1、启动msfconsole失败并报如下错误:

/usr/share/metasploit-framework/lib/msf/core/payload/android.rb:86:in `not_after=': bignum too big to convert into `long' (RangeError)

    from /usr/share/metasploit-framework/lib/msf/core/payload/android.rb:86:in `sign_jar'

    from /usr/share/metasploit-framework/lib/msf/core/payload/android.rb:117:in `generate_jar'

    from /usr/share/metasploit-framework/modules/payloads/singles/android/meterpreter_reverse_tcp.rb:44:in `generate_jar'

    from /usr/share/metasploit-framework/lib/msf/core/payload/android.rb:38:in `generate'

    from /usr/share/metasploit-framework/lib/msf/core/payload.rb:204:in `size'

    from /usr/share/metasploit-framework/lib/msf/core/payload_set.rb:91:in `block in recalculate'

    from /usr/share/metasploit-framework/lib/msf/core/payload_set.rb:78:in `each_pair'

    from /usr/share/metasploit-framework/lib/msf/core/payload_set.rb:78:in `recalculate'

    from /usr/share/metasploit-framework/lib/msf/core/modules/loader/base.rb:250:in `block in load_modules'

    from /usr/share/metasploit-framework/lib/msf/core/modules/loader/base.rb:247:in `each'

    from /usr/share/metasploit-framework/lib/msf/core/modules/loader/base.rb:247:in `load_modules'

    from /usr/share/metasploit-framework/lib/msf/core/module_manager/loading.rb:119:in `block in load_modules'

    from /usr/share/metasploit-framework/lib/msf/core/module_manager/loading.rb:117:in `each'

    from /usr/share/metasploit-framework/lib/msf/core/module_manager/loading.rb:117:in `load_modules'

    from /usr/share/metasploit-framework/lib/msf/core/module_manager/module_paths.rb:41:in `block in add_module_path'

    from /usr/share/metasploit-framework/lib/msf/core/module_manager/module_paths.rb:40:in `each'

    from /usr/share/metasploit-framework/lib/msf/core/module_manager/module_paths.rb:40:in `add_module_path'

    from /usr/share/metasploit-framework/lib/msf/base/simple/framework/module_paths.rb:50:in `block in init_module_paths'

    from /usr/share/metasploit-framework/lib/msf/base/simple/framework/module_paths.rb:49:in `each'

    from /usr/share/metasploit-framework/lib/msf/base/simple/framework/module_paths.rb:49:in `init_module_paths'

    from /usr/share/metasploit-framework/lib/msf/ui/console/driver.rb:219:in `initialize'

    from /usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:62:in `new'

    from /usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:62:in `driver'

    from /usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:48:in `start'

    from /usr/share/metasploit-framework/lib/metasploit/framework/command/base.rb:82:in `start'

    from /usr/bin/msfconsole:48:in `<main>'

2、修改android.rb文件

vi /usr/share/metasploit-framework/lib/msf/core/payload/android.rb

将其替换成

# -*- coding: binary -*-

require 'msf/core'

require 'msf/core/payload/uuid/options'

require 'msf/core/payload/transport_config'

require 'rex/payloads/meterpreter/config'

module Msf::Payload::Android

  include Msf::Payload::TransportConfig

  include Msf::Payload::UUID::Options

  #

  # Fix the dex header checksum and signature

  # http://source.android.com/tech/dalvik/dex-format.html

  #

  def fix_dex_header(dexfile)

    dexfile = dexfile.unpack('a8LH40a*')

    dexfile[2] = Digest::SHA1.hexdigest(dexfile[3])

    dexfile[1] = Zlib.adler32(dexfile[2..-1].pack('H40a*'))

    dexfile.pack('a8LH40a*')

  end

  #

  # We could compile the .class files with dx here

  #

  def generate_stage(opts={})

    ''

  end

  def generate_default_stage(opts={})

    ''

  end

  #

  # Used by stagers to construct the payload jar file as a String

  #

  def generate(opts={})

    generate_jar(opts).pack

  end

  def java_string(str)

