/opt/metasploit-framework/embedded/lib/ruby/3.2.0/openssl/buffering.rb, <Binding:0x00007fd161b650f0> #20571
Description
Steps to reproduce
How'd you do it?
- debugging pry shell glitches and irb finds no
=> [nil]|binding.irb's "false positives"
=> [#<Framework (0 sessions, 0 jobs, 0 plugins, postgresql database active)>]- Call Stack debugger
This section should also tell us any relevant information about the
environment; for example, if an exploit that used to work is failing,
tell us the victim operating system and service versions.
N/A
Were you following a specific guide/tutorial or reading documentation?
N
If yes link the guide/tutorial or documentation you were following here, otherwise you may omit this section.
Expected behavior
- Run module in the pry or irb debugger
Current behavior
# Call stack:
# /opt/metasploit-framework/embedded/lib/ruby/3.2.0/openssl/buffering.rb:354:in `syswrite'
# /opt/metasploit-framework/embedded/lib/ruby/3.2.0/openssl/buffering.rb:354:in `do_write'
# /opt/metasploit-framework/embedded/lib/ruby/3.2.0/openssl/buffering.rb:371:in `block in write'
# /opt/metasploit-framework/embedded/lib/ruby/3.2.0/openssl/buffering.rb:370:in `each'
# /opt/metasploit-framework/embedded/lib/ruby/3.2.0/openssl/buffering.rb:370:in `inject'
# /opt/metasploit-framework/embedded/lib/ruby/3.2.0/openssl/buffering.rb:370:in `write'
# /opt/metasploit-framework/embedded/lib/ruby/gems/3.2.0/gems/rex-socket-0.1.59/lib/rex/socket/ssl_tcp.rb:181:in `write'
# /opt/metasploit-framework/embedded/framework/lib/msf/ui/console/command_dispatcher/core.rb:578:in `block in cmd_connect'
# /opt/metasploit-framework/embedded/framework/lib/msf/core/thread_manager.rb:105:in `block in spawn'
^C[-] Error while running command connect: Connection reset by peer
# Call stack:
# /opt/metasploit-framework/embedded/lib/ruby/3.2.0/socket.rb:456:in `__read_nonblock'
# /opt/metasploit-framework/embedded/lib/ruby/3.2.0/socket.rb:456:in `read_nonblock'
# /opt/metasploit-framework/embedded/lib/ruby/gems/3.2.0/gems/rex-core-0.1.32/lib/rex/io/stream.rb:91:in `block in read'
# /opt/metasploit-framework/embedded/lib/ruby/gems/3.2.0/gems/rex-core-0.1.32/lib/rex/io/stream.rb:336:in `synchronize_access'
# /opt/metasploit-framework/embedded/lib/ruby/gems/3.2.0/gems/rex-core-0.1.32/lib/rex/io/stream.rb:89:in `read'
# /opt/metasploit-framework/embedded/framework/lib/msf/ui/console/command_dispatcher/core.rb:589:in `block in cmd_connect'
# /opt/metasploit-framework/embedded/framework/lib/msf/core/thread_manager.rb:105:in `block in spawn'
>> run_simple
/opt/metasploit-framework/embedded/framework/lib/msf/base/simple/exploit.rb:171:in `exploit_simple': wrong number of arguments (given 0, expected 1) (ArgumentError)
from (irb):1:in `<main>'
from /opt/metasploit-framework/embedded/framework/lib/rex/ui/text/irb_shell.rb:50:in `block in run'
from /opt/metasploit-framework/embedded/framework/lib/rex/ui/text/irb_shell.rb:49:in `catch'
from /opt/metasploit-framework/embedded/framework/lib/rex/ui/text/irb_shell.rb:49:in `run'
from /opt/metasploit-framework/embedded/framework/lib/msf/ui/console/command_dispatcher/developer.rb:139:in `block in cmd_irb'
from /opt/metasploit-framework/embedded/framework/lib/rex/ui/text/shell/history_manager.rb:35:in `with_context'
from /opt/metasploit-framework/embedded/framework/lib/msf/ui/console/command_dispatcher/developer.rb:135:in `cmd_irb'
from /opt/metasploit-framework/embedded/framework/lib/rex/ui/text/dispatcher_shell.rb:582:in `run_command'
from /opt/metasploit-framework/embedded/framework/lib/rex/ui/text/dispatcher_shell.rb:531:in `block in run_single'
from /opt/metasploit-framework/embedded/framework/lib/rex/ui/text/dispatcher_shell.rb:525:in `each'
from /opt/metasploit-framework/embedded/framework/lib/rex/ui/text/dispatcher_shell.rb:525:in `run_single'
from /opt/metasploit-framework/embedded/framework/lib/rex/ui/text/shell.rb:165:in `block in run'
from /opt/metasploit-framework/embedded/framework/lib/rex/ui/text/shell.rb:309:in `block in with_history_manager_context'
from /opt/metasploit-framework/embedded/framework/lib/rex/ui/text/shell/history_manager.rb:35:in `with_context'
from /opt/metasploit-framework/embedded/framework/lib/rex/ui/text/shell.rb:306:in `with_history_manager_context'
from /opt/metasploit-framework/embedded/framework/lib/rex/ui/text/shell.rb:133:in `run'
... 3 levels...
