msf具有很高的開放性,可以加入第三方腳本毋庸置疑
本文目的:解決自己添加的rb腳本在msf中不能用的問題
【文末附有poc腳本下載下傳位址】rdp rce
首先把下載下傳的腳本放入msf對應的目錄之下,之後msfconle下reload_all
放入腳本之後滿心歡喜的等待使用,結果傳回下面一大堆錯我資訊,看了上網上的教程并沒有找到解決方法
msf > reload_all
[*] Reloading modules from all module paths...
[-] Error while running command reload_all: uninitialized constant Msf::Modules::Mod6578706c6f69742f77696e646f77732f7264702f6376655f323031395f30373038::MetasploitModule::CRASH_SAFE
Call stack:
/usr/share/metasploit-framework/modules/exploits/windows/rdp/cve_2019_0708.rb:35:in `initialize'
/usr/share/metasploit-framework/lib/msf/core/module_set.rb:54:in `new'
/usr/share/metasploit-framework/lib/msf/core/module_set.rb:54:in `create'
/usr/share/metasploit-framework/lib/msf/core/db_manager/module_cache.rb:318:in `block (3 levels) in update_all_module_details'
/usr/share/metasploit-framework/lib/msf/core/db_manager/module_cache.rb:316:in `each'
/usr/share/metasploit-framework/lib/msf/core/db_manager/module_cache.rb:316:in `block (2 levels) in update_all_module_details'
/usr/share/metasploit-framework/lib/msf/core/db_manager/module_cache.rb:313:in `each'
/usr/share/metasploit-framework/lib/msf/core/db_manager/module_cache.rb:313:in `block in update_all_module_details'
/usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/activerecord-4.2.10/lib/active_record/connection_adapters/abstract/connection_pool.rb:292:in `with_connection'
/usr/share/metasploit-framework/lib/msf/core/db_manager/module_cache.rb:276:in `update_all_module_details'
/usr/share/metasploit-framework/lib/msf/core/module_manager/cache.rb:114:in `refresh_cache_from_module_files'
/usr/share/metasploit-framework/lib/msf/core/module_manager/reloading.rb:42:in `reload_modules'
/usr/share/metasploit-framework/lib/msf/ui/console/command_dispatcher/modules.rb:754:in `cmd_reload_all'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:501:in `run_command'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:453:in `block in run_single'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:447:in `each'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:447:in `run_single'
/usr/share/metasploit-framework/lib/rex/ui/text/shell.rb:151:in `run'
/usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:48:in `start'
/usr/share/metasploit-framework/lib/metasploit/framework/command/base.rb:82:in `start'
/usr/bin/msfconsole:49:in `<main>'
隻能自己摸索了
網上已有教程并沒有對msf的環境資訊進行描述
大緻分析思路:其實msf v4--> v5發生了很大的變化,由于cve-2019-0708的腳本比較新,隻相容新版本的msf(也就是v5)
更新前的環境:v4.17.18
msf更新很簡單,下面兩條指令即可
[email protected]:~/scan# apt-get update
命中:1 http://mirrors.neusoft.edu.cn/kali kali-rolling InRelease
正在讀取軟體包清單... 完成
[email protected]:~/scan# apt-get install metasploit-framework
更新之後的環境:v5.0.22 【話說msf的圖示還是很帥的】
不用執行reload_all,先搜尋一下目标腳本
發現直接可以找到對應的腳本(目測腳本放錯目錄了 ,這裡需要修改一下,删除掉目前腳本及目錄,移動到auxiliary下,建立對應的目錄)
不移動,直接使用會報錯
移動之後的目錄結構
重新reload_all之後,對目标腳本進行搜尋(可以正常使用cve-2019-0708)
這個腳本的使用也很簡單(直接看下圖,設定rhosts之後直接運作即可)
很容易發現一枚帶漏洞的伺服器
同時此腳本具備批量檢測的功能
批量檢測效果如下圖
附上文中cve-2019-0708批量檢測腳本位址:https://download.csdn.net/download/helloexp/11200026
如何修複cve-2019-0708 可以參考helloexp 的另外一篇文章:https://blog.csdn.net/helloexp/article/details/90515136
此漏洞對應的更新檔下載下傳位址:https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/CVE-2019-0708
以上
BR