1、启动msfconsole失败并报如下错误:

/usr/share/metasploit-framework/lib/msf/core/payload/android.rb:86:in `not_after=': bignum too big to convert into `long' (RangeError)

    from /usr/share/metasploit-framework/lib/msf/core/payload/android.rb:86:in `sign_jar'

    from /usr/share/metasploit-framework/lib/msf/core/payload/android.rb:117:in `generate_jar'

    from /usr/share/metasploit-framework/modules/payloads/singles/android/meterpreter_reverse_tcp.rb:44:in `generate_jar'

    from /usr/share/metasploit-framework/lib/msf/core/payload/android.rb:38:in `generate'

    from /usr/share/metasploit-framework/lib/msf/core/payload.rb:204:in `size'

    from /usr/share/metasploit-framework/lib/msf/core/payload_set.rb:91:in `block in recalculate'

    from /usr/share/metasploit-framework/lib/msf/core/payload_set.rb:78:in `each_pair'

    from /usr/share/metasploit-framework/lib/msf/core/payload_set.rb:78:in `recalculate'

    from /usr/share/metasploit-framework/lib/msf/core/modules/loader/base.rb:250:in `block in load_modules'

    from /usr/share/metasploit-framework/lib/msf/core/modules/loader/base.rb:247:in `each'

    from /usr/share/metasploit-framework/lib/msf/core/modules/loader/base.rb:247:in `load_modules'

    from /usr/share/metasploit-framework/lib/msf/core/module_manager/loading.rb:119:in `block in load_modules'

    from /usr/share/metasploit-framework/lib/msf/core/module_manager/loading.rb:117:in `each'

    from /usr/share/metasploit-framework/lib/msf/core/module_manager/loading.rb:117:in `load_modules'

    from /usr/share/metasploit-framework/lib/msf/core/module_manager/module_paths.rb:41:in `block in add_module_path'

    from /usr/share/metasploit-framework/lib/msf/core/module_manager/module_paths.rb:40:in `each'

    from /usr/share/metasploit-framework/lib/msf/core/module_manager/module_paths.rb:40:in `add_module_path'

    from /usr/share/metasploit-framework/lib/msf/base/simple/framework/module_paths.rb:50:in `block in init_module_paths'

    from /usr/share/metasploit-framework/lib/msf/base/simple/framework/module_paths.rb:49:in `each'

    from /usr/share/metasploit-framework/lib/msf/base/simple/framework/module_paths.rb:49:in `init_module_paths'

    from /usr/share/metasploit-framework/lib/msf/ui/console/driver.rb:219:in `initialize'

    from /usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:62:in `new'

    from /usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:62:in `driver'

    from /usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:48:in `start'

    from /usr/share/metasploit-framework/lib/metasploit/framework/command/base.rb:82:in `start'

    from /usr/bin/msfconsole:48:in `<main>'

2、修改android.rb文件

vi /usr/share/metasploit-framework/lib/msf/core/payload/android.rb

将其替换成

# -*- coding: binary -*-

require 'msf/core'

require 'msf/core/payload/uuid/options'

require 'msf/core/payload/transport_config'

require 'rex/payloads/meterpreter/config'

module Msf::Payload::Android

  include Msf::Payload::TransportConfig

  include Msf::Payload::UUID::Options

  #

  # Fix the dex header checksum and signature

  # http://source.android.com/tech/dalvik/dex-format.html

  #

  def fix_dex_header(dexfile)

    dexfile = dexfile.unpack('a8LH40a*')

    dexfile[2] = Digest::SHA1.hexdigest(dexfile[3])

    dexfile[1] = Zlib.adler32(dexfile[2..-1].pack('H40a*'))

    dexfile.pack('a8LH40a*')

  end

  #

  # We could compile the .class files with dx here

  #

  def generate_stage(opts={})

    ''

  end

  def generate_default_stage(opts={})

    ''

  end

  #

  # Used by stagers to construct the payload jar file as a String

  #

  def generate(opts={})

    generate_jar(opts).pack

  end

  def java_string(str)