[-] Auxiliary failed: NoMethodError undefined method `+' for nil:NilClass
[-] Call stack:
[-] /opt/metasploit-framework/embedded/framework/modules/auxiliary/scanner/http/error_sql_injection.rb:189:in `block (2 levels) in run_host'
[-] /opt/metasploit-framework/embedded/framework/modules/auxiliary/scanner/http/error_sql_injection.rb:183:in `each'
[-] /opt/metasploit-framework/embedded/framework/modules/auxiliary/scanner/http/error_sql_injection.rb:183:in `block in run_host'
[-] /opt/metasploit-framework/embedded/framework/modules/auxiliary/scanner/http/error_sql_injection.rb:177:in `each'
[-] /opt/metasploit-framework/embedded/framework/modules/auxiliary/scanner/http/error_sql_injection.rb:177:in `run_host'
[-] /opt/metasploit-framework/embedded/framework/lib/msf/core/auxiliary/scanner.rb:116:in `block (2 levels) in run'
[-] /opt/metasploit-framework/embedded/framework/lib/msf/core/thread_manager.rb:105:in `block in spawn'
[-] /opt/metasploit-framework/embedded/lib/ruby/gems/3.2.0/gems/logging-2.4.0/lib/logging/diagnostic_context.rb:474:in `block in create_with_logging_context'
[*] Auxiliary module execution completed
>> exit
msf6 exploit(multi/http/lcms_php_exec) > pry
[*] Starting Pry shell...
[*] You are in the "exploit/multi/http/lcms_php_exec" module object
[1] pry(#<Msf::Modules::Exploit__Multi__Http__Lcms_php_exec::MetasploitModule>)> run
NameError: undefined local variable or method `run' for #<Module:exploit/multi/http/lcms_php_exec datastore=[#<Msf::ModuleDataStore:0x00007fa6c5951b40 @options={"WORKSPACE"=>#<Msf::OptString:0x00007fa6c7f69760 @name="WORKSPACE", @advanced=true, @evasion=false, @aliases=[], @max_length=nil, @conditions=[], @fallbacks=[], @required=false, @desc="Specify the workspace for this module", @default=nil, @enums=[], @owner=Msf::Module>, "VERBOSE"=>#<Msf::OptBool:0x00007fa6c7f696c0 @name="VERBOSE", @advanced=true, @evasion=false, @aliases=[], @max_length=nil, @conditions=[], @fallbacks=[], @required=false, @desc="Enable detailed status messages", @default=false, @enums=[], @owner=Msf::Module>, "WfsDelay"=>#<Msf::OptInt:0x00007fa6c7f65700 @name="WfsDelay", @advanced=true, @evasion=false, @aliases=[], @max_length=nil, @conditions=[], @fallbacks=[], @required=false, @desc="Additional delay in seconds to wait for a session", @default=2, @enums=[], @owner=Msf::Exploit>, "EnableContextEncoding"=>#<Msf::OptBool:0x00007fa6c7f652a0 @name="EnableContextEncoding", @advanced=true, @evasion=false, @aliases=[], @max_length=nil, @conditions=[], @fallbacks=[], @required=false, @desc="Use transient context when encoding payloads", @default=false, @enums=[], @owner=Msf::Exploit>, "ContextInformationFile"=>#<Msf::OptPath:0x00007fa6c7f65200 @name="ContextInformationFile", @advanced=true, @evasion=false, @aliases=[], @max_length=nil, @conditions=[], @fallbacks=[], @required=false, @desc="The information file that contains context information", @default=nil, @enums=[], @owner=Msf::Exploit>, "DisablePayloadHandler"=>#<Msf::OptBool:0x00007fa6c7f65160 @name="DisablePayloadHandler", @advanced=true, @evasion=false, @aliases=[], @max_length=nil, @conditions=[], @fallbacks=[], @required=false, @desc="Disable the handler code for the selected payload", @default=false, @enums=[], @owner=Msf::Exploit>, "RHOSTS"=>#<Msf::OptRhosts:0x00007fa6d4a9a498 @name="RHOSTS", @advanced=false, @evasion=false, @aliases=["RHOST"], @max_length=nil, @conditions=[], @fallbacks=[], @required=true, @desc="The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html", @default=nil, @enums=[], @owner=Msf::Modules::Exploit__Multi__Http__Lcms_php_exec::MetasploitModule>, "RPORT"=>#<Msf::OptPort:0x00007fa6c7f64940 @name="RPORT", @advanced=false, @evasion=false, @aliases=[], @max_length=nil, @conditions=[], @fallbacks=[], @required=true, @desc="The target port", @default=80, @enums=[], @owner=Msf::Modules::Exploit__Multi__Http__Lcms_php_exec::MetasploitModule>, "VHOST"=>#<Msf::OptString:0x00007fa6c7f64760 @name="VHOST", @advanced=false, @evasion=false, @aliases=[], @max_length=nil, @conditions=[], @fallbacks=[], @required=false, @desc="HTTP server virtual host", @default=nil, @enums=[], @owner=Msf::Modules::Exploit__Multi__Http__Lcms_php_exec::MetasploitModule>, "SSL"=>#<Msf::OptBool:0x00007fa6c7f64580 @name="SSL", @advanced=false, @evasion=false, @aliases=[], @max_length=nil, @conditions=[], @fallbacks=[], @required=false, @desc="Negotiate SSL/TLS for outgoing connections", @default=false, @enums=[], @owner=Msf::Modules::Exploit__Multi__Http__Lcms_php_exec::MetasploitModule>, "Proxies"=>#<Msf::OptString:0x00007fa6d4af3340 @name="Proxies", @advanced=false, @evasion=false, @aliases=[], @max_length=nil, @conditions=[], @fallbacks=[], @required=false, @desc="A proxy chain of format type:host:port[,type:host:port][...]", @default=nil, @enums=[], @owner=Msf::Modules::Exploit__Multi__Http__Lcms_php_exec::MetasploitModule>, "UserAgent"=>#<Msf::OptString:0x00007fa6c7f7d0d0 @name="UserAgent", @advanced=true, @evasion=false, @aliases=[], @max_length=nil, @conditions=[], @fallbacks=[], @required=false, @desc="The User-Agent header to use for all requests", @default="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Edg/131.0.2903.86", @enums=[], @owner=Msf::Modules::Exploit__Multi__Http__Lcms_php_exec::MetasploitModule>, "HttpUsername"=>#<Msf::OptString:0x00007fa6c7f7cef0 @name="HttpUsername", @advanced=true, @evasion=false, @aliases=[], @max_length=nil, @conditions=[], @fallbacks=[], @required=false, @desc="The HTTP username to specify for authentication", @default="", @enums=[], @owner=Msf::Modules::Exploit__Multi__Http__Lcms_php_exec::MetasploitModule>, "HttpPassword"=>#<Msf::OptString:0x00007fa6c7f7cd10 @name="HttpPassword", @advanced=true, @evasion=false, @aliases=[], @max_length=nil, @conditions=[], @fallbacks=[], @required=false, @desc="The HTTP password to specify for authentication", @default="", @enums=[], @owner=Msf::Modules::Exploit__Multi__Http__Lcms_php_exec::MetasploitModule>, "HttpRawHeaders"=>#<Msf::OptPath:0x00007fa6c7f7c950 @name="HttpRawHeaders", @advanced=true, @evasion=false, @aliases=[], @max_length=nil, @conditions=[], @fallbacks=[], @required=false, @desc="Path to ERB-templatized raw headers to append to existing headers", @default=nil, @enums=[], @owner=Msf::Modules::Exploit__Multi__Http__Lcms_php_exec::MetasploitModule>, "DigestAuthIIS"=>#<Msf::OptBool:0x00007fa6c7f7c590 @name="DigestAuthIIS", @advanced=true, @evasion=false, @aliases=[], @max_length=nil, @conditions=[], @fallbacks=[], @required=false, @desc="Conform to IIS, should work for most servers. Only set to false for non-IIS servers", @default=true, @enums=[], @owner=Msf::Modules::Exploit__Multi__Http__Lcms_php_exec::MetasploitModule>, "SSLVersion"=>#<Msf::OptEnum:0x00007fa6d4af2a80 @name="SSLVersion", @advanced=true, @evasion=false, @aliases=[], @max_length=nil, @conditions=[], @fallbacks=[], @required=true, @desc_string="Specify the version of SSL/TLS to be used (Auto, TLS and SSL23 are auto-negotiate)", @enums=["Auto", "TLS", "SSL23", "SSL3", "TLS1", "TLS1.1", "TLS1.2"], @default="Auto", @owner=Msf::Handler::Reverse::SSL>, "FingerprintCheck"=>#<Msf::OptBool:0x00007fa6c7f7c3b0 @name="FingerprintCheck", @advanced=true, @evasion=false, @aliases=[], @max_length=nil, @conditions=[], @fallbacks=[], @required=false, @desc="Conduct a pre-exploit fingerprint verification", @default=true, @enums=[], @owner=Msf::Modules::Exploit__Multi__Http__Lcms_php_exec::MetasploitModule>, "DOMAIN"=>#<Msf::OptString:0x00007fa6c7f7c1d0 @name="DOMAIN", @advanced=true, @evasion=false, @aliases=[], @max_length=nil, @conditions=[], @fallbacks=[], @required=true, @desc="The domain to use for Windows authentication", @default="WORKSTATION", @enums=[], @owner=Msf::Modules::Exploit__Multi__Http__Lcms_php_exec::MetasploitModule>, "HttpClientTimeout"=>#<Msf::OptFloat:0x00007fa6c7f7bff0 @name="HttpClientTimeout", @advanced=true, @evasion=false, @aliases=[], @max_length=nil, @conditions=[], @fallbacks=[], @required=false, @desc="HTTP connection and receive timeout", @default=nil, @enums=[], @owner=Msf::Modules::Exploit__Multi__Http__Lcms_php_exec::MetasploitModule>, "HttpTrace"=>#<Msf::OptBool:0x00007fa6c7f7be10 @name="HttpTrace", @advanced=true, @evasion=false, @aliases=[], @max_length=nil, @conditions=[], @fallbacks=[], @required=false, @desc="Show the raw HTTP requests and responses", @default=false, @enums=[], @owner=Msf::Modules::Exploit__Multi__Http__Lcms_php_exec::MetasploitModule>, "HttpTraceHeadersOnly"=>#<Msf::OptBool:0x00007fa6c7f7bc30 @name="HttpTraceHeadersOnly", @advanced=true, @evasion=false, @aliases=[], @max_length=nil, @conditions=[], @fallbacks=[], @required=false, @desc="Show HTTP headers only in HttpTrace", @default=false, @enums=[], @owner=Msf::Modules::Exploit__Multi__Http__Lcms_php_exec::MetasploitModule>, "HttpTraceColors"=>#<Msf::OptString:0x00007fa6c7f7b870 @name="HttpTraceColors", @advanced=true, @evasion=false, @aliases=[], @max_length=nil, @conditions=[], @fallbacks=[], @required=false, @desc="HTTP