1、启动msfconsole失败并报如下错误:

/usr/share/metasploit-framework/lib/msf/core/payload/android.rb:86:in `not_after=': bignum too big to convert into `long' (RangeError)

    from /usr/share/metasploit-framework/lib/msf/core/payload/android.rb:86:in `sign_jar'

    from /usr/share/metasploit-framework/lib/msf/core/payload/android.rb:117:in `generate_jar'

    from /usr/share/metasploit-framework/modules/payloads/singles/android/meterpreter_reverse_tcp.rb:44:in `generate_jar'

    from /usr/share/metasploit-framework/lib/msf/core/payload/android.rb:38:in `generate'

    from /usr/share/metasploit-framework/lib/msf/core/payload.rb:204:in `size'

    from /usr/share/metasploit-framework/lib/msf/core/payload_set.rb:91:in `block in recalculate'

    from /usr/share/metasploit-framework/lib/msf/core/payload_set.rb:78:in `each_pair'

    from /usr/share/metasploit-framework/lib/msf/core/payload_set.rb:78:in `recalculate'

    from /usr/share/metasploit-framework/lib/msf/core/modules/loader/base.rb:250:in `block in load_modules'

    from /usr/share/metasploit-framework/lib/msf/core/modules/loader/base.rb:247:in `each'

    from /usr/share/metasploit-framework/lib/msf/core/modules/loader/base.rb:247:in `load_modules'

    from /usr/share/metasploit-framework/lib/msf/core/module_manager/loading.rb:119:in `block in load_modules'

    from /usr/share/metasploit-framework/lib/msf/core/module_manager/loading.rb:117:in `each'

    from /usr/share/metasploit-framework/lib/msf/core/module_manager/loading.rb:117:in `load_modules'

    from /usr/share/metasploit-framework/lib/msf/core/module_manager/module_paths.rb:41:in `block in add_module_path'

    from /usr/share/metasploit-framework/lib/msf/core/module_manager/module_paths.rb:40:in `each'

    from /usr/share/metasploit-framework/lib/msf/core/module_manager/module_paths.rb:40:in `add_module_path'

    from /usr/share/metasploit-framework/lib/msf/base/simple/framework/module_paths.rb:50:in `block in init_module_paths'

    from /usr/share/metasploit-framework/lib/msf/base/simple/framework/module_paths.rb:49:in `each'

    from /usr/share/metasploit-framework/lib/msf/base/simple/framework/module_paths.rb:49:in `init_module_paths'

    from /usr/share/metasploit-framework/lib/msf/ui/console/driver.rb:219:in `initialize'

    from /usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:62:in `new'

    from /usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:62:in `driver'

    from /usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:48:in `start'

    from /usr/share/metasploit-framework/lib/metasploit/framework/command/base.rb:82:in `start'

    from /usr/bin/msfconsole:48:in `<main>'

2、修改android.rb文件

vi /usr/share/metasploit-framework/lib/msf/core/payload/android.rb

将其替换成

# -*- coding: binary -*-

require 'msf/core'

require 'msf/core/payload/uuid/options'

require 'msf/core/payload/transport_config'

require 'rex/payloads/meterpreter/config'

module Msf::Payload::Android

  include Msf::Payload::TransportConfig

  include Msf::Payload::UUID::Options

  #

  # Fix the dex header checksum and signature

  # http://source.android.com/tech/dalvik/dex-format.html

  #

  def fix_dex_header(dexfile)

    dexfile = dexfile.unpack('a8LH40a*')

    dexfile[2] = Digest::SHA1.hexdigest(dexfile[3])

    dexfile[1] = Zlib.adler32(dexfile[2..-1].pack('H40a*'))

    dexfile.pack('a8LH40a*')

  end

  #

  # We could compile the .class files with dx here

  #

  def generate_stage(opts={})

    ''

  end

  def generate_default_stage(opts={})

    ''

  end

  #

  # Used by stagers to construct the payload jar file as a String

  #

  def generate(opts={})

    generate_jar(opts).pack

  end

  def java_string(str)

