攻击失败:#<Module:exploit/unix/smtp/exim4_string_format的NoMethodError未定义方法`smtp_send_recv‘
我试图使用Metasploit的Exim工具运行一个漏洞。在此过程中,我将使用exim4_string_format模块。我给了一个RHOST, LHOSTS AND LPORT作为信息。攻击reverse_perl有效负载。因此,发生了以下错误:
[*] Started reverse TCP handler on 192.168.56.2:443
[*] 192.168.56.5:25 - Connecting to 192.168.56.5:25 ...
[*] 192.168.56.5:25 - Server: 220 localhost ESMTP Exim 4.68 Thu, 22 Dec 2022 23:01:22 +0000
[-] 192.168.56.5:25 - Exploit failed: NoMethodError undefined method `smtp_send_recv' for #nil, "VERBOSE"=>false, "WfsDelay"=>2, "EnableContextEncoding"=>false, "ContextInformationFile"=>nil, "DisablePayloadHandler"=>false, "RHOSTS"=>"192.168.56.5", "RPORT"=>25, "SSL"=>false, "SSLServerNameIndication"=>nil, "SSLVersion"=>"Auto", "SSLVerifyMode"=>"PEER", "SSLCipher"=>nil, "Proxies"=>nil, "CPORT"=>nil, "CHOST"=>nil, "ConnectTimeout"=>10, "TCP::max_send_size"=>0, "TCP::send_delay"=>0, "MAILFROM"=>"root@localhost", "MAILTO"=>"postmaster@localhost", "EHLO_NAME"=>nil, "SourceAddress"=>nil, "SkipEscalation"=>false, "SkipVersionCheck"=>false, "PAYLOAD"=>"cmd/unix/reverse_perl", "LHOST"=>"192.168.56.2", "LPORT"=>443, "UNPARSED_RHOSTS"=>"192.168.56.5", "RHOSTNAME"=>nil, "ReverseListenerBindPort"=>nil, "ReverseAllowProxy"=>false, "ReverseListenerComm"=>nil, "ReverseListenerBindAddress"=>nil, "ReverseListenerThreaded"=>false, "StagerRetryCount"=>10, "StagerRetryWait"=>5, "CreateSession"=>true, "InitialAutoRunScript"=>nil, "AutoRunScript"=>nil, "CommandShellCleanupCommand"=>nil, "AutoVerifySession"=>true, "TARGET"=>0}]>
[*] Exploit completed, but no session was created.我该如何修复它才能让我的功劳获得成功?
回答 1
Security用户
发布于 2022-12-23 16:15:58
按照https://github.com/search?q=repo%3Arapid7/metasploit-framework%20smtp_发送_recv&type=code的说法,这里缺少的函数是在lib/msf/core/exploit/remote/smtp_deliver.rb中定义的,也就是Msf::D1::Remote::SMTPDeliver,如https://github.com/rapid7/metasploit-framework/blob/a526604bb3f36b15a82e385e2e681503c215349c/lib/msf/core/exploit/remote/smtp_deliver.rb#L236中所指出的那样。
所讨论的文件是从include Msf::Exploit::Remote::Smtp加载的,但是查看文件的定义位置(在https://github.com/rapid7/metasploit-framework/blob/a526604bb3f36b15a82e385e2e681503c215349c/lib/msf/core/exploit/remote/smtp.rb处)显示,该文件没有导入Msf::Exploit::Remote::SMTPDeliver mixin。
我的猜测是,这是我们这边的一个错误,您可以通过在文件的顶部添加一个include Exploit::Remote::SMTPDeliver行来临时修补这个错误,以包括缺少的smtp_send_recv定义。
尽管可以在https://github.com/rapid7/metasploit-framework/issues/new?assignees=&labels=bug&template=bug_report.md上提出一个bug报告,但是这将帮助我们更快地跟踪和解决这个问题。
https://security.stackexchange.com/questions/267250
复制相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号