Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The apache_rocketmq_update_config exploit check method never times out #19035

Closed
jsherwood0 opened this issue Mar 30, 2024 · 0 comments · Fixed by #19141
Closed

The apache_rocketmq_update_config exploit check method never times out #19035

jsherwood0 opened this issue Mar 30, 2024 · 0 comments · Fixed by #19141
Labels
bug

Comments

@jsherwood0
Copy link
Contributor

Steps to reproduce

  1. use exploit/multi/http/apache_rocketmq_update_config
  2. Set RHOSTS to a large batch of hosts running http servers (with some not running RocketMQ, and with some no longer online)
  3. Run the check
  4. Note that eventually ctrl-c will be required to move past various hosts that did not respond as expected
     

Were you following a specific guide/tutorial or reading documentation?

No

Expected behavior

When a host is not responding as RocketMQ is expected to within a given timeout, the check should move on to the next host.

Current behavior

At this point you should see that eventually the check will stall on a host and never continue (i.e., several hours with no progress). This appears to occur due to a variety of reasons (e.g., host offline, host not running RocketMQ, etc.)

Metasploit version

6.3.55-dev

Additional Information

Module/Datastore

The following global/module datastore, and database setup was configured before the issue occurred:

Collapse 
[framework/ui/console]
ActiveModule=exploit/multi/http/apache_rocketmq_update_config

[multi/http/apache_rocketmq_update_config]
RHOSTS=10.253.180.211
RPORT=746
SSL=true
loglevel=3
WORKSPACE=
VERBOSE=false
WfsDelay=60
EnableContextEncoding=false
ContextInformationFile=
DisablePayloadHandler=false
SSLServerNameIndication=
SSLVersion=Auto
SSLVerifyMode=PEER
SSLCipher=
Proxies=
CPORT=
CHOST=
ConnectTimeout=10
TCP::max_send_size=0
TCP::send_delay=0
EXE::EICAR=false
EXE::Custom=
EXE::Path=
EXE::Template=
EXE::Inject=false
EXE::OldMethod=false
EXE::FallBack=false
MSI::EICAR=false
MSI::Custom=
MSI::Path=
MSI::Template=
MSI::UAC=false
SRVHOST=0.0.0.0
SRVPORT=8080
ListenerBindAddress=
ListenerBindPort=
ListenerComm=
SSLCert=
SSLCompression=false
URIPATH=
HTTP::no_cache=false
HTTP::chunked=false
HTTP::header_folding=false
HTTP::junk_headers=false
HTTP::compression=none
HTTP::server_name=Apache
URIHOST=
URIPORT=
SendRobots=false
CMDSTAGER::FLAVOR=auto
CMDSTAGER::DECODER=
CMDSTAGER::TEMP=
CMDSTAGER::URIPATH=
CMDSTAGER::SSL=false
BROKER_PORT=10911
AutoCheck=true
ForceExploit=false
LHOST=
LPORT=4444
ReverseListenerBindPort=
ReverseAllowProxy=false
ReverseListenerComm=
ReverseListenerBindAddress=
ReverseListenerThreaded=false
StagerRetryCount=10
StagerRetryWait=5
AutoLoadStdapi=true
AutoVerifySessionTimeout=30
InitialAutoRunScript=
AutoRunScript=
AutoSystemInfo=true
EnableUnicodeEncoding=false
HandlerSSLCert=
SessionRetryTotal=3600
SessionRetryWait=10
SessionExpirationTimeout=604800
SessionCommunicationTimeout=300
PayloadProcessCommandLine=
AutoUnhookProcess=false
MeterpreterDebugBuild=false
MeterpreterDebugLogging=
PingbackRetries=0
PingbackSleep=30
PayloadUUIDSeed=
PayloadUUIDRaw=
PayloadUUIDName=
PayloadUUIDTracking=false
EnableStageEncoding=false
StageEncoder=
StageEncoderSaveRegisters=
StageEncodingFallback=true
PrependFork=false
PrependSetresuid=false
PrependSetreuid=false
PrependSetuid=false
PrependSetresgid=false
PrependSetregid=false
PrependSetgid=false
PrependChrootBreak=false
AppendExit=false
MeterpreterTryToFork=false
FETCH_DELETE=false
FETCH_FILENAME=yIfWKqqQ
FETCH_SRVPORT=8080
FETCH_SRVHOST=
FETCH_URIPATH=
FETCH_WRITABLE_DIR=
FetchListenerBindAddress=
FetchListenerBindPort=
FetchHandlerDisable=false
FetchServerName=Apache
FetchHttpServerName=Apache
FETCH_COMMAND=CURL