    [str.length].pack("N") + str

  end

  def generate_config(opts={})

    opts[:uuid] ||= generate_payload_uuid

    ds = opts[:datastore] || datastore

    config_opts = {

      ascii_str:  true,

      arch:       opts[:uuid].arch,

      expiration: ds['SessionExpirationTimeout'].to_i,

      uuid:       opts[:uuid],

      transports: opts[:transport_config] || [transport_config(opts)],

      stageless:  opts[:stageless] == true

    }

    config = Rex::Payloads::Meterpreter::Config.new(config_opts).to_b

    flags = 0

    flags |= 1 if opts[:stageless]

    flags |= 2 if ds['AndroidMeterpreterDebug']

    flags |= 4 if ds['AndroidWakelock']

    flags |= 8 if ds['AndroidHideAppIcon']

    config[0] = flags.chr

    config

  end

  def sign_jar(jar)

    x509_name = OpenSSL::X509::Name.parse(

      "C=US/O=Android/CN=Android Debug"

    )

    key  = OpenSSL::PKey::RSA.new(2048)

    cert = OpenSSL::X509::Certificate.new

    cert.version = 2

    cert.serial = 1

    cert.subject = x509_name

    cert.issuer = x509_name

    cert.public_key = key.public_key

    # Some time within the last 3 years

    cert.not_before = Time.now - rand(3600 * 24 * 365 * 3)

    # From http://developer.android.com/tools/publishing/app-signing.html

    # """

    # A validity period of more than 25 years is recommended.

    #

    # If you plan to publish your application(s) on Google Play, note

    # that a validity period ending after 22 October 2033 is a

    # requirement. You cannot upload an application if it is signed

    # with a key whose validity expires before that date.

    # """

    #

    # 32-bit Ruby (and 64-bit Ruby on Windows) cannot deal with

    # certificate not_after times later than Jan 1st 2038, since long is 32-bit.

    # Set not_after to a random time 2~ years before the first bad date.

    #

    # FIXME: this will break again randomly starting in late 2033, hopefully

    # all 32-bit systems will be dead by then...

    #

    # The timestamp 0x78045d81 equates to 2033-10-22 00:00:01 UTC

    cert.not_after = Time.at(0x78045d81 + rand(0x7fffffff - 0x78045d81))

    # If this line is left out, signature verification fails on OSX.

    cert.sign(key, OpenSSL::Digest::SHA1.new)

    jar.sign(key, cert, [cert])

  end

  def generate_jar(opts={})

    config = generate_config(opts)

    if opts[:stageless]

      classes = MetasploitPayloads.read('android', 'meterpreter.dex')

      # Add stageless classname at offset 8000

      config += "\x00" * (8000 - config.size)

      config += 'com.metasploit.meterpreter.AndroidMeterpreter'

    else

      classes = MetasploitPayloads.read('android', 'apk', 'classes.dex')

    end

    config += "\x00" * (8195 - config.size)

    classes.gsub!("\xde\xad\xba\xad" + "\x00" * 8191, config)

    jar = Rex::Zip::Jar.new

    files = [

      [ "AndroidManifest.xml" ],

      [ "resources.arsc" ]

    ]

    jar.add_files(files, MetasploitPayloads.path("android", "apk"))

    jar.add_file("classes.dex", fix_dex_header(classes))

    jar.build_manifest

    sign_jar(jar)

    jar

  end

end

msfconsole启动失败并报错`not_after=': bignum too big to convert into `long'的解决方法的更多相关文章

  1. 输入指令npx webpack-dev-server报错:Error: Cannot find module ‘webpack-cli/bin/config-yargs‘的解决方法

    输入指令npx webpack-dev-server报错:Error: Cannot find module 'webpack-cli/bin/config-yargs'的解决方法 输入指令:npx ...

  2. mesos-master启动失败,报错Failed to load unknown flag 'quorum.rpmsave'

    [现象] mesos启动失败,查看mesos状态报错: [root@hps102 ~]# systemctl status mesos-master ● mesos-master.service - ...

