Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

targetpayloads inconsistency ? #30

Open
ilanisme opened this issue Mar 4, 2020 · 1 comment
Open

targetpayloads inconsistency ? #30

ilanisme opened this issue Mar 4, 2020 · 1 comment

Comments

@ilanisme
Copy link

ilanisme commented Mar 4, 2020

Hey,
first of all thats a great tool really appreciate the work.
i've encountered a problem where in module 'linux/http/axis_srv_parhand_rce' when i choose one of the payloads that are returned from the function exploit.targetpayloads() i receive an exception stating that 'Invalid payload (cmd/unix/bind_netcat_gaping) for given target (1).'
i can see that it checks against self.payloads which is calling targetpayloads(self.target),
im pretty new with that library so i dont know what target is for but i assume that instead of using exploit.targetpayloads() i should use exploit.payloads? although the documentation talks about targetpayloads() and not about the property payloads
thank you.
@scmanjarrez
Copy link
Contributor

scmanjarrez commented Sep 29, 2020
edited
Loading

Hi,
You're calling the wrong function. There are two function, the first one returns compatible payloads with the current target, the second one returns compatible payloads for a given target, default to 0.

    def payloads(self):
        """
        A list of compatible payloads.
        """
        #        return self.rpc.call(MsfRpcMethod.ModuleCompatiblePayloads, self.modulename)['payloads']
        return self.targetpayloads(self.target)
 def targetpayloads(self, t=0):
        """
        Returns a list of compatible payloads for a given target ID.
        Optional Keyword Arguments:
        - t : the target ID (default: 0, e.g. 'Automatic')
        """
        return self.rpc.call(MsfRpcMethod.ModuleTargetCompatiblePayloads, [self.modulename, t])['payloads']

So you're getting payloads for target 0, but your current target is 1.

>>> mod.targets
{0: 'Unix In-Memory', 1: 'Linux Dropper'}
>>> mod.target
1

You are getting the error because you're targeting a Unix In-memory exploit using a Linux Dropper payload
You have to choose your target from call mod.payloads or mod.targetpayloads(1).

>>> mod.payloads
['generic/custom', 'generic/shell_bind_tcp', 'generic/shell_reverse_tcp', 'linux/armle/adduser', 'linux/armle/exec', 'linux/armle/meterpreter/bind_tcp', 'linux/armle/meterpreter/reverse_tcp', 'linux/armle/meterpreter_reverse_http', 'linux/armle/meterpreter_reverse_https', 'linux/armle/meterpreter_reverse_tcp', 'linux/armle/shell/bind_tcp', 'linux/armle/shell/reverse_tcp', 'linux/armle/shell_bind_tcp', 'linux/armle/shell_reverse_tcp']

>>> mod.targetpayloads(1)
['generic/custom', 'generic/shell_bind_tcp', 'generic/shell_reverse_tcp', 'linux/armle/adduser', 'linux/armle/exec', 'linux/armle/meterpreter/bind_tcp', 'linux/armle/meterpreter/reverse_tcp', 'linux/armle/meterpreter_reverse_http', 'linux/armle/meterpreter_reverse_https', 'linux/armle/meterpreter_reverse_tcp', 'linux/armle/shell/bind_tcp', 'linux/armle/shell/reverse_tcp', 'linux/armle/shell_bind_tcp', 'linux/armle/shell_reverse_tcp']

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@scmanjarrez @ilanisme