request and response colors for HttpTrace (unset to disable)", @default="red/blu", @enums=[], @owner=Msf::Modules::Exploit__Multi__Http__Lcms_php_exec::MetasploitModule>, "SSLServerNameIndication"=>#<Msf::OptString:0x00007fa6c7f7b5f0 @name="SSLServerNameIndication", @advanced=true, @evasion=false, @aliases=[], @max_length=nil, @conditions=[], @fallbacks=[], @required=false, @desc="SSL/TLS Server Name Indication (SNI)", @default=nil, @enums=[], @owner=Msf::Modules::Exploit__Multi__Http__Lcms_php_exec::MetasploitModule>, "HTTP::uri_encode_mode"=>#<Msf::OptEnum:0x00007fa6c7f72770 @name="HTTP::uri_encode_mode", @advanced=false, @evasion=true, @aliases=[], @max_length=nil, @conditions=[], @fallbacks=[], @required=false, @desc_string="Enable URI encoding", @default="hex-normal", @enums=["none", "hex-normal", "hex-noslashes", "hex-random", "hex-all", "u-normal", "u-all", "u-random"], @owner=Msf::Modules::Exploit__Multi__Http__Lcms_php_exec::MetasploitModule>, "HTTP::uri_full_url"=>#<Msf::OptBool:0x00007fa6c7f71c30 @name="HTTP::uri_full_url", @advanced=false, @evasion=true, @aliases=[], @max_length=nil, @conditions=[], @fallbacks=[], @required=false, @desc="Use the full URL for all HTTP requests", @default=false, @enums=[], @owner=Msf::Modules::Exploit__Multi__Http__Lcms_php_exec::MetasploitModule>, "HTTP::pad_method_uri_count"=>#<Msf::OptInt:0x00007fa6c7f8f640 @name="HTTP::pad_method_uri_count", @advanced=false, @evasion=true, @aliases=[], @max_length=nil, @conditions=[], @fallbacks=[], @required=false, @desc="How many whitespace characters to use between the method and uri", @default=1, @enums=[], @owner=Msf::Modules::Exploit__Multi__Http__Lcms_php_exec::MetasploitModule>, "HTTP::pad_uri_version_count"=>#<Msf::OptInt:0x00007fa6c7f8f280 @name="HTTP::pad_uri_version_count", @advanced=false, @evasion=true, @aliases=[], @max_length=nil, @conditions=[], @fallbacks=[], @required=false, @desc="How many whitespace characters to use between the uri and version", @default=1, @enums=[], @owner=Msf::Modules::Exploit__Multi__Http__Lcms_php_exec::MetasploitModule>, "HTTP::pad_method_uri_type"=>#<Msf::OptEnum:0x00007fa6c7f8eec0 @name="HTTP::pad_method_uri_type", @advanced=false, @evasion=true, @aliases=[], @max_length=nil, @conditions=[], @fallbacks=[], @required=false, @desc_string="What type of whitespace to use between the method and uri", @default="space", @enums=["space", "tab", "apache"], @owner=Msf::Modules::Exploit__Multi__Http__Lcms_php_exec::MetasploitModule>, "HTTP::pad_uri_version_type"=>#<Msf::OptEnum:0x00007fa6c7f8e920 @name="HTTP::pad_uri_version_type", @advanced=false, @evasion=true, @aliases=[], @max_length=nil, @conditions=[], @fallbacks=[], @required=false, @desc_string="What type of whitespace to use between the uri and version", @default="space", @enums=["space", "tab", "apache"], @owner=Msf::Modules::Exploit__Multi__Http__Lcms_php_exec::MetasploitModule>, "HTTP::method_random_valid"=>#<Msf::OptBool:0x00007fa6c7f8e560 @name="HTTP::method_random_valid", @advanced=false, @evasion=true, @aliases=[], @max_length=nil, @conditions=[], @fallbacks=[], @required=false, @desc="Use a random, but valid, HTTP method for request", @default=false, @enums=[], @owner=Msf::Modules::Exploit__Multi__Http__Lcms_php_exec::MetasploitModule>, "HTTP::method_random_invalid"=>#<Msf::OptBool:0x00007fa6c7f8e2e0 @name="HTTP::method_random_invalid", @advanced=false, @evasion=true, @aliases=[], @max_length=nil, @conditions=[], @fallbacks=[], @required=false, @desc="Use a random invalid, HTTP method for request", @default=false, @enums=[], @owner=Msf::Modules::Exploit__Multi__Http__Lcms_php_exec::MetasploitModule>, "HTTP::method_random_case"=>#<Msf::OptBool:0x00007fa6c7f8dfc0 @name="HTTP::method_random_case", @advanced=false, @evasion=true, @aliases=[], @max_length=nil, @conditions=[], @fallbacks=[], @required=false, @desc="Use random casing for the HTTP method", @default=false, @enums=[], @owner=Msf::Modules::Exploit__Multi__Http__Lcms_php_exec::MetasploitModule>, "HTTP::version_random_valid"=>#<Msf::OptBool:0x00007fa6c7f8dde0 @name="HTTP::version_random_valid", @advanced=false, @evasion=true, @aliases=[], @max_length=nil, @conditions=[], @fallbacks=[], @required=false, @desc="Use a random, but valid, HTTP version for request", @default=false, @enums=[], @owner=Msf::Modules::Exploit__Multi__Http__Lcms_php_exec::MetasploitModule>, "HTTP::version_random_invalid"=>#<Msf::OptBool:0x00007fa6c7f8dc00 @name="HTTP::version_random_invalid", @advanced=false, @evasion=true, @aliases=[], @max_length=nil, @conditions=[], @fallbacks=[], @required=false, @desc="Use a random invalid, HTTP version for request", @default=false, @enums=[], @owner=Msf::Modules::Exploit__Multi__Http__Lcms_php_exec::MetasploitModule>, "HTTP::uri_dir_self_reference"=>#<Msf::OptBool:0x00007fa6c7f8da20 @name="HTTP::uri_dir_self_reference", @advanced=false, @evasion=true, @aliases=[], @max_length=nil, @conditions=[], @fallbacks=[], @required=false, @desc="Insert self-referential directories into the uri", @default=false, @enums=[], @owner=Msf::Modules::Exploit__Multi__Http__Lcms_php_exec::MetasploitModule>, "HTTP::uri_dir_fake_relative"=>#<Msf::OptBool:0x00007fa6c7f8d840 @name="HTTP::uri_dir_fake_relative", @advanced=false, @evasion=true, @aliases=[], @max_length=nil, @conditions=[], @fallbacks=[], @required=false, @desc="Insert fake relative directories into the uri", @default=false, @enums=[], @owner=Msf::Modules::Exploit__Multi__Http__Lcms_php_exec::MetasploitModule>, "HTTP::uri_use_backslashes"=>#<Msf::OptBool:0x00007fa6c7f8d660 @name="HTTP::uri_use_backslashes", @advanced=false, @evasion=true, @aliases=[], @max_length=nil, @conditions=[], @fallbacks=[], @required=false, @desc="Use back slashes instead of forward slashes in the uri ", @default=false, @enums=[], @owner=Msf::Modules::Exploit__Multi__Http__Lcms_php_exec::MetasploitModule>, "HTTP::pad_fake_headers"=>#<Msf::OptBool:0x00007fa6c7f8d480 @name="HTTP::pad_fake_headers", @advanced=false, @evasion=true, @aliases=[], @max_length=nil, @conditions=[], @fallbacks=[], @required=false, @desc="Insert random, fake headers into the HTTP request", @default=false, @enums=[], @owner=Msf::Modules::Exploit__Multi__Http__Lcms_php_exec::MetasploitModule>, "HTTP::pad_fake_headers_count"=>#<Msf::OptInt:0x00007fa6c7f8d2a0 @name="HTTP::pad_fake_headers_count", @advanced=false, @evasion=true, @aliases=[], @max_length=nil, @conditions=[], @fallbacks=[], @required=false, @desc="How many fake headers to insert into the HTTP request", @default=0, @enums=[], @owner=Msf::Modules::Exploit__Multi__Http__Lcms_php_exec::MetasploitModule>, "HTTP::pad_get_params"=>#<Msf::OptBool:0x00007fa6c7f8cee0 @name="HTTP::pad_get_params", @advanced=false, @evasion=true, @aliases=[], @max_length=nil, @conditions=[], @fallbacks=[], @required=false, @desc="Insert random, fake query string variables into the request", @default=false, @enums=[], @owner=Msf::Modules::Exploit__Multi__Http__Lcms_php_exec::MetasploitModule>, "HTTP::pad_get_params_count"=>#<Msf::OptInt:0x00007fa6c7f8cb20 @name="HTTP::pad_get_params_count", @advanced=false, @evasion=true, @aliases=[], @max_length=nil, @conditions=[], @fallbacks=[], @required=false, @desc="How many fake query string variables to insert into the request", @default=16, @enums=[], @owner=Msf::Modules::Exploit__Multi__Http__Lcms_php_exec::MetasploitModule>, "HTTP::pad_post_params"=>#<Msf::OptBool:0x00007fa6c7f8c940 @name="HTTP::pad_post_params", @advanced=false, @evasion=true, @aliases=[], @max_length=nil, @conditions=[], @fallbacks=[], @required=false, @desc="Insert random, fake post variables into the request", @default=false, @enums=[], @owner=Msf::Modules::Exploit__Multi__Http__Lcms_php_exec::MetasploitModule>, "HTTP::pad_post_params_count"=>#<Msf::OptInt:0x00007fa6c7f8c760 @name="HTTP::pad_post_params_count", @advanced=false, @evasion=true, @aliases=[], @max_length=nil, @conditions=[], @fallbacks=[], @required=false, @desc="How many fake post variables to insert into the request", @default=16, @enums=[], @owner=Msf::Modules::Exploit__Multi__Http__Lcms_php_exec::MetasploitModule>, "HTTP::shuffle_get_params"=>#<Msf::OptBool:0x00007fa6c7f8c580 @name="HTTP::shuffle_get_params", @advanced=false, @evasion=true, @aliases=[], @max_length=nil, @conditions=[], @fallbacks=[], @required=false, @desc="Randomize order of GET parameters", @default=false, @enums=[], @owner=Msf::Modules::Exploit__Multi__Http__Lcms_php_exec::MetasploitModule>, "HTTP::shuffle_post_params"=>#<Msf::OptBool:0x00007fa6c7f8c3a0 @name="HTTP::shuffle_post_params", @advanced=false, @evasion=true, @aliases=[], @max_length=nil, @conditions=[], @fallbacks=[], @required=false, @desc="Randomize order of POST parameters", @default=false, @enums=[], @owner=Msf::Modules::Exploit__Multi__Http__Lcms_php_exec::MetasploitModule>, "HTTP::uri_fake_end"=>#<Msf::OptBool:0x00007fa6c7f8c1c0 @name="HTTP::uri_fake_end", @advanced=false, @evasion=true, @aliases=[], @max_length=nil, @conditions=[], @fallbacks=[], @required=false, @desc="Add