msfconsole,OpenSSL::PKey::PKeyError報錯解決辦法
L1119發表於2022-08-17
一、問題呈現
(kali㉿kali)-[~]$ msfconsole /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:14:in `generate_key!': pkeys are immutable on OpenSSL 3.0 (OpenSSL::PKey::PKeyError) from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:14:in `<class:EcdsaSha2Nistp256>' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:10:in `<class:ServerHostKeyAlgorithm>' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:9:in `<class:Transport>' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:8:in `<module:HrrRbSsh>' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:7:in `<top (required)>' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/zeitwerk-2.6.0/lib/zeitwerk/kernel.rb:35:in `require' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/zeitwerk-2.6.0/lib/zeitwerk/kernel.rb:35:in `require' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm.rb:19:in `<top (required)>' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/zeitwerk-2.6.0/lib/zeitwerk/kernel.rb:35:in `require' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/zeitwerk-2.6.0/lib/zeitwerk/kernel.rb:35:in `require' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport.rb:16:in `<top (required)>' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/zeitwerk-2.6.0/lib/zeitwerk/kernel.rb:35:in `require' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/zeitwerk-2.6.0/lib/zeitwerk/kernel.rb:35:in `require' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh.rb:15:in `<top (required)>' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/zeitwerk-2.6.0/lib/zeitwerk/kernel.rb:35:in `require' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/zeitwerk-2.6.0/lib/zeitwerk/kernel.rb:35:in `require' from /usr/share/metasploit-framework/lib/rex/proto/ssh/hrr_rb_ssh.rb:3:in `<top (required)>' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/zeitwerk-2.6.0/lib/zeitwerk/kernel.rb:35:in `require' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/zeitwerk-2.6.0/lib/zeitwerk/kernel.rb:35:in `require' from /usr/share/metasploit-framework/lib/rex/proto/ssh/connection.rb:2:in `<top (required)>' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/zeitwerk-2.6.0/lib/zeitwerk/kernel.rb:35:in `require' from /usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/zeitwerk-2.6.0/lib/zeitwerk/kernel.rb:35:in `require' from /usr/share/metasploit-framework/lib/msf/core/handler/reverse_ssh.rb:146:in `default_version_string' from /usr/share/metasploit-framework/lib/msf/core/handler/reverse_ssh.rb:40:in `initialize' from /usr/share/metasploit-framework/lib/msf/base/sessions/command_shell_options.rb:16:in `initialize' from /usr/share/metasploit-framework/modules/payloads/singles/cmd/unix/reverse_ssh.rb:16:in `initialize' from /usr/share/metasploit-framework/lib/msf/core/payload_set.rb:95:in `new' from /usr/share/metasploit-framework/lib/msf/core/payload_set.rb:95:in `block (2 levels) in recalculate' from /usr/share/metasploit-framework/lib/msf/core/payload_set.rb:93:in `each_pair' from /usr/share/metasploit-framework/lib/msf/core/payload_set.rb:93:in `block in recalculate' from /usr/share/metasploit-framework/lib/msf/core/payload_set.rb:73:in `each_pair' from /usr/share/metasploit-framework/lib/msf/core/payload_set.rb:73:in `recalculate' from /usr/share/metasploit-framework/lib/msf/core/modules/loader/base.rb:258:in `block in load_modules' from /usr/share/metasploit-framework/lib/msf/core/modules/loader/base.rb:255:in `each' from /usr/share/metasploit-framework/lib/msf/core/modules/loader/base.rb:255:in `load_modules' from /usr/share/metasploit-framework/lib/msf/core/module_manager/loading.rb:170:in `block in load_modules' from /usr/share/metasploit-framework/lib/msf/core/module_manager/loading.rb:168:in `each' from /usr/share/metasploit-framework/lib/msf/core/module_manager/loading.rb:168:in `load_modules' from /usr/share/metasploit-framework/lib/msf/core/module_manager/module_paths.rb:41:in `block in add_module_path' from /usr/share/metasploit-framework/lib/msf/core/module_manager/module_paths.rb:40:in `each' from /usr/share/metasploit-framework/lib/msf/core/module_manager/module_paths.rb:40:in `add_module_path' from /usr/share/metasploit-framework/lib/msf/base/simple/framework/module_paths.rb:51:in `block in init_module_paths' from /usr/share/metasploit-framework/lib/msf/base/simple/framework/module_paths.rb:50:in `each' from /usr/share/metasploit-framework/lib/msf/base/simple/framework/module_paths.rb:50:in `init_module_paths' from /usr/share/metasploit-framework/lib/msf/ui/console/driver.rb:160:in `initialize' from /usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:60:in `new' from /usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:60:in `driver' from /usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:48:in `start' from /usr/share/metasploit-framework/lib/metasploit/framework/command/base.rb:82:in `start' from /usr/bin/msfconsole:23:in `<main>'
二、解決辦法
Ubuntu (除了 Kali 之外的任何東西)
安裝最新的Metasploit框架版本,該版本與較舊的opensl版本捆綁在一起:https://docs.metasploit.com/docs/using-metasploit/getting-started/nightly-installers.html
Kali
將此修補程式本地應用於/usr/share/metasploit-framework/lib/msf/core/handler/reverse_ssh.rb
diff --git a/lib/msf/core/handler/reverse_ssh.rb b/lib/msf/core/handler/reverse_ssh.rb
index 9917ad4460..cf2b1bc472 100644
--- a/lib/msf/core/handler/reverse_ssh.rb
+++ b/lib/msf/core/handler/reverse_ssh.rb
@@ -145,8 +145,12 @@ module Msf
def default_version_string
require 'rex/proto/ssh/connection'
Rex::Proto::Ssh::Connection.default_options['local_version']
+ rescue OpenSSL::OpenSSLError => e
+ print_error("ReverseSSH handler did not load with OpenSSL version #{OpenSSL::VERSION}")
+ elog(e)
+ 'SSH-2.0-OpenSSH_5.3p1'
rescue LoadError => e
print_error("This handler requires PTY access not available on all platforms.")
elog(e)
'SSH-2.0-OpenSSH_5.3p1'
end將表粗部分新增到對應reverse_ssh.rb中,可正常使用metasploit,效果如下
(kali㉿kali)-[/usr/…/lib/msf/core/handler]
$ msfconsole
/usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:11: warning: already initialized constant HrrRbSsh::Transport::ServerHostKeyAlgorithm::EcdsaSha2Nistp256::NAME
/usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:11: warning: previous definition of NAME was here
/usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:12: warning: already initialized constant HrrRbSsh::Transport::ServerHostKeyAlgorithm::EcdsaSha2Nistp256::PREFERENCE
/usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:12: warning: previous definition of PREFERENCE was here
/usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:13: warning: already initialized constant HrrRbSsh::Transport::ServerHostKeyAlgorithm::EcdsaSha2Nistp256::IDENTIFIER
/usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:13: warning: previous definition of IDENTIFIER was here
/usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:11: warning: already initialized constant HrrRbSsh::Transport::ServerHostKeyAlgorithm::EcdsaSha2Nistp256::NAME
/usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:11: warning: previous definition of NAME was here
/usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:12: warning: already initialized constant HrrRbSsh::Transport::ServerHostKeyAlgorithm::EcdsaSha2Nistp256::PREFERENCE
/usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:12: warning: previous definition of PREFERENCE was here
/usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:13: warning: already initialized constant HrrRbSsh::Transport::ServerHostKeyAlgorithm::EcdsaSha2Nistp256::IDENTIFIER
/usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb:13: warning: previous definition of IDENTIFIER was here
`:oDFo:`
./ymM0dayMmy/.
-+dHJ5aGFyZGVyIQ==+-
`:sm~~Destroy.No.Data~~s:`
-+h2~~Maintain.No.Persistence~~h+-
`:odNo2~~Above.All.Else.Do.No.Harm~~Ndo:`
./etc/shadow.0days-Data'%20OR%201=1--.No.0MN8'/.