    [str.length].pack("N") + str

  end

  def generate_config(opts={})

    opts[:uuid] ||= generate_payload_uuid

    ds = opts[:datastore] || datastore

    config_opts = {

      ascii_str:  true,

      arch:       opts[:uuid].arch,

      expiration: ds['SessionExpirationTimeout'].to_i,

      uuid:       opts[:uuid],

      transports: opts[:transport_config] || [transport_config(opts)],

      stageless:  opts[:stageless] == true

    }

    config = Rex::Payloads::Meterpreter::Config.new(config_opts).to_b

    flags = 0

    flags |= 1 if opts[:stageless]

    flags |= 2 if ds['AndroidMeterpreterDebug']

    flags |= 4 if ds['AndroidWakelock']

    flags |= 8 if ds['AndroidHideAppIcon']

    config[0] = flags.chr

    config

  end

  def sign_jar(jar)

    x509_name = OpenSSL::X509::Name.parse(

      "C=US/O=Android/CN=Android Debug"

    )

    key  = OpenSSL::PKey::RSA.new(2048)

    cert = OpenSSL::X509::Certificate.new

    cert.version = 2

    cert.serial = 1

    cert.subject = x509_name

    cert.issuer = x509_name

    cert.public_key = key.public_key

    # Some time within the last 3 years

    cert.not_before = Time.now - rand(3600 * 24 * 365 * 3)

    # From http://developer.android.com/tools/publishing/app-signing.html

    # """

    # A validity period of more than 25 years is recommended.

    #

    # If you plan to publish your application(s) on Google Play, note

    # that a validity period ending after 22 October 2033 is a

    # requirement. You cannot upload an application if it is signed

    # with a key whose validity expires before that date.

    # """

    #

    # 32-bit Ruby (and 64-bit Ruby on Windows) cannot deal with

    # certificate not_after times later than Jan 1st 2038, since long is 32-bit.

    # Set not_after to a random time 2~ years before the first bad date.

    #

    # FIXME: this will break again randomly starting in late 2033, hopefully

    # all 32-bit systems will be dead by then...

    #

    # The timestamp 0x78045d81 equates to 2033-10-22 00:00:01 UTC

    cert.not_after = Time.at(0x78045d81 + rand(0x7fffffff - 0x78045d81))

    # If this line is left out, signature verification fails on OSX.

    cert.sign(key, OpenSSL::Digest::SHA1.new)

    jar.sign(key, cert, [cert])

  end

  def generate_jar(opts={})

    config = generate_config(opts)

    if opts[:stageless]

      classes = MetasploitPayloads.read('android', 'meterpreter.dex')

      # Add stageless classname at offset 8000

      config += "\x00" * (8000 - config.size)

      config += 'com.metasploit.meterpreter.AndroidMeterpreter'

    else

      classes = MetasploitPayloads.read('android', 'apk', 'classes.dex')

    end

    config += "\x00" * (8195 - config.size)

    classes.gsub!("\xde\xad\xba\xad" + "\x00" * 8191, config)

    jar = Rex::Zip::Jar.new

    files = [

      [ "AndroidManifest.xml" ],

      [ "resources.arsc" ]

    ]

    jar.add_files(files, MetasploitPayloads.path("android", "apk"))

    jar.add_file("classes.dex", fix_dex_header(classes))

    jar.build_manifest

    sign_jar(jar)

    jar

  end

end

msfconsole启动失败并报错`not_after=': bignum too big to convert into `long'的解决方法的更多相关文章

  1. 输入指令npx webpack-dev-server报错:Error: Cannot find module ‘webpack-cli/bin/config-yargs‘的解决方法

    输入指令npx webpack-dev-server报错:Error: Cannot find module 'webpack-cli/bin/config-yargs'的解决方法 输入指令:npx ...

  2. mesos-master启动失败,报错Failed to load unknown flag 'quorum.rpmsave'

    [现象] mesos启动失败,查看mesos状态报错: [root@hps102 ~]# systemctl status mesos-master ● mesos-master.service - ...