a fake end of URI (eg: /%20HTTP/1.0/../../)", @default=false, @enums=[], @owner=Msf::Modules::Exploit__Multi__Http__Lcms_php_exec::MetasploitModule>, "HTTP::uri_fake_params_start"=>#<Msf::OptBool:0x00007fa6c7f8bfe0 @name="HTTP::uri_fake_params_start", @advanced=false, @evasion=true, @aliases=[], @max_length=nil, @conditions=[], @fallbacks=[], @required=false, @desc="Add a fake start of params to the URI (eg: /%3fa=b/../)", @default=false, @enums=[], @owner=Msf::Modules::Exploit__Multi__Http__Lcms_php_exec::MetasploitModule>, "HTTP::header_folding"=>#<Msf::OptBool:0x00007fa6c7f8ba40 @name="HTTP::header_folding", @advanced=false, @evasion=true, @aliases=[], @max_length=nil, @conditions=[], @fallbacks=[], @required=false, @desc="Enable folding of HTTP headers", @default=false, @enums=[], @owner=Msf::Modules::Exploit__Multi__Http__Lcms_php_exec::MetasploitModule>, "URI"=>#<Msf::OptString:0x00007fa6c7f8a820 @name="URI", @advanced=false, @evasion=false, @aliases=[], @max_length=nil, @conditions=[], @fallbacks=[], @required=true, @desc="URI", @default="/lcms/", @enums=[], @owner=Msf::Modules::Exploit__Multi__Http__Lcms_php_exec::MetasploitModule>}, @aliases={"rhost"=>"rhosts"}, @defaults={"PAYLOAD"=>"php/meterpreter/reverse_tcp", "LHOST"=>"100.115.92.202"}, @user_defined={"RHOSTS"=>"43.152.182.46"}, @_module=#<Module:exploit/multi/http/lcms_php_exec datastore=[#<Msf::ModuleDataStore:0x00007fa6c5951b40 ...>]>>]>
from (pry):4:in `__pry__'
[2] pry(#<Msf::Modules::Exploit__Multi__Http__Lcms_php_exec::MetasploitModule>)> exit
msf6 exploit(multi/http/lcms_php_exec) > run
[*] Started reverse TCP handler on 100.115.92.202:4444
=> #<Binding:0x00007fd161b650f0>
>> browser_profiles
=> {}
>> caller
=>
["/opt/metasploit-framework/embedded/lib/ruby/gems/3.2.0/gems/irb-1.7.4/lib/irb/workspace.rb:113:in `eval'",
"/opt/metasploit-framework/embedded/lib/ruby/gems/3.2.0/gems/irb-1.7.4/lib/irb/workspace.rb:113:in `evaluate'",
"/opt/metasploit-framework/embedded/lib/ruby/gems/3.2.0/gems/irb-1.7.4/lib/irb/context.rb:523:in `evaluate'",
"/opt/metasploit-framework/embedded/lib/ruby/gems/3.2.0/gems/irb-1.7.4/lib/irb.rb:598:in `evaluate_line'",
"/opt/metasploit-framework/embedded/lib/ruby/gems/3.2.0/gems/irb-1.7.4/lib/irb.rb:563:in `block (2 levels) in eval_input'",
"/opt/metasploit-framework/embedded/lib/ruby/gems/3.2.0/gems/irb-1.7.4/lib/irb.rb:764:in `signal_status'",
"/opt/metasploit-framework/embedded/lib/ruby/gems/3.2.0/gems/irb-1.7.4/lib/irb.rb:559:in `block in eval_input'",
"/opt/metasploit-framework/embedded/lib/ruby/gems/3.2.0/gems/irb-1.7.4/lib/irb/ruby-lex.rb:251:in `block in each_top_level_statement'",
"/opt/metasploit-framework/embedded/lib/ruby/gems/3.2.0/gems/irb-1.7.4/lib/irb/ruby-lex.rb:245:in `loop'",
"/opt/metasploit-framework/embedded/lib/ruby/gems/3.2.0/gems/irb-1.7.4/lib/irb/ruby-lex.rb:245:in `each_top_level_statement'",
"/opt/metasploit-framework/embedded/lib/ruby/gems/3.2.0/gems/irb-1.7.4/lib/irb.rb:558:in `eval_input'",
"/opt/metasploit-framework/embedded/framework/lib/rex/ui/text/irb_shell.rb:50:in `block in run'",
"/opt/metasploit-framework/embedded/framework/lib/rex/ui/text/irb_shell.rb:49:in `catch'",
"/opt/metasploit-framework/embedded/framework/lib/rex/ui/text/irb_shell.rb:49:in `run'",
"/opt/metasploit-framework/embedded/framework/lib/msf/ui/console/command_dispatcher/developer.rb:142:in `block in cmd_irb'",
"/opt/metasploit-framework/embedded/framework/lib/rex/ui/text/shell/history_manager.rb:35:in `with_context'",
"/opt/metasploit-framework/embedded/framework/lib/msf/ui/console/command_dispatcher/developer.rb:135:in `cmd_irb'",
"/opt/metasploit-framework/embedded/framework/lib/rex/ui/text/dispatcher_shell.rb:582:in `run_command'",
"/opt/metasploit-framework/embedded/framework/lib/rex/ui/text/dispatcher_shell.rb:531:in `block in run_single'",
"/opt/metasploit-framework/embedded/framework/lib/rex/ui/text/dispatcher_shell.rb:525:in `each'",
"/opt/metasploit-framework/embedded/framework/lib/rex/ui/text/dispatcher_shell.rb:525:in `run_single'",
"/opt/metasploit-framework/embedded/framework/lib/rex/ui/text/shell.rb:165:in `block in run'",
"/opt/metasploit-framework/embedded/framework/lib/rex/ui/text/shell.rb:309:in `block in with_history_manager_context'",
"/opt/metasploit-framework/embedded/framework/lib/rex/ui/text/shell/history_manager.rb:35:in `with_context'",
"/opt/metasploit-framework/embedded/framework/lib/rex/ui/text/shell.rb:306:in `with_history_manager_context'",