    [str.length].pack("N") + str

  end

  def generate_config(opts={})

    opts[:uuid] ||= generate_payload_uuid

    ds = opts[:datastore] || datastore

    config_opts = {

      ascii_str:  true,

      arch:       opts[:uuid].arch,

      expiration: ds['SessionExpirationTimeout'].to_i,

      uuid:       opts[:uuid],

      transports: opts[:transport_config] || [transport_config(opts)],

      stageless:  opts[:stageless] == true

    }

    config = Rex::Payloads::Meterpreter::Config.new(config_opts).to_b

    flags = 0

    flags |= 1 if opts[:stageless]

    flags |= 2 if ds['AndroidMeterpreterDebug']

    flags |= 4 if ds['AndroidWakelock']

    flags |= 8 if ds['AndroidHideAppIcon']

    config[0] = flags.chr

    config

  end

  def sign_jar(jar)

    x509_name = OpenSSL::X509::Name.parse(

      "C=US/O=Android/CN=Android Debug"

    )

    key  = OpenSSL::PKey::RSA.new(2048)

    cert = OpenSSL::X509::Certificate.new

    cert.version = 2

    cert.serial = 1

    cert.subject = x509_name

    cert.issuer = x509_name

    cert.public_key = key.public_key

    # Some time within the last 3 years

    cert.not_before = Time.now - rand(3600 * 24 * 365 * 3)

    # From http://developer.android.com/tools/publishing/app-signing.html

    # """

    # A validity period of more than 25 years is recommended.

    #

    # If you plan to publish your application(s) on Google Play, note

    # that a validity period ending after 22 October 2033 is a

    # requirement. You cannot upload an application if it is signed

    # with a key whose validity expires before that date.

    # """

    #

    # 32-bit Ruby (and 64-bit Ruby on Windows) cannot deal with

    # certificate not_after times later than Jan 1st 2038, since long is 32-bit.

    # Set not_after to a random time 2~ years before the first bad date.

    #

    # FIXME: this will break again randomly starting in late 2033, hopefully

    # all 32-bit systems will be dead by then...

    #

    # The timestamp 0x78045d81 equates to 2033-10-22 00:00:01 UTC

    cert.not_after = Time.at(0x78045d81 + rand(0x7fffffff - 0x78045d81))

    # If this line is left out, signature verification fails on OSX.

    cert.sign(key, OpenSSL::Digest::SHA1.new)

    jar.sign(key, cert, [cert])

  end

  def generate_jar(opts={})

    config = generate_config(opts)

    if opts[:stageless]

      classes = MetasploitPayloads.read('android', 'meterpreter.dex')

      # Add stageless classname at offset 8000

      config += "\x00" * (8000 - config.size)

      config += 'com.metasploit.meterpreter.AndroidMeterpreter'

    else

      classes = MetasploitPayloads.read('android', 'apk', 'classes.dex')

    end

    config += "\x00" * (8195 - config.size)

    classes.gsub!("\xde\xad\xba\xad" + "\x00" * 8191, config)

    jar = Rex::Zip::Jar.new

    files = [

      [ "AndroidManifest.xml" ],

      [ "resources.arsc" ]

    ]

    jar.add_files(files, MetasploitPayloads.path("android", "apk"))

    jar.add_file("classes.dex", fix_dex_header(classes))

    jar.build_manifest

    sign_jar(jar)

    jar

  end

end

msfconsole启动失败并报错`not_after=': bignum too big to convert into `long'的解决方法的更多相关文章

  1. 输入指令npx webpack-dev-server报错:Error: Cannot find module ‘webpack-cli/bin/config-yargs‘的解决方法

    输入指令npx webpack-dev-server报错:Error: Cannot find module 'webpack-cli/bin/config-yargs'的解决方法 输入指令:npx ...

  2. mesos-master启动失败,报错Failed to load unknown flag 'quorum.rpmsave'

    [现象] mesos启动失败,查看mesos状态报错: [root@hps102 ~]# systemctl status mesos-master ● mesos-master.service - ...

  3. JMeter3.0启动日志报错WARN - org.jmeterplugins.repository.Plugin: Unable to load class解决方法

    解决方法: 通过sh find-in-jars 'HlsSampler' -d /data/apache-jmeter-3.0/lib/ext/确定这个class文件在哪个jar包 由于find-in ...

  4. npm install 报错,提示`gyp ERR! stack Error: EACCES: permission denied` 解决方法

    m install 报错,提示gyp ERR! stack Error: EACCES: permission denied 猜测可能是因为没有权限读写,ls -la看下文件权限设置情况 [root@ ...