  3. JMeter3.0启动日志报错WARN - org.jmeterplugins.repository.Plugin: Unable to load class解决方法

    解决方法: 通过sh find-in-jars 'HlsSampler' -d /data/apache-jmeter-3.0/lib/ext/确定这个class文件在哪个jar包 由于find-in ...

  4. npm install 报错,提示`gyp ERR! stack Error: EACCES: permission denied` 解决方法

    m install 报错,提示gyp ERR! stack Error: EACCES: permission denied 猜测可能是因为没有权限读写,ls -la看下文件权限设置情况 [root@ ...

  5. Myeclipse运行报错:an out of memory error has occurred的解决方法

    不知道怎么了,重装的myeclipse2013,里边就放了一个项目,启动myeclipse就报 an out of memory error has occurred....... 一点yes就退出 ...

  6. centos在yum install报错:Another app is currently holding the yum lock解决方法

    centos在yum install报错:Another app is currently holding the yum lock,这个问题可能是很多的新手经常遇到问题,之前也有人问我,包括本人在刚 ...

  7. Oracle 安装报错 [INS-06101] IP address of localhost could not be determined 解决方法[转]

    --安装Oracle 11gR2,报错:[INS-06101] IP address of localhost could not be determined--------------------- ...

  8. 运行python脚本时,报错InsecurePlatformWarning: A true SSLContext object is not available,解决方法

    今天,要在新环境里运行一个python脚本,遇到下面的报错: /usr/lib/python2.7/site-packages/urllib3/util/ssl_.py:160: InsecurePl ...

  9. Oracle 安装报错 [INS-06101] IP address of localhost could not be determined 解决方法

    安装Oracle 11gR2,报错:[INS-06101] IP address of localhost could not be determined 出现这种错误是因为主机名和/etc/host ...

随机推荐

  1. Android在Activity中与Fragment中创建自定义菜单的区别

    区别就在这里,Activity中添加菜单要这样: public boolean onCreateOptionsMenu(Menu menu) { getMenuInflater().inflate(R ...

  2. Node.js核心模块-net

    net.Socket 类 socket.remotePort 访问服务器的远程端口 const http = require('http'); const server = http.createSe ...

  3. vue(四)--属性绑定

    v-bind通过v-bind进行属性绑定v-bind:href, 可以简写成 :href <body> <div id="app"> <a v-bin ...

  4. 【redis】spring boot利用redis的Keyspace Notifications实现消息通知

    前言 需求:当redis中的某个key失效的时候,把失效时的value写入数据库. github: https://github.com/vergilyn/RedisSamples 1.修改redis ...

  5. C# sqlite 事务提交多个语句,提升插入速度

    private SQLiteConnection connection; private SQLiteCommand command; private SQLiteTransaction transa ...

  6. Docker入门(windows安装)

    Docker入门(安装)Docker是一种轻量级容器技术,实际中直接运行在当前操作系统(Linux)上,而不是虚拟机中.PaaS提供了存储,数据库,网络,负载均衡,自动扩展等功能,Docker云平台就 ...

  7. WPF 释放嵌入资源

    资源文件名称:默认命名空间.文件名 || 默认命名空间.文件夹名.文件名 /// <summary> /// 提取文件 /// </summary> /// <param ...

  8. Jquery实现挂号平台首页源码2

    第二个版本:点击预约挂号可跳转到排班表,获取之后7个星期的排班 先放图 首先是index.html <!DOCTYPE html> <html lang="en" ...

  9. nunjucks模板设计一个页面

    使用nunjucks代替原来的ejs,因为这个更强大,是node中主流的模板引擎 nunjucks官网 配置使用 nunjucks 模板引擎 nunjucks 模板引擎没有对模板文件名的后缀名做特定限 ...

  10. 解决NahimicSvc32.exe与bilibili直播姬的音频不兼容的问题

    某次测试哔哩哔哩直播姬的时候发现系统声音采集异常的错误 NahimicSvc32.exe是NahimicService下的程序,奇怪的是我的本本所有硬件没有一个微星有关系,怎么就装上了微星的服务程序? ...