"/opt/metasploit-framework/embedded/framework/lib/rex/ui/text/shell.rb:133:in `run'",
"/opt/metasploit-framework/embedded/framework/lib/metasploit/framework/command/console.rb:54:in `start'",
"/opt/metasploit-framework/embedded/framework/lib/metasploit/framework/command/base.rb:82:in `start'",
"/opt/metasploit-framework/bin/../embedded/framework/msfconsole:23:in `<main>'"]
=> #<Msf::DataStore:0x00007fd169f7e580 @aliases={}, @defaults={}, @options={}, @user_defined={"VERBOSE"=>"true", "HttpTrace"=>"true"}>
>> display
#<Msf::Framework:0x00007fd167f4eb20>=> nil
>> deep_dup
=> #<Framework (0 sessions, 0 jobs, 0 plugins, postgresql database active)>
>> db
=>
#<Metasploit::Framework::DataService::DataProxy:0x00007fd165a87148
@current_data_service=
#<Msf::DBManager:0x00007fd1663b6cc8
@driver="postgresql",
@drivers=["postgresql"],
@framework=#<Framework (0 sessions, 0 jobs, 0 plugins, postgresql database active)>,
@migrated=true,
@modules_cached=false,
@modules_caching=false,
@usable=true>,
@current_workspace=
#<Mdm::Workspace:0x00007fd165b17ec8
id: 1,
name: "default",
created_at: 2025-04-27 17:56:58.082584 UTC,
updated_at: 2025-04-27 17:56:58.082584 UTC,
boundary: nil,
description: nil,
owner_id: nil,
limit_to_network: false,
import_fingerprint: false>,
@data_service_id=1,
@data_services=
{1=>
#<Msf::DBManager:0x00007fd1663b6cc8
@driver="postgresql",
@drivers=["postgresql"],
@framework=#<Framework (0 sessions, 0 jobs, 0 plugins, postgresql database active)>,
@migrated=true,
@modules_cached=false,
@modules_caching=false,
@usable=true>},
@usable=true>
=>
{"cmd/base64"=>nil,
"cmd/brace"=>nil,
"cmd/echo"=>nil,
"cmd/generic_sh"=>nil,
"cmd/ifs"=>nil,
"cmd/perl"=>nil,
"cmd/powershell_base64"=>nil,
"cmd/printf_php_mq"=>nil,
"generic/eicar"=>nil,
"generic/none"=>nil,
"mipsbe/byte_xori"=>nil,
"mipsbe/longxor"=>nil,
"mipsle/byte_xori"=>nil,
"mipsle/longxor"=>nil,
"php/base64"=>nil,
"php/hex"=>nil,
"php/minify"=>nil,
"ppc/longxor"=>nil,
"ppc/longxor_tag"=>nil,
"ruby/base64"=>nil,
"sparc/longxor_tag"=>nil,
"x64/xor"=>nil,
"x64/xor_context"=>nil,
"x64/xor_dynamic"=>nil,
"x64/zutto_dekiru"=>nil,
"x86/add_sub"=>nil,
"x86/alpha_mixed"=>nil,
"x86/alpha_upper"=>nil,
"x86/avoid_underscore_tolower"=>nil,
"x86/avoid_utf8_tolower"=>nil,
"x86/bloxor"=>nil,
"x86/bmp_polyglot"=>nil,
"x86/call4_dword_xor"=>nil,
"x86/context_cpuid"=>nil,
"x86/context_stat"=>nil,
"x86/context_time"=>nil,
"x86/countdown"=>nil,
"x86/fnstenv_mov"=>nil,
"x86/jmp_call_additive"=>nil,
"x86/nonalpha"=>nil,
"x86/nonupper"=>nil,
"x86/opt_sub"=>nil,
"x86/service"=>nil,
"x86/shikata_ga_nai"=>nil,
"x86/single_static_bit"=>nil,
"x86/unicode_mixed"=>nil,
"x86/unicode_upper"=>nil,
"x86/xor_dynamic"=>nil,
"x86/xor_poly"=>nil}
=>
#<Msf::FeatureManager:0x00007fd167e9f508
@flag_lookup=
{"wrapped_tables"=>
{:name=>"wrapped_tables",
:description=>"When enabled Metasploit will wordwrap all tables to fit into the available terminal width",
:default_value=>true,
:developer_notes=>"This functionality is enabled by default now, and the feature flag can be removed now"},
"fully_interactive_shells"=>
{:name=>"fully_interactive_shells",
:description=>"When enabled you will have the option to drop into a fully interactive shell from within meterpreter",
:default_value=>false,
:developer_notes=>
"Development paused as the interaction time feels clunky, especially for slow transport layers like HTTP on Mettle. Would require changes to the transport sleep/priority logic"},
"manager_commands"=>
{:name=>"manager_commands",
:description=>"When enabled you will have access to manager commands such as _servicemanager and _historymanager",
:default_value=>false,
:developer_notes=>"Useful for developers, likely not to ever be useful for an average user"},
"metasploit_payload_warnings"=>
{:name=>"metasploit_payload_warnings",
:description=>
"When enabled Metasploit will output warnings about missing Metasploit payloads, for instance if they were removed by antivirus etc",
:requires_restart=>true,
:default_value=>true,
:developer_notes=>"Enabled in Metasploit 6.4.x"},
"defer_module_loads"=>
{:name=>"defer_module_loads",
:description=>"When enabled will not eagerly load all modules",
:requires_restart=>true,
:default_value=>false,
:developer_notes=>"Needs a final round of testing. Can be enabled after 6.4.0 is released."},
"smb_session_type"=>
{:name=>"smb_session_type",
:description=>"When enabled will allow for the creation/use of smb sessions",
:requires_restart=>true,
:default_value=>true,
:developer_notes=>"Enabled in Metasploit 6.4.x"},