-++SecKCoin++e.AMd` `.-://///+hbove.913.ElsMNh+-
-~/.ssh/id_rsa.Des- `htN01UserWroteMe!-
:dopeAW.No<nano>o :is:TЯiKC.sudo-.A:
:we're.all.alike'` The.PFYroy.No.D7:
:PLACEDRINKHERE!: yxp_cmdshell.Ab0:
:msf>exploit -j. :Ns.BOB&ALICEes7:
:---srwxrwx:-.` `MS146.52.No.Per:
:<script>.Ac816/ sENbove3101.404:
:NT_AUTHORITY.Do `T:/shSYSTEM-.N:
:09.14.2011.raid /STFU|wall.No.Pr:
:hevnsntSurb025N. dNVRGOING2GIVUUP:
:#OUTHOUSE- -s: /corykennedyData:
:$nmap -oS SSo.6178306Ence:
:Awsm.da: /shMTl#beats3o.No.:
:Ring0: `dDestRoyREXKC3ta/M:
:23d: sSETEC.ASTRONOMYist:
/- /yo- .ence.N:(){ :|: & };:
`:Shall.We.Play.A.Game?tron/
```-ooy.if1ghtf0r+ehUser5`
..th3.H1V3.U2VjRFNN.jMh+.`
`MjM~~WE.ARE.se~~MMjMs
+~KANSAS.CITY's~-`
J~HAKCERS~./.`
.esc:wq!:`
+++ATH`
`
=[ metasploit v6.2.6-dev ]
+ -- --=[ 2227 exploits - 1175 auxiliary - 398 post ]
+ -- --=[ 867 payloads - 45 encoders - 11 nops ]
+ -- --=[ 9 evasion ]
Metasploit tip: You can pivot connections over sessions
started with the ssh_login modules
msf6 >相關文章
- sysctl -P 報錯解決辦法2016-03-01
- cnpm link 報錯解決辦法2018-04-10NPM
- git報錯400的解決辦法2024-04-05Git
- Mybatis批量更新SQL報錯☞解決辦法2018-08-31MyBatisSQL
- 執行Docker命令報錯解決辦法2018-01-02Docker
- isNaN("abc")編譯報錯解決辦法2012-12-26NaN編譯
- 安裝ionic 報錯 安裝canvas報錯 解決辦法2018-02-06Canvas
- Could not resolve host: 'localhost 報錯解決辦法2018-01-14localhost
- 安裝sysbench過程報錯,解決辦法2015-06-02
- 建庫時EM報錯的解決辦法2008-09-26
- IOConsole Updater 報錯解決辦法2012-02-26
- myeclipse專案報錯終極解決辦法2016-08-08Eclipse
- sphinx :undefined reference to `libiconv' 報錯解決辦法2013-11-30Undefined
- VMware 啟動報錯 "Failed to lock the file"解決辦法2008-08-30AI
- oracle 10g emctl 報錯的解決辦法2011-06-01Oracle 10g
- man出錯解決辦法2010-11-03
- Jsp Unescaped xml character報錯的解決辦法2018-10-12JSXML
- Docker Hello World容器執行報錯的解決辦法2018-10-03Docker
- vue報錯:the template root disallows ‘v-for‘ directives解決辦法2020-11-09Vue
- Laravel Mix - 執行 NPM install 報錯解決辦法2018-03-29LaravelNPM
- 客戶系統報錯:soft lockup的解決辦法2016-09-28
- ORA-38706&ORA-38707報錯解決辦法2016-08-18
- VirtualBox-4.3.0啟動報錯及解決辦法2013-10-18
- Perl CPAN安裝報錯CPAN::Modulelist的解決辦法2009-08-13
- SAP錯誤提示解決辦法2009-06-28
- 關於npm install安裝報錯的解決辦法2019-05-31NPM
- Maven下載jar包慢,pom報錯的解決辦法2019-02-10MavenJAR
- SVN報錯“Failed to run the WC DB work queue associated with”解決辦法2021-06-19AI
- 關於Chrome報錯 ERR_NAME_NOT_RESOLVED 解決辦法2021-08-17Chrome
- PHP報錯“Parseerror:syntaxerror,unexpectedT_VARIABLE”的解決辦法2016-07-08PHPError
- Ubuntu 報錯:無法獲得鎖 /var/lib/dpkg/lock解決辦法2018-11-03Ubuntu
- 連線oracle錯誤解決辦法2016-10-08Oracle
- nginxFastCGI錯誤Primaryscriptunknown解決辦法2017-11-20NginxAST
- Unable to locate package錯誤解決辦法2014-04-20Package
- oracle 1455 錯誤解決辦法2012-06-04Oracle
- 畢設之錯誤解決辦法2024-04-07
- dns錯誤怎麼辦 dns錯誤的解決辦法2016-06-14DNS
- MySQL5.7 group by新特性報錯1055的解決辦法2021-09-09MySql