Database Configuration

The database contains the following information:

Collapse 
Session Type: Connected to msf. Connection type: postgresql.
ID Hosts Vulnerabilities Notes Services
1 (Current) 6,407 625 8,413 13,152
Total (1) 6,407 625 8,413 13,155

History

The following commands were ran during the session and before this issue occurred:

Collapse 
1505   set loglevel 3
1506   use multi/http/apache_rocketmq_update_config
1507   set RHOSTS 10.253.180.211
1508   set RPORT 746
1509   set SSL true
1510   check
1511   debug

Framework Errors

The following framework errors occurred before the issue occurred:

Collapse 
[03/30/2024 13:19:27] [e(0)] core: 137.187.4.232:443 - Check failed: The state could not be determined.
/usr/share/metasploit-framework/lib/msf/ui/console/module_command_dispatcher.rb:60:in `check_multiple'
/usr/share/metasploit-framework/lib/msf/ui/console/module_command_dispatcher.rb:155:in `cmd_check'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:581:in `run_command'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:530:in `block in run_single'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:524:in `each'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:524:in `run_single'
(eval):23:in `block in load_resource'
(eval):10:in `each'
(eval):10:in `load_resource'
/usr/share/metasploit-framework/lib/rex/ui/text/resource.rb:60:in `eval'
/usr/share/metasploit-framework/lib/rex/ui/text/resource.rb:60:in `load_resource'
/usr/share/metasploit-framework/lib/msf/ui/console/driver.rb:195:in `block in initialize'
/usr/share/metasploit-framework/lib/msf/ui/console/driver.rb:194:in `each'
/usr/share/metasploit-framework/lib/msf/ui/console/driver.rb:194:in `initialize'
/usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:66:in `new'
/usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:66:in `driver'
/usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:54:in `start'
/usr/share/metasploit-framework/lib/metasploit/framework/command/base.rb:82:in `start'
/usr/bin/msfconsole:23:in `<main>'
[03/30/2024 13:19:27] [e(0)] core: Exploit failed (multi/http/apache_rocketmq_update_config): NoMethodError undefined method `[]' for nil:NilClass - NoMethodError undefined method `[]' for nil:NilClass
[03/30/2024 13:19:27] [e(0)] core: 165.112.117.78:443 - Check failed: The state could not be determined.
/usr/share/metasploit-framework/lib/msf/ui/console/module_command_dispatcher.rb:60:in `check_multiple'
/usr/share/metasploit-framework/lib/msf/ui/console/module_command_dispatcher.rb:155:in `cmd_check'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:581:in `run_command'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:530:in `block in run_single'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:524:in `each'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:524:in `run_single'
(eval):23:in `block in load_resource'
(eval):10:in `each'
(eval):10:in `load_resource'
/usr/share/metasploit-framework/lib/rex/ui/text/resource.rb:60:in `eval'
/usr/share/metasploit-framework/lib/rex/ui/text/resource.rb:60:in `load_resource'
/usr/share/metasploit-framework/lib/msf/ui/console/driver.rb:195:in `block in initialize'
/usr/share/metasploit-framework/lib/msf/ui/console/driver.rb:194:in `each'
/usr/share/metasploit-framework/lib/msf/ui/console/driver.rb:194:in `initialize'
/usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:66:in `new'
/usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:66:in `driver'
/usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:54:in `start'
/usr/share/metasploit-framework/lib/metasploit/framework/command/base.rb:82:in `start'
/usr/bin/msfconsole:23:in `<main>'
[03/30/2024 13:21:27] [e(0)] core: Exploit failed (multi/http/apache_rocketmq_update_config): NoMethodError undefined method `[]' for nil:NilClass - NoMethodError undefined method `[]' for nil:NilClass
[03/30/2024 13:21:27] [e(0)] core: 10.142.121.206:631 - Check failed: The state could not be determined.
/usr/share/metasploit-framework/lib/msf/ui/console/module_command_dispatcher.rb:60:in `check_multiple'
/usr/share/metasploit-framework/lib/msf/ui/console/module_command_dispatcher.rb:155:in `cmd_check'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:581:in `run_command'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:530:in `block in run_single'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:524:in `each'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:524:in `run_single'
