0003366: Pattern_offset.rb is not finding the match - Kali Linux Bug Tracker

ID	Project	Category	View Status	Date Submitted	Last Update

0003366	Kali Linux	Kali Package Improvement	public	2016-06-20 10:18	2016-07-06 14:00

Reporter	hmendonca	Assigned To	dookie
Priority	normal	Severity	minor	Reproducibility	always
Status	closed	Resolution	no change required
Product Version	2016.1

Summary	0003366: Pattern_offset.rb is not finding the match
Description	Pattern_offset.rb after the update does not find the match with the -q operator or does not work as expected compared to the previous version. Pattern_create is working fine with the -l operator.
Steps To Reproduce	root@kali:~# /usr/share/metasploit-framework/tools/exploit/pattern_offset.rb -q 44396944 [] No exact matches, looking for likely candidates... root@kali:~# /usr/share/metasploit-framework/tools/exploit/pattern_offset.rb -q Di9D [] No exact matches, looking for likely candidates... root@kali:~# /usr/share/metasploit-framework/tools/exploit/pattern_offset.rb -q b1Ab [] Exact match at offset 34 root@kali:~# /usr/share/metasploit-framework/tools/exploit/pattern_offset.rb -q Bi4B [] No exact matches, looking for likely candidates... [+] Possible match at offset 792 (adjusted [ little-endian: 2048 \| big-endian: -2935552 ] ) byte offset 1 [+] Possible match at offset 822 (adjusted [ little-endian: 1792 \| big-endian: -3001088 ] ) byte offset 1 [+] Possible match at offset 852 (adjusted [ little-endian: 1536 \| big-endian: -3066624 ] ) byte offset 1 [+] Possible match at offset 882 (adjusted [ little-endian: 1280 \| big-endian: -3132160 ] ) byte offset 1 [+] Possible match at offset 912 (adjusted [ little-endian: 1024 \| big-endian: -3197696 ] ) byte offset 1 [+] Possible match at offset 942 (adjusted [ little-endian: 768 \| big-endian: -3263232 ] ) byte offset 1 [+] Possible match at offset 972 (adjusted [ little-endian: 512 \| big-endian: -3328768 ] ) byte offset 1 [+] Possible match at offset 1002 (adjusted [ little-endian: 256 \| big-endian: -3394304 ] ) byte offset 1 [+] Possible match at offset 1020 (adjusted [ little-endian: 262144 \| big-endian: -3458816 ] ) byte offset 2

dookie 2016-07-05 16:04 reporter ~0005446	This is not a package issue. Upstream changed the utility such that it requires -l for both pattern_offset and pattern_create.

hmendonca 2016-07-06 07:45 reporter ~0005471	Can this upstream utility be fixed? -l operator does not work with pattern_offset. Please see below root@kali:~# /usr/share/metasploit-framework/tools/exploit/pattern_offset.rb -h Usage: /usr/share/metasploit-framework/tools/exploit/pattern_offset.rb [options] Example: /usr/share/metasploit-framework/tools/exploit/pattern_offset.rb -q Aa3A [] Exact match at offset 9 Options: -q, --query Aa0A Query to Locate -l, --length <length> The length of the pattern -s, --sets <ABC,def,123> Custom Pattern Sets -h, --help Show this message root@kali:~# /usr/share/metasploit-framework/tools/exploit/pattern_offset.rb -l Bi4B [x] invalid argument: -l Bi4B root@kali:~# /usr/share/metasploit-framework/tools/exploit/pattern_offset.rb -l 44396944 [x] missing argument: -q <query> is required root@kali:~# /usr/share/metasploit-framework/tools/exploit/pattern_offset.rb -q 44396944 [] No exact matches, looking for likely candidates..

dookie 2016-07-06 14:00 reporter ~0005472	You are using the utility incorrectly. It works properly. root@kali:~# /usr/share/metasploit-framework/tools/exploit/pattern_offset.rb -q 44396944 -l 5000 [*] Exact match at offset 2607

Date Modified	Username	Field	Change
2016-06-20 10:18	hmendonca	New Issue
2016-07-05 16:04	dookie	Note Added: 0005446
2016-07-05 16:04	dookie	Status	new => closed
2016-07-05 16:04	dookie	Assigned To	=> dookie
2016-07-05 16:04	dookie	Resolution	open => no change required
2016-07-06 07:45	hmendonca	Note Added: 0005471
2016-07-06 07:45	hmendonca	Status	closed => feedback
2016-07-06 07:45	hmendonca	Resolution	no change required => reopened
2016-07-06 14:00	dookie	Note Added: 0005472
2016-07-06 14:00	dookie	Status	feedback => closed
2016-07-06 14:00	dookie	Resolution	reopened => no change required