  3. JMeter3.0启动日志报错WARN - org.jmeterplugins.repository.Plugin: Unable to load class解决方法

    解决方法: 通过sh find-in-jars 'HlsSampler' -d /data/apache-jmeter-3.0/lib/ext/确定这个class文件在哪个jar包 由于find-in ...

  4. npm install 报错,提示`gyp ERR! stack Error: EACCES: permission denied` 解决方法

    m install 报错,提示gyp ERR! stack Error: EACCES: permission denied 猜测可能是因为没有权限读写,ls -la看下文件权限设置情况 [root@ ...

  5. Myeclipse运行报错:an out of memory error has occurred的解决方法

    不知道怎么了,重装的myeclipse2013,里边就放了一个项目,启动myeclipse就报 an out of memory error has occurred....... 一点yes就退出 ...

  6. centos在yum install报错:Another app is currently holding the yum lock解决方法

    centos在yum install报错:Another app is currently holding the yum lock,这个问题可能是很多的新手经常遇到问题,之前也有人问我,包括本人在刚 ...

  7. Oracle 安装报错 [INS-06101] IP address of localhost could not be determined 解决方法[转]

    --安装Oracle 11gR2,报错:[INS-06101] IP address of localhost could not be determined--------------------- ...

  8. 运行python脚本时,报错InsecurePlatformWarning: A true SSLContext object is not available,解决方法

    今天,要在新环境里运行一个python脚本,遇到下面的报错: /usr/lib/python2.7/site-packages/urllib3/util/ssl_.py:160: InsecurePl ...

  9. Oracle 安装报错 [INS-06101] IP address of localhost could not be determined 解决方法

    安装Oracle 11gR2,报错:[INS-06101] IP address of localhost could not be determined 出现这种错误是因为主机名和/etc/host ...

随机推荐

  1. npm ERR! Failed at the node-sass@4.13.0 postinstall script

    node-sass 的数据源没设置 npm config set sass_binary_site=https://npm.taobao.org/mirrors/node-sass 重新 npm in ...

  2. BigDecimal精确计算工具类

    前言 在实际开发中,遇到例如货币,统计等商业计算的时候,一般需要采用java.math.BigDecimal类来进行精确计算.而这类操作通常都是可预知的,也就是通用的.所以,写了个工具类来方便以后的工 ...

  3. Linux系统的安装和常用命令

    (1)切换到目录 /usr/bin: (2)查看目录/usr/local 下所有的文件: (3)进入/usr 目录,创建一个名为 test 的目录,并查看有多少目录存在: (4)在/usr 下新建目录 ...

  4. git 流程

    1.git clone 拉取代码2.git checkout -b '分支名称' 命令意思: 创建并切换到当前新建的本地分支. 查看并创建分支,先远端,后本地.3.将本地分支和远端分之关联 git b ...

  5. Swift -POP( 面向协议编程)与OOP(面向对象编程)

    面向协议编程(Protocol Oriented Programming,简称POP),是Swift的一种编程范式,Apple于2015年WWDC提出的,如果大家看Swift的标准库,就会看到大量PO ...

  6. Node.js---起步

    1.下载--安装 2.创建js文件 var http = require('http'); var url=require('url'); //引入url 模块,帮助解析 var querystrin ...

  7. H5网页布局+css代码美化

    HTML5的结构化标签,对搜索引擎更友好 li 标签对不利于搜索引擎的收录,尽量少用 banner图片一般拥有版权,不需要搜索引擎收录,因此可以使用ul + li <samp></s ...

  8. HTML表单概念、语法及创建表单,案例

    form 标签 Input标签的type属性值 单行文本域 <input type="text" /> 图像域(图像提交按钮) 下拉菜单和列表标签 select 标签属 ...

  9. opencv —— 官方 示例程序

    OpenCV 官方提供的示例程序,具体位于...\opencv\sources\samples\cpp 目录下. ...\opencv\sources\samples\cpp\tutorial_cod ...

  10. Qt的qDebug()改写为cout

    经常用c++,qDebug()用的不习惯,将其改为cout,并且为了方便调试,还添加了文件名及行号. 代码如下: // __FILE__文件名,__LINE__行号,如果想看时间还可以添加__TIME ...