(eval):23:in `block in load_resource'
(eval):10:in `each'
(eval):10:in `load_resource'
/usr/share/metasploit-framework/lib/rex/ui/text/resource.rb:60:in `eval'
/usr/share/metasploit-framework/lib/rex/ui/text/resource.rb:60:in `load_resource'
/usr/share/metasploit-framework/lib/msf/ui/console/driver.rb:195:in `block in initialize'
/usr/share/metasploit-framework/lib/msf/ui/console/driver.rb:194:in `each'
/usr/share/metasploit-framework/lib/msf/ui/console/driver.rb:194:in `initialize'
/usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:66:in `new'
/usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:66:in `driver'
/usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:54:in `start'
/usr/share/metasploit-framework/lib/metasploit/framework/command/base.rb:82:in `start'
/usr/bin/msfconsole:23:in `<main>'
[03/30/2024 13:21:27] [e(0)] core: Exploit failed (multi/http/apache_rocketmq_update_config): NoMethodError undefined method `[]' for nil:NilClass - NoMethodError undefined method `[]' for nil:NilClass
[03/30/2024 13:21:27] [e(0)] core: 128.231.59.246:631 - Check failed: The state could not be determined.
/usr/share/metasploit-framework/lib/msf/ui/console/module_command_dispatcher.rb:60:in `check_multiple'
/usr/share/metasploit-framework/lib/msf/ui/console/module_command_dispatcher.rb:155:in `cmd_check'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:581:in `run_command'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:530:in `block in run_single'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:524:in `each'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:524:in `run_single'
(eval):23:in `block in load_resource'
(eval):10:in `each'
(eval):10:in `load_resource'
/usr/share/metasploit-framework/lib/rex/ui/text/resource.rb:60:in `eval'
/usr/share/metasploit-framework/lib/rex/ui/text/resource.rb:60:in `load_resource'
/usr/share/metasploit-framework/lib/msf/ui/console/driver.rb:195:in `block in initialize'
/usr/share/metasploit-framework/lib/msf/ui/console/driver.rb:194:in `each'
/usr/share/metasploit-framework/lib/msf/ui/console/driver.rb:194:in `initialize'
/usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:66:in `new'
/usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:66:in `driver'
/usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:54:in `start'
/usr/share/metasploit-framework/lib/metasploit/framework/command/base.rb:82:in `start'
/usr/bin/msfconsole:23:in `<main>'
[03/30/2024 13:22:27] [e(0)] core: Exploit failed (multi/http/apache_rocketmq_update_config): NoMethodError undefined method `[]' for nil:NilClass - NoMethodError undefined method `[]' for nil:NilClass
[03/30/2024 13:22:27] [e(0)] core: 137.187.4.232:631 - Check failed: The state could not be determined.
/usr/share/metasploit-framework/lib/msf/ui/console/module_command_dispatcher.rb:60:in `check_multiple'
/usr/share/metasploit-framework/lib/msf/ui/console/module_command_dispatcher.rb:155:in `cmd_check'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:581:in `run_command'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:530:in `block in run_single'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:524:in `each'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:524:in `run_single'
(eval):23:in `block in load_resource'
(eval):10:in `each'
(eval):10:in `load_resource'
/usr/share/metasploit-framework/lib/rex/ui/text/resource.rb:60:in `eval'
/usr/share/metasploit-framework/lib/rex/ui/text/resource.rb:60:in `load_resource'
/usr/share/metasploit-framework/lib/msf/ui/console/driver.rb:195:in `block in initialize'
/usr/share/metasploit-framework/lib/msf/ui/console/driver.rb:194:in `each'
/usr/share/metasploit-framework/lib/msf/ui/console/driver.rb:194:in `initialize'
/usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:66:in `new'
/usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:66:in `driver'
/usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:54:in `start'
/usr/share/metasploit-framework/lib/metasploit/framework/command/base.rb:82:in `start'
/usr/bin/msfconsole:23:in `<main>'
[03/30/2024 13:26:08] [e(0)] core: Check Failed - Interrupt

Web Service Errors

The following web service errors occurred before the issue occurred:

Collapse 
msf-ws.log does not exist.