  5. Myeclipse运行报错:an out of memory error has occurred的解决方法

    不知道怎么了,重装的myeclipse2013,里边就放了一个项目,启动myeclipse就报 an out of memory error has occurred....... 一点yes就退出 ...

  6. centos在yum install报错:Another app is currently holding the yum lock解决方法

    centos在yum install报错:Another app is currently holding the yum lock,这个问题可能是很多的新手经常遇到问题,之前也有人问我,包括本人在刚 ...

  7. Oracle 安装报错 [INS-06101] IP address of localhost could not be determined 解决方法[转]

    --安装Oracle 11gR2,报错:[INS-06101] IP address of localhost could not be determined--------------------- ...

  8. 运行python脚本时,报错InsecurePlatformWarning: A true SSLContext object is not available,解决方法

    今天,要在新环境里运行一个python脚本,遇到下面的报错: /usr/lib/python2.7/site-packages/urllib3/util/ssl_.py:160: InsecurePl ...

  9. Oracle 安装报错 [INS-06101] IP address of localhost could not be determined 解决方法

    安装Oracle 11gR2,报错:[INS-06101] IP address of localhost could not be determined 出现这种错误是因为主机名和/etc/host ...

随机推荐

  1. 使用CSV Data Set Config配置原件,参数化数据

    对接口数据的参数化方式大概有三种方式,1:jmeter内置函数:2:借助CSV Data Set Config配置原件:3:jdbc连接数据库,使用数据表字段 此处主要讲第二种:借助CSV Data ...

  2. Kafka消费者没有收到通知的分析

    今天遇到两位三方人员跟我反馈,某微服务的异步接口功能不正常了,由于该异步接口采用Kafka异步消息的方案,对方说没有收到Kafka给消费者的通知,根据此问题,联系了相关人员进行了分析: (一)明确环境 ...

  3. beego orm的使用

    在使用beego model 去操作数据库时 有一些疑惑  找到了一个比较好的博文 原文地址 : https://my.oschina.net/u/252343/blog/829912 (Kelvin ...

  4. css基础-css选择器和css文本样式相关

    css基础-css选择器和css文本样式相关: 使用link链入外部样式,页面加载时会同时加载样式 @import url(“*.css”);使用导入式,页面加载完后,才会加载样式 链接伪类的顺序 : ...

  5. java 实现大顶堆

    Java实现堆排序(大根堆)   堆排序是一种树形选择排序方法,它的特点是:在排序的过程中,将array[0,...,n-1]看成是一颗完全二叉树的顺序存储结构,利用完全二叉树中双亲节点和孩子结点之间 ...

  6. JSP+Servlet+Ajax实现用户增删改查的例子

    一.数据库设计 用户表User 已有的测试数据 二.Java代码编写 Java EE的架构一般分为以下五层: ①.Domain ②.DAO ③.Service ④.Controller ⑤.View ...

  7. JS中BOM操作知识点

    JS BOM window对象 全局变量和全局方法都归在window上 alert-comfirm-prompt 让alert .confirm等弹出框上的提示文字实现换行:\n // confirm ...

  8. P5163 WD与地图 [整体二分,强连通分量,线段树合并]

    首先不用说,倒着操作.整体二分来做强连通分量,然后线段树合并,这题就做完了. // powered by c++11 // by Isaunoya #include <bits/stdc++.h ...

  9. 【巨杉数据库SequoiaDB】为“战疫” 保驾护航,巨杉在行动

    2020年,我们经历了一个不平静的新春,在这场大的“战疫”中,巨杉数据库也积极响应号召,勇于承担新一代科技企业的社会担当,用自己的行动助力这场疫情防控阻击战! 赋能“战疫”快速响应 巨杉数据库目前服务 ...

  10. 巨杉数据库SequoiaDB】巨杉Tech | SequoiaDB 分布式事务实现原理简介

    1 分布式事务背景 随着分布式数据库技术的发展越来越成熟,业内对于分布式数据库的要求也由曾经只用满足解决海量数据的存储和读取这类边缘业务向核心交易业务转变.分布式数据库如果要满足核心账务类交易需求,则 ...