1、启动msfconsole失败并报如下错误:

/usr/share/metasploit-framework/lib/msf/core/payload/android.rb:86:in `not_after=': bignum too big to convert into `long' (RangeError)

    from /usr/share/metasploit-framework/lib/msf/core/payload/android.rb:86:in `sign_jar'

    from /usr/share/metasploit-framework/lib/msf/core/payload/android.rb:117:in `generate_jar'

    from /usr/share/metasploit-framework/modules/payloads/singles/android/meterpreter_reverse_tcp.rb:44:in `generate_jar'

    from /usr/share/metasploit-framework/lib/msf/core/payload/android.rb:38:in `generate'

    from /usr/share/metasploit-framework/lib/msf/core/payload.rb:204:in `size'

    from /usr/share/metasploit-framework/lib/msf/core/payload_set.rb:91:in `block in recalculate'

    from /usr/share/metasploit-framework/lib/msf/core/payload_set.rb:78:in `each_pair'

    from /usr/share/metasploit-framework/lib/msf/core/payload_set.rb:78:in `recalculate'

    from /usr/share/metasploit-framework/lib/msf/core/modules/loader/base.rb:250:in `block in load_modules'

    from /usr/share/metasploit-framework/lib/msf/core/modules/loader/base.rb:247:in `each'

    from /usr/share/metasploit-framework/lib/msf/core/modules/loader/base.rb:247:in `load_modules'

    from /usr/share/metasploit-framework/lib/msf/core/module_manager/loading.rb:119:in `block in load_modules'

    from /usr/share/metasploit-framework/lib/msf/core/module_manager/loading.rb:117:in `each'

    from /usr/share/metasploit-framework/lib/msf/core/module_manager/loading.rb:117:in `load_modules'

    from /usr/share/metasploit-framework/lib/msf/core/module_manager/module_paths.rb:41:in `block in add_module_path'

    from /usr/share/metasploit-framework/lib/msf/core/module_manager/module_paths.rb:40:in `each'

    from /usr/share/metasploit-framework/lib/msf/core/module_manager/module_paths.rb:40:in `add_module_path'

    from /usr/share/metasploit-framework/lib/msf/base/simple/framework/module_paths.rb:50:in `block in init_module_paths'

    from /usr/share/metasploit-framework/lib/msf/base/simple/framework/module_paths.rb:49:in `each'

    from /usr/share/metasploit-framework/lib/msf/base/simple/framework/module_paths.rb:49:in `init_module_paths'

    from /usr/share/metasploit-framework/lib/msf/ui/console/driver.rb:219:in `initialize'

    from /usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:62:in `new'

    from /usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:62:in `driver'

    from /usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:48:in `start'

    from /usr/share/metasploit-framework/lib/metasploit/framework/command/base.rb:82:in `start'

    from /usr/bin/msfconsole:48:in `<main>'

2、修改android.rb文件

vi /usr/share/metasploit-framework/lib/msf/core/payload/android.rb

将其替换成

# -*- coding: binary -*-

require 'msf/core'

require 'msf/core/payload/uuid/options'

require 'msf/core/payload/transport_config'

require 'rex/payloads/meterpreter/config'

module Msf::Payload::Android

  include Msf::Payload::TransportConfig

  include Msf::Payload::UUID::Options

  #

  # Fix the dex header checksum and signature

  # http://source.android.com/tech/dalvik/dex-format.html

  #

  def fix_dex_header(dexfile)

    dexfile = dexfile.unpack('a8LH40a*')

    dexfile[2] = Digest::SHA1.hexdigest(dexfile[3])

    dexfile[1] = Zlib.adler32(dexfile[2..-1].pack('H40a*'))

    dexfile.pack('a8LH40a*')

  end

  #

  # We could compile the .class files with dx here

  #

  def generate_stage(opts={})

    ''

  end

  def generate_default_stage(opts={})

    ''

  end

  #

  # Used by stagers to construct the payload jar file as a String

  #

  def generate(opts={})

    generate_jar(opts).pack

  end

  def java_string(str)

