msfconsole,OpenSSL::PKey::PKeyError報錯解決辦法
L1119發表於2022-08-17
一、問題呈現
(kali㉿kali)-[~]$ msfconsole /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:14:in `generate_key!': pkeys are immutable on OpenSSL 3.0 (OpenSSL::PKey::PKeyError) from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:14:in `<class:EcdsaSha2Nistp256>' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:10:in `<class:ServerHostKeyAlgorithm>' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:9:in `<class:Transport>' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:8:in `<module:HrrRbSsh>' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:7:in `<top (required)>' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/zeitwerk-2.6.0/lib/zeitwerk/kernel.rb:35:in `require' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/zeitwerk-2.6.0/lib/zeitwerk/kernel.rb:35:in `require' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm.rb:19:in `<top (required)>' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/zeitwerk-2.6.0/lib/zeitwerk/kernel.rb:35:in `require' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/zeitwerk-2.6.0/lib/zeitwerk/kernel.rb:35:in `require' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport.rb:16:in `<top (required)>' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/zeitwerk-2.6.0/lib/zeitwerk/kernel.rb:35:in `require' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/zeitwerk-2.6.0/lib/zeitwerk/kernel.rb:35:in `require' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh.rb:15:in `<top (required)>' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/zeitwerk-2.6.0/lib/zeitwerk/kernel.rb:35:in `require' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/zeitwerk-2.6.0/lib/zeitwerk/kernel.rb:35:in `require' from /usr/share/metasploit-framework/lib/rex/proto/ssh/hrr_rb_ssh.rb:3:in `<top (required)>' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/zeitwerk-2.6.0/lib/zeitwerk/kernel.rb:35:in `require' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/zeitwerk-2.6.0/lib/zeitwerk/kernel.rb:35:in `require' from /usr/share/metasploit-framework/lib/rex/proto/ssh/connection.rb:2:in `<top (required)>' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/zeitwerk-2.6.0/lib/zeitwerk/kernel.rb:35:in `require' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/zeitwerk-2.6.0/lib/zeitwerk/kernel.rb:35:in `require' from /usr/share/metasploit-framework/lib/msf/core/handler/reverse_ssh.rb:146:in `default_version_string' from /usr/share/metasploit-framework/lib/msf/core/handler/reverse_ssh.rb:40:in `initialize' from /usr/share/metasploit-framework/lib/msf/base/sessions/command_shell_options.rb:16:in `initialize' from /usr/share/metasploit-framework/modules/payloads/singles/cmd/unix/reverse_ssh.rb:16:in `initialize' from /usr/share/metasploit-framework/lib/msf/core/payload_set.rb:95:in `new' from /usr/share/metasploit-framework/lib/msf/core/payload_set.rb:95:in `block (2 levels) in recalculate' from /usr/share/metasploit-framework/lib/msf/core/payload_set.rb:93:in `each_pair' from /usr/share/metasploit-framework/lib/msf/core/payload_set.rb:93:in `block in recalculate' from /usr/share/metasploit-framework/lib/msf/core/payload_set.rb:73:in `each_pair' from /usr/share/metasploit-framework/lib/msf/core/payload_set.rb:73:in `recalculate' from /usr/share/metasploit-framework/lib/msf/core/modules/loader/base.rb:258:in `block in load_modules' from /usr/share/metasploit-framework/lib/msf/core/modules/loader/base.rb:255:in `each' from /usr/share/metasploit-framework/lib/msf/core/modules/loader/base.rb:255:in `load_modules' from /usr/share/metasploit-framework/lib/msf/core/module_manager/loading.rb:170:in `block in load_modules' from /usr/share/metasploit-framework/lib/msf/core/module_manager/loading.rb:168:in `each' from /usr/share/metasploit-framework/lib/msf/core/module_manager/loading.rb:168:in `load_modules' from /usr/share/metasploit-framework/lib/msf/core/module_manager/module_paths.rb:41:in `block in add_module_path' from /usr/share/metasploit-framework/lib/msf/core/module_manager/module_paths.rb:40:in `each' from /usr/share/metasploit-framework/lib/msf/core/module_manager/module_paths.rb:40:in `add_module_path' from /usr/share/metasploit-framework/lib/msf/base/simple/framework/module_paths.rb:51:in `block in init_module_paths' from /usr/share/metasploit-framework/lib/msf/base/simple/framework/module_paths.rb:50:in `each' from /usr/share/metasploit-framework/lib/msf/base/simple/framework/module_paths.rb:50:in `init_module_paths' from /usr/share/metasploit-framework/lib/msf/ui/console/driver.rb:160:in `initialize' from /usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:60:in `new' from /usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:60:in `driver' from /usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:48:in `start' from /usr/share/metasploit-framework/lib/metasploit/framework/command/base.rb:82:in `start' from /usr/bin/msfconsole:23:in `<main>'
二、解決辦法
Ubuntu (除了 Kali 之外的任何東西)
安裝最新的Metasploit框架版本,該版本與較舊的opensl版本捆綁在一起:https://docs.metasploit.com/docs/using-metasploit/getting-started/nightly-installers.html
Kali
將此修補程式本地應用於/usr/share/metasploit-framework/lib/msf/core/handler/reverse_ssh.rb
diff --git a/lib/msf/core/handler/reverse_ssh.rb b/lib/msf/core/handler/reverse_ssh.rb index 9917ad4460..cf2b1bc472 100644 --- a/lib/msf/core/handler/reverse_ssh.rb +++ b/lib/msf/core/handler/reverse_ssh.rb @@ -145,8 +145,12 @@ module Msf def default_version_string require 'rex/proto/ssh/connection' Rex::Proto::Ssh::Connection.default_options['local_version'] + rescue OpenSSL::OpenSSLError => e + print_error("ReverseSSH handler did not load with OpenSSL version #{OpenSSL::VERSION}") + elog(e) + 'SSH-2.0-OpenSSH_5.3p1' rescue LoadError => e print_error("This handler requires PTY access not available on all platforms.") elog(e) 'SSH-2.0-OpenSSH_5.3p1' end
將表粗部分新增到對應reverse_ssh.rb中,可正常使用metasploit,效果如下
(kali㉿kali)-[/usr/…/lib/msf/core/handler] $ msfconsole /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:11: warning: already initialized constant HrrRbSsh::Transport::ServerHostKeyAlgorithm::EcdsaSha2Nistp256::NAME /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:11: warning: previous definition of NAME was here /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:12: warning: already initialized constant HrrRbSsh::Transport::ServerHostKeyAlgorithm::EcdsaSha2Nistp256::PREFERENCE /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:12: warning: previous definition of PREFERENCE was here /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:13: warning: already initialized constant HrrRbSsh::Transport::ServerHostKeyAlgorithm::EcdsaSha2Nistp256::IDENTIFIER /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:13: warning: previous definition of IDENTIFIER was here /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:11: warning: already initialized constant HrrRbSsh::Transport::ServerHostKeyAlgorithm::EcdsaSha2Nistp256::NAME /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:11: warning: previous definition of NAME was here /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:12: warning: already initialized constant HrrRbSsh::Transport::ServerHostKeyAlgorithm::EcdsaSha2Nistp256::PREFERENCE /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:12: warning: previous definition of PREFERENCE was here /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:13: warning: already initialized constant HrrRbSsh::Transport::ServerHostKeyAlgorithm::EcdsaSha2Nistp256::IDENTIFIER /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:13: warning: previous definition of IDENTIFIER was here `:oDFo:` ./ymM0dayMmy/. -+dHJ5aGFyZGVyIQ==+- `:sm~~Destroy.No.Data~~s:` -+h2~~Maintain.No.Persistence~~h+- `:odNo2~~Above.All.Else.Do.No.Harm~~Ndo:` ./etc/shadow.0days-Data'%20OR%201=1--.No.0MN8'/. -++SecKCoin++e.AMd` `.-://///+hbove.913.ElsMNh+- -~/.ssh/id_rsa.Des- `htN01UserWroteMe!- :dopeAW.No<nano>o :is:TЯiKC.sudo-.A: :we're.all.alike'` The.PFYroy.No.D7: :PLACEDRINKHERE!: yxp_cmdshell.Ab0: :msf>exploit -j. :Ns.BOB&ALICEes7: :---srwxrwx:-.` `MS146.52.No.Per: :<script>.Ac816/ sENbove3101.404: :NT_AUTHORITY.Do `T:/shSYSTEM-.N: :09.14.2011.raid /STFU|wall.No.Pr: :hevnsntSurb025N. dNVRGOING2GIVUUP: :#OUTHOUSE- -s: /corykennedyData: :$nmap -oS SSo.6178306Ence: :Awsm.da: /shMTl#beats3o.No.: :Ring0: `dDestRoyREXKC3ta/M: :23d: sSETEC.ASTRONOMYist: /- /yo- .ence.N:(){ :|: & };: `:Shall.We.Play.A.Game?tron/ ```-ooy.if1ghtf0r+ehUser5` ..th3.H1V3.U2VjRFNN.jMh+.` `MjM~~WE.ARE.se~~MMjMs +~KANSAS.CITY's~-` J~HAKCERS~./.` .esc:wq!:` +++ATH` ` =[ metasploit v6.2.6-dev ] + -- --=[ 2227 exploits - 1175 auxiliary - 398 post ] + -- --=[ 867 payloads - 45 encoders - 11 nops ] + -- --=[ 9 evasion ] Metasploit tip: You can pivot connections over sessions started with the ssh_login modules msf6 >
相關文章
- zblogphp提示“ Call to undefined function openssl_pkey_get_public()”的原因和解決辦法2024-08-17PHPUndefinedFunction
- cnpm link 報錯解決辦法2018-04-10NPM
- git報錯400的解決辦法2024-04-05Git
- Mybatis批量更新SQL報錯☞解決辦法2018-08-31MyBatisSQL
- Jsp Unescaped xml character報錯的解決辦法2018-10-12JSXML
- eclipse :報錯 ‘XXXX‘ does not name a type的解決辦法2020-08-14Eclipse
- Laravel Mix - 執行 NPM install 報錯解決辦法2018-03-29LaravelNPM
- Docker Hello World容器執行報錯的解決辦法2018-10-03Docker
- vue報錯:the template root disallows ‘v-for‘ directives解決辦法2020-11-09Vue
- 關於npm install安裝報錯的解決辦法2019-05-31NPM
- npm報錯"A complete log of this run can be found in:"的解決辦法2024-06-04NPM
- 關於Chrome報錯 ERR_NAME_NOT_RESOLVED 解決辦法2021-08-17Chrome
- 報錯:net::err_unknown_url_scheme的解決辦法2020-12-30Scheme
- Ubuntu 報錯:無法獲得鎖 /var/lib/dpkg/lock解決辦法2018-11-03Ubuntu
- Homestead 在 Windows 下軟連結報錯的解決辦法2018-10-29Windows
- pod install 和 rvm install ruby-xxxx報錯解決辦法2018-08-23
- Maven下載jar包慢,pom報錯的解決辦法2019-02-10MavenJAR
- MySQL5.7 group by新特性報錯1055的解決辦法2021-09-09MySql
- SVN報錯“Failed to run the WC DB work queue associated with”解決辦法2021-06-19AI
- Python-安裝部分包報錯解決辦法彙總2020-12-18Python
- 畢設之錯誤解決辦法2024-04-07
- Idea編譯錯誤解決辦法2021-01-04Idea編譯
- Flutter url_launcher 報錯 canLaunch will return false(Android)的解決辦法2021-08-31FlutterFalseAndroid
- PyCharm啟動報錯:Failed to create JVM.解決辦法之一2020-12-20PyCharmAIJVM
- ubuntu下import matplotlib錯誤解決辦法2018-07-13UbuntuImport
- 132 SVN提交報錯"Commit blocked by pre-commit hook"的解決辦法2018-09-23MITBloCHook
- Homestead.yaml 修改後 Vagrant 重新載入報錯的解決辦法2019-10-07YAML
- 執行 PHP artisan migrate 時報長度錯誤的解決辦法?2019-10-21PHP
- pecel install swoole 報錯 ssl.h 找不到時的解決辦法2019-06-08
- 關於python操作帶有中文檔名報錯的解決辦法2019-02-07Python
- mysqldump error1066 錯誤的解決辦法2018-08-14MySqlError
- Git 錯誤:fatel: loose object ... is corrupt 解決辦法2018-09-20GitObject
- iOS路上遇到的錯誤及解決辦法2018-07-13iOS
- Laravel 執行 Gulp 命令出錯解決辦法2018-06-19Laravel
- Mysql出現連線錯誤解決辦法2024-10-24MySql
- ORA-39006錯誤原因及解決辦法2021-04-06
- Eclipse除錯找不到源的解決辦法2020-11-25Eclipse除錯
- PhpCms安裝報錯怎麼辦?PHPCMS安裝使用常見問題解決辦法2020-06-16PHP