Framework Logs

The following framework logs were recorded before the issue occurred:

Collapse 
/usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:66:in `driver'
/usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:54:in `start'
/usr/share/metasploit-framework/lib/metasploit/framework/command/base.rb:82:in `start'
/usr/bin/msfconsole:23:in `<main>'
[03/30/2024 13:21:27] [e(0)] core: Exploit failed (multi/http/apache_rocketmq_update_config): NoMethodError undefined method `[]' for nil:NilClass - NoMethodError undefined method `[]' for nil:NilClass
[03/30/2024 13:21:27] [e(0)] core: 128.231.59.246:631 - Check failed: The state could not be determined.
/usr/share/metasploit-framework/lib/msf/ui/console/module_command_dispatcher.rb:60:in `check_multiple'
/usr/share/metasploit-framework/lib/msf/ui/console/module_command_dispatcher.rb:155:in `cmd_check'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:581:in `run_command'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:530:in `block in run_single'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:524:in `each'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:524:in `run_single'
(eval):23:in `block in load_resource'
(eval):10:in `each'
(eval):10:in `load_resource'
/usr/share/metasploit-framework/lib/rex/ui/text/resource.rb:60:in `eval'
/usr/share/metasploit-framework/lib/rex/ui/text/resource.rb:60:in `load_resource'
/usr/share/metasploit-framework/lib/msf/ui/console/driver.rb:195:in `block in initialize'
/usr/share/metasploit-framework/lib/msf/ui/console/driver.rb:194:in `each'
/usr/share/metasploit-framework/lib/msf/ui/console/driver.rb:194:in `initialize'
/usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:66:in `new'
/usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:66:in `driver'
/usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:54:in `start'
/usr/share/metasploit-framework/lib/metasploit/framework/command/base.rb:82:in `start'
/usr/bin/msfconsole:23:in `<main>'
[03/30/2024 13:21:57] [d(0)] core: Reloading module exploit/multi/http/apache_rocketmq_update_config...
[03/30/2024 13:21:57] [w(0)] core: The module multi/http/apache_rocketmq_update_config is ambiguous with multi/http/apache_rocketmq_update_config.
[03/30/2024 13:21:57] [d(0)] core: Refreshing multi/http/apache_rocketmq_update_config of type: exploit
[03/30/2024 13:22:27] [e(0)] core: Exploit failed (multi/http/apache_rocketmq_update_config): NoMethodError undefined method `[]' for nil:NilClass - NoMethodError undefined method `[]' for nil:NilClass
[03/30/2024 13:22:27] [e(0)] core: 137.187.4.232:631 - Check failed: The state could not be determined.
/usr/share/metasploit-framework/lib/msf/ui/console/module_command_dispatcher.rb:60:in `check_multiple'
/usr/share/metasploit-framework/lib/msf/ui/console/module_command_dispatcher.rb:155:in `cmd_check'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:581:in `run_command'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:530:in `block in run_single'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:524:in `each'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:524:in `run_single'
(eval):23:in `block in load_resource'
(eval):10:in `each'
(eval):10:in `load_resource'
/usr/share/metasploit-framework/lib/rex/ui/text/resource.rb:60:in `eval'
/usr/share/metasploit-framework/lib/rex/ui/text/resource.rb:60:in `load_resource'
/usr/share/metasploit-framework/lib/msf/ui/console/driver.rb:195:in `block in initialize'
/usr/share/metasploit-framework/lib/msf/ui/console/driver.rb:194:in `each'
/usr/share/metasploit-framework/lib/msf/ui/console/driver.rb:194:in `initialize'
/usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:66:in `new'
/usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:66:in `driver'
/usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:54:in `start'
/usr/share/metasploit-framework/lib/metasploit/framework/command/base.rb:82:in `start'
/usr/bin/msfconsole:23:in `<main>'
[03/30/2024 13:26:08] [e(0)] core: Check Failed - Interrupt

Web Service Logs

The following web service logs were recorded before the issue occurred:

Collapse 
msf-ws.log does not exist.

Version/Install

The versions and install method of your Metasploit setup:

Collapse 
Framework: 6.3.55-dev
Ruby: ruby 3.1.2p20 (2022-04-12 revision 4491bb740a) [x86_64-linux-gnu]
OpenSSL: OpenSSL 3.1.4 24 Oct 2023
Install Root: /usr/share/metasploit-framework
Session Type: Connected to msf. Connection type: postgresql.
Install Method: Other - Please specify
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
Metasploit Kanban
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Apache RocketMQ & ActiveMQ fixes jheysel-r7/metasploit-framework
2 participants
@jsherwood0 @smcintyre-r7