    [str.length].pack("N") + str

  end

  def generate_config(opts={})

    opts[:uuid] ||= generate_payload_uuid

    ds = opts[:datastore] || datastore

    config_opts = {

      ascii_str:  true,

      arch:       opts[:uuid].arch,

      expiration: ds['SessionExpirationTimeout'].to_i,

      uuid:       opts[:uuid],

      transports: opts[:transport_config] || [transport_config(opts)],

      stageless:  opts[:stageless] == true

    }

    config = Rex::Payloads::Meterpreter::Config.new(config_opts).to_b

    flags = 0

    flags |= 1 if opts[:stageless]

    flags |= 2 if ds['AndroidMeterpreterDebug']

    flags |= 4 if ds['AndroidWakelock']

    flags |= 8 if ds['AndroidHideAppIcon']

    config[0] = flags.chr

    config

  end

  def sign_jar(jar)

    x509_name = OpenSSL::X509::Name.parse(

      "C=US/O=Android/CN=Android Debug"

    )

    key  = OpenSSL::PKey::RSA.new(2048)

    cert = OpenSSL::X509::Certificate.new

    cert.version = 2

    cert.serial = 1

    cert.subject = x509_name

    cert.issuer = x509_name

    cert.public_key = key.public_key

    # Some time within the last 3 years

    cert.not_before = Time.now - rand(3600 * 24 * 365 * 3)

    # From http://developer.android.com/tools/publishing/app-signing.html

    # """

    # A validity period of more than 25 years is recommended.

    #

    # If you plan to publish your application(s) on Google Play, note

    # that a validity period ending after 22 October 2033 is a

    # requirement. You cannot upload an application if it is signed

    # with a key whose validity expires before that date.

    # """

    #

    # 32-bit Ruby (and 64-bit Ruby on Windows) cannot deal with

    # certificate not_after times later than Jan 1st 2038, since long is 32-bit.

    # Set not_after to a random time 2~ years before the first bad date.

    #

    # FIXME: this will break again randomly starting in late 2033, hopefully

    # all 32-bit systems will be dead by then...

    #

    # The timestamp 0x78045d81 equates to 2033-10-22 00:00:01 UTC

    cert.not_after = Time.at(0x78045d81 + rand(0x7fffffff - 0x78045d81))

    # If this line is left out, signature verification fails on OSX.

    cert.sign(key, OpenSSL::Digest::SHA1.new)

    jar.sign(key, cert, [cert])

  end

  def generate_jar(opts={})

    config = generate_config(opts)

    if opts[:stageless]

      classes = MetasploitPayloads.read('android', 'meterpreter.dex')

      # Add stageless classname at offset 8000

      config += "\x00" * (8000 - config.size)

      config += 'com.metasploit.meterpreter.AndroidMeterpreter'

    else

      classes = MetasploitPayloads.read('android', 'apk', 'classes.dex')

    end

    config += "\x00" * (8195 - config.size)

    classes.gsub!("\xde\xad\xba\xad" + "\x00" * 8191, config)

    jar = Rex::Zip::Jar.new

    files = [

      [ "AndroidManifest.xml" ],

      [ "resources.arsc" ]

    ]

    jar.add_files(files, MetasploitPayloads.path("android", "apk"))

    jar.add_file("classes.dex", fix_dex_header(classes))

    jar.build_manifest

    sign_jar(jar)

    jar

  end

end

msfconsole启动失败并报错`not_after=': bignum too big to convert into `long'的解决方法的更多相关文章

  1. 输入指令npx webpack-dev-server报错:Error: Cannot find module ‘webpack-cli/bin/config-yargs‘的解决方法

    输入指令npx webpack-dev-server报错:Error: Cannot find module 'webpack-cli/bin/config-yargs'的解决方法 输入指令:npx ...

  2. mesos-master启动失败,报错Failed to load unknown flag 'quorum.rpmsave'

    [现象] mesos启动失败,查看mesos状态报错: [root@hps102 ~]# systemctl status mesos-master ● mesos-master.service - ...

  3. JMeter3.0启动日志报错WARN - org.jmeterplugins.repository.Plugin: Unable to load class解决方法

    解决方法: 通过sh find-in-jars 'HlsSampler' -d /data/apache-jmeter-3.0/lib/ext/确定这个class文件在哪个jar包 由于find-in ...

