.No.:                                      
                      :Ring0:                             `dDestRoyREXKC3ta/M:                                      
                      :23d:                               sSETEC.ASTRONOMYist:                                      
                       /-                        /yo-    .ence.N:(){ :|: & };:                                      
                                                 `:Shall.We.Play.A.Game?tron/                                       
                                                 ```-ooy.if1ghtf0r+ehUser5`                                         
                                               ..th3.H1V3.U2VjRFNN.jMh+.`                                           
                                              `MjM~~WE.ARE.se~~MMjMs                                                
                                               +~KANSAS.CITY's~-`                                                   
                                                J~HAKCERS~./.`                                                      
                                                .esc:wq!:`                                                          
                                                 +++ATH`                                                            
                                                  `                                                                 
                                                                                                                    

       =[ metasploit v6.2.6-dev                           ]
+ -- --=[ 2227 exploits - 1175 auxiliary - 398 post       ]
+ -- --=[ 867 payloads - 45 encoders - 11 nops            ]
+ -- --=[ 9 evasion                                       ]

Metasploit tip: You can pivot connections over sessions 
started with the ssh_login modules

msf6 >

zblogphp提示“ Call to undefined function openssl_pkey_get_public()”的原因和解決辦法
2024-08-17
PHPUndefinedFunction
sysctl -P 報錯解決辦法
2016-03-01
cnpm link 報錯解決辦法
2018-04-10
NPM
git報錯400的解決辦法
2024-04-05
Git
Mybatis批量更新SQL報錯☞解決辦法
2018-08-31
MyBatisSQL
執行Docker命令報錯解決辦法
2018-01-02
Docker
isNaN("abc")編譯報錯解決辦法
2012-12-26
NaN編譯
安裝ionic 報錯安裝canvas報錯解決辦法
2018-02-06
Canvas
Could not resolve host: 'localhost 報錯解決辦法
2018-01-14
localhost
安裝sysbench過程報錯，解決辦法
2015-06-02
建庫時EM報錯的解決辦法
2008-09-26
IOConsole Updater 報錯解決辦法
2012-02-26
myeclipse專案報錯終極解決辦法
2016-08-08
Eclipse
sphinx ：undefined reference to `libiconv' 報錯解決辦法
2013-11-30
Undefined
VMware 啟動報錯 "Failed to lock the file"解決辦法
2008-08-30
AI
oracle 10g emctl 報錯的解決辦法
2011-06-01
Oracle 10g
man出錯解決辦法
2010-11-03
Jsp Unescaped xml character報錯的解決辦法
2018-10-12
JSXML
Docker Hello World容器執行報錯的解決辦法
2018-10-03
Docker
vue報錯：the template root disallows ‘v-for‘ directives解決辦法
2020-11-09
Vue
Laravel Mix - 執行 NPM install 報錯解決辦法
2018-03-29
LaravelNPM
客戶系統報錯：soft lockup的解決辦法
2016-09-28
ORA-38706&ORA-38707報錯解決辦法
2016-08-18
VirtualBox-4.3.0啟動報錯及解決辦法
2013-10-18
Perl CPAN安裝報錯CPAN::Modulelist的解決辦法
2009-08-13
SAP錯誤提示解決辦法
2009-06-28
關於npm install安裝報錯的解決辦法
2019-05-31
NPM
Maven下載jar包慢，pom報錯的解決辦法
2019-02-10
MavenJAR
SVN報錯“Failed to run the WC DB work queue associated with”解決辦法
2021-06-19
AI
關於Chrome報錯 ERR_NAME_NOT_RESOLVED 解決辦法
2021-08-17
Chrome
PHP報錯“Parseerror:syntaxerror,unexpectedT_VARIABLE”的解決辦法
2016-07-08
PHPError
npm報錯"A complete log of this run can be found in:"的解決辦法
2024-06-04
NPM
Ubuntu 報錯：無法獲得鎖 /var/lib/dpkg/lock解決辦法
2018-11-03
Ubuntu
連線oracle錯誤解決辦法
2016-10-08
Oracle
nginxFastCGI錯誤Primaryscriptunknown解決辦法
2017-11-20
NginxAST
Unable to locate package錯誤解決辦法
2014-04-20
Package
oracle 1455 錯誤解決辦法
2012-06-04
Oracle
畢設之錯誤解決辦法
2024-04-07

msfconsole，OpenSSL::PKey::PKeyError報錯解決辦法

相關文章