1、启动msfconsole失败并报如下错误:

/usr/share/metasploit-framework/lib/msf/core/payload/android.rb:86:in `not_after=': bignum too big to convert into `long' (RangeError)

    from /usr/share/metasploit-framework/lib/msf/core/payload/android.rb:86:in `sign_jar'

    from /usr/share/metasploit-framework/lib/msf/core/payload/android.rb:117:in `generate_jar'

    from /usr/share/metasploit-framework/modules/payloads/singles/android/meterpreter_reverse_tcp.rb:44:in `generate_jar'

    from /usr/share/metasploit-framework/lib/msf/core/payload/android.rb:38:in `generate'

    from /usr/share/metasploit-framework/lib/msf/core/payload.rb:204:in `size'

    from /usr/share/metasploit-framework/lib/msf/core/payload_set.rb:91:in `block in recalculate'

    from /usr/share/metasploit-framework/lib/msf/core/payload_set.rb:78:in `each_pair'

    from /usr/share/metasploit-framework/lib/msf/core/payload_set.rb:78:in `recalculate'

    from /usr/share/metasploit-framework/lib/msf/core/modules/loader/base.rb:250:in `block in load_modules'

    from /usr/share/metasploit-framework/lib/msf/core/modules/loader/base.rb:247:in `each'

    from /usr/share/metasploit-framework/lib/msf/core/modules/loader/base.rb:247:in `load_modules'

    from /usr/share/metasploit-framework/lib/msf/core/module_manager/loading.rb:119:in `block in load_modules'

    from /usr/share/metasploit-framework/lib/msf/core/module_manager/loading.rb:117:in `each'

    from /usr/share/metasploit-framework/lib/msf/core/module_manager/loading.rb:117:in `load_modules'

    from /usr/share/metasploit-framework/lib/msf/core/module_manager/module_paths.rb:41:in `block in add_module_path'

    from /usr/share/metasploit-framework/lib/msf/core/module_manager/module_paths.rb:40:in `each'

    from /usr/share/metasploit-framework/lib/msf/core/module_manager/module_paths.rb:40:in `add_module_path'

    from /usr/share/metasploit-framework/lib/msf/base/simple/framework/module_paths.rb:50:in `block in init_module_paths'

    from /usr/share/metasploit-framework/lib/msf/base/simple/framework/module_paths.rb:49:in `each'

    from /usr/share/metasploit-framework/lib/msf/base/simple/framework/module_paths.rb:49:in `init_module_paths'

    from /usr/share/metasploit-framework/lib/msf/ui/console/driver.rb:219:in `initialize'

    from /usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:62:in `new'

    from /usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:62:in `driver'

    from /usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:48:in `start'

    from /usr/share/metasploit-framework/lib/metasploit/framework/command/base.rb:82:in `start'

    from /usr/bin/msfconsole:48:in `<main>'

2、修改android.rb文件

vi /usr/share/metasploit-framework/lib/msf/core/payload/android.rb

将其替换成

# -*- coding: binary -*-

require 'msf/core'

require 'msf/core/payload/uuid/options'

require 'msf/core/payload/transport_config'

require 'rex/payloads/meterpreter/config'

module Msf::Payload::Android

  include Msf::Payload::TransportConfig

  include Msf::Payload::UUID::Options

  #

  # Fix the dex header checksum and signature

  # http://source.android.com/tech/dalvik/dex-format.html

  #

  def fix_dex_header(dexfile)

    dexfile = dexfile.unpack('a8LH40a*')

    dexfile[2] = Digest::SHA1.hexdigest(dexfile[3])

    dexfile[1] = Zlib.adler32(dexfile[2..-1].pack('H40a*'))

    dexfile.pack('a8LH40a*')

  end

  #

  # We could compile the .class files with dx here

  #

  def generate_stage(opts={})

    ''

  end

  def generate_default_stage(opts={})

    ''

  end

  #

  # Used by stagers to construct the payload jar file as a String

  #

  def generate(opts={})

    generate_jar(opts).pack

  end

  def java_string(str)

    [str.length].pack("N") + str

  end

  def generate_config(opts={})

    opts[:uuid] ||= generate_payload_uuid

    ds = opts[:datastore] || datastore

    config_opts = {

      ascii_str:  true,

      arch:       opts[:uuid].arch,

      expiration: ds['SessionExpirationTimeout'].to_i,

      uuid:       opts[:uuid],

      transports: opts[:transport_config] || [transport_config(opts)],

      stageless:  opts[:stageless] == true

    }

    config = Rex::Payloads::Meterpreter::Config.new(config_opts).to_b

    flags = 0

    flags |= 1 if opts[:stageless]

    flags |= 2 if ds['AndroidMeterpreterDebug']

    flags |= 4 if ds['AndroidWakelock']

    flags |= 8 if ds['AndroidHideAppIcon']

    config[0] = flags.chr

    config

  end

  def sign_jar(jar)

    x509_name = OpenSSL::X509::Name.parse(

      "C=US/O=Android/CN=Android Debug"

    )

    key  = OpenSSL::PKey::RSA.new(2048)

    cert = OpenSSL::X509::Certificate.new

    cert.version = 2

    cert.serial = 1

    cert.subject = x509_name

    cert.issuer = x509_name

    cert.public_key = key.public_key

    # Some time within the last 3 years

    cert.not_before = Time.now - rand(3600 * 24 * 365 * 3)

    # From http://developer.android.com/tools/publishing/app-signing.html

    # """

    # A validity period of more than 25 years is recommended.

    #

    # If you plan to publish your application(s) on Google Play, note

    # that a validity period ending after 22 October 2033 is a

    # requirement. You cannot upload an application if it is signed

    # with a key whose validity expires before that date.

    # """

    #

    # 32-bit Ruby (and 64-bit Ruby on Windows) cannot deal with

    # certificate not_after times later than Jan 1st 2038, since long is 32-bit.

    # Set not_after to a random time 2~ years before the first bad date.

    #

    # FIXME: this will break again randomly starting in late 2033, hopefully

    # all 32-bit systems will be dead by then...

    #

    # The timestamp 0x78045d81 equates to 2033-10-22 00:00:01 UTC

    cert.not_after = Time.at(0x78045d81 + rand(0x7fffffff - 0x78045d81))

    # If this line is left out, signature verification fails on OSX.

    cert.sign(key, OpenSSL::Digest::SHA1.new)

    jar.sign(key, cert, [cert])

  end

  def generate_jar(opts={})

    config = generate_config(opts)

    if opts[:stageless]

      classes = MetasploitPayloads.read('android