  4. npm install 报错,提示`gyp ERR! stack Error: EACCES: permission denied` 解决方法

    m install 报错,提示gyp ERR! stack Error: EACCES: permission denied 猜测可能是因为没有权限读写,ls -la看下文件权限设置情况 [root@ ...

  5. Myeclipse运行报错:an out of memory error has occurred的解决方法

    不知道怎么了,重装的myeclipse2013,里边就放了一个项目,启动myeclipse就报 an out of memory error has occurred....... 一点yes就退出 ...

  6. centos在yum install报错:Another app is currently holding the yum lock解决方法

    centos在yum install报错:Another app is currently holding the yum lock,这个问题可能是很多的新手经常遇到问题,之前也有人问我,包括本人在刚 ...

  7. Oracle 安装报错 [INS-06101] IP address of localhost could not be determined 解决方法[转]

    --安装Oracle 11gR2,报错:[INS-06101] IP address of localhost could not be determined--------------------- ...

  8. 运行python脚本时,报错InsecurePlatformWarning: A true SSLContext object is not available,解决方法

    今天,要在新环境里运行一个python脚本,遇到下面的报错: /usr/lib/python2.7/site-packages/urllib3/util/ssl_.py:160: InsecurePl ...

  9. Oracle 安装报错 [INS-06101] IP address of localhost could not be determined 解决方法

    安装Oracle 11gR2,报错:[INS-06101] IP address of localhost could not be determined 出现这种错误是因为主机名和/etc/host ...

随机推荐

  1. mysql常见问题解决方案

    属性顺序错误 一般情况下字段类型要放在前面,限制参数放在后面,UNSIGNEDZEROFILL 之间没有先后顺序,主键 KEY 和 auto_increment 要放在UNSIGNED ZEROFIL ...

  2. CF1311E Construct the Binary Tree

    膜这场比赛的 \(rk1\) \(\color{black}A\color{red}{lex\_Wei}\) 这题应该是这场比赛最难的题了 容易发现,二叉树的下一层不会超过这一层的 \(2\) 倍,所 ...

  3. C语言再学习part2-重新认识C语言词汇

    迷阳迷阳,无伤吾行.无行郗曲,无伤吾足.—庄子 C语言词汇: 标识符 在程序中的变量名.函数名.标号等等成为标识符.其中标识符相在C中只能是字母A~Z,a~z,数字0~9,下划线(_)组成的字符串,并 ...

  4. Linux systemctl系统工具常用总结(详)

    systemctl是一个系统自带的服务管理工具,可以管理系统的服务的,启动.停止.重启.自启.监视.也可以对脚本程序后台运行管理. 文章以nginx.service举例 基础命令: systemctl ...

  5. Selenium实战(七)——自动发送邮件

    SMPT(Simple Mail Transfer Protocol)简单邮件传输协议,是一组由源地址到目的地址传送邮件的规则,可以控制信件的中转方式.Python的smptlib模块提供了简单的AP ...

  6. demo Django-基础书籍添加删除(单表)

    小demo使用---- 1.pycharm-2019.2 2.python-3.7.2 3.mysql-5.7.25 4.django-2.2.4 使用过程中的一些注意事项和出现的常见错误的解决地址 ...

  7. HTML5存储(带一个粗糙的打怪小游戏案例)

    本地存储localStorage设置存储内容setItem(key,value) localStorage.setItem('leo','23'); 更新存储内容对象[key]=value对象.key ...

  8. 使用nginx代理gogs遇到推送代码错误的问题(RPC failed; HTTP 413 curl 22 The requested URL returned error: 413)

    前提 代码管理我是用Gogs.Git,前些阵子使用Nginx将git.balabiu.com反向代理到了Gogs的默认端口,其他二级域名准备做其他使用, 导致上报代码出现了错误. 问题 推送代码报错误 ...

  9. cf1266D

    注意到每一个的点出入流是不会变的,因此本质是让构造一张图满足这个出入流并且边上的流量之和最少,显然流量是平衡的,也就是所有节点的出入流之和为0 因此我们可以直接暴力的选择让负数点向正数点连边,连之后就 ...

  10. python计算文件大小

    1.使用到的语句 import os 库 os.listdir(path) 返回文件名字符串列表 os.path.isdir(path) 判断文件名是否是文件夹 os.path.getsize(pat ...