"postgresql_session_type"=>
{:name=>"postgresql_session_type",
:description=>"When enabled will allow for the creation/use of PostgreSQL sessions",
:requires_restart=>true,
:default_value=>true,
:developer_notes=>"Enabled in Metasploit 6.4.x"},
"mysql_session_type"=>
{:name=>"mysql_session_type",
:description=>"When enabled will allow for the creation/use of MySQL sessions",
:requires_restart=>true,
:default_value=>true,
:developer_notes=>"Enabled in Metasploit 6.4.x"},
"mssql_session_type"=>
{:name=>"mssql_session_type",
:description=>"When enabled will allow for the creation/use of mssql sessions",
:requires_restart=>true,
:default_value=>true,
:developer_notes=>"Enabled in Metasploit 6.4.x"},
"ldap_session_type"=>
{:name=>"ldap_session_type",
:description=>"When enabled will allow for the creation/use of LDAP sessions",
:requires_restart=>true,
:default_value=>true,
:developer_notes=>"Enabled in Metasploit 6.4.52"},
"show_successful_logins"=>
{:name=>"show_successful_logins",
:description=>"When enabled scanners/login modules will return a table off successful logins once the module completes",
:requires_restart=>false,
:default_value=>false,
:developer_notes=>"To be enabled after appropriate testing"},
"dns"=>
{:name=>"dns",
:description=>"When enabled allows configuration of DNS resolution behaviour in Metasploit",
:requires_restart=>true,
:default_value=>true,
:developer_notes=>"Enabled in Metasploit 6.4.x"},
"hierarchical_search_table"=>
{:name=>"hierarchical_search_table",
:description=>"When enabled the search table is enhanced to show details on module actions and targets",
:requires_restart=>false,
:default_value=>true,
:developer_notes=>"Enabled in Metasploit 6.4.x"},
"display_module_action"=>
{:name=>"display_module_action",
:description=>"When enabled after using a module the current action and number of actions will be displayed",
:requires_restart=>false,
:default_value=>true,
:developer_notes=>"Added as a feature so users can turn it off if they wish to reduce clutter in their terminal"}}>
[*] [Normal response body: 0 code: 418]Metasploit version
Get this with the version command in msfconsole (or git log -1 --pretty=oneline for a source install).
Framework: 6.4.55-dev-
Console : 6.4.55-dev-
Additional Information
If your version is less than 5.0.96, please update to the latest version and ensure your issue is still present.
If the issue is encountered within msfconsole, please run the debug command using the instructions below. If the issue is encountered outisde msfconsole, or the issue causes msfconsole to crash on startup, please delete this section.
- Start
msfconsole - Run the command
set loglevel 3
[09/26/2025 11:00:26] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[09/26/2025 11:00:30] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[09/26/2025 11:00:33] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[09/26/2025 11:03:24] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[09/26/2025 11:03:24] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[09/26/2025 11:03:28] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[09/26/2025 11:03:31] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported
[09/26/2025 11:14:50] [e(0)] core: Dependency for windows/encrypted_shell_reverse_tcp is not supported
[09/26/2025 11:14:51] [e(0)] core: Dependency for windows/x64/encrypted_shell_reverse_tcp is not supported
[09/26/2025 11:14:54] [e(0)] core: Dependency for windows/encrypted_reverse_tcp is not supported
[09/26/2025 11:14:57] [e(0)] core: Dependency for windows/x64/encrypted_reverse_tcp is not supported4. Take the steps necessary recreate your issue
5. Run the debug command
</details>
## Web Service Logs
The following web service logs were recorded before the issue occurred:
<details>
<summary>Collapse</summary>msf-ws.log does not exist.
</details>
## Version/Install
The versions and install method of your Metasploit setup:
<details>
<summary>Collapse</summary>
Framework: 6.4.55-dev-
Ruby: ruby 3.2.5 (2024-07-26 revision 31d0f1a2e7) [x86_64-linux]
OpenSSL: OpenSSL 1.1.1t 7 Feb 2023
Install Root: /opt/metasploit-framework/embedded/framework
Session Type: Connected to msf. Connection type: postgresql.
Install Method: Omnibus Installer
</details>
7. Copy all the output below the ===8<=== CUT AND PASTE EVERYTHING BELOW THIS LINE ===8<=== line and make sure to REMOVE ANY SENSITIVE INFORMATION.
8. Replace these instructions and the paragraph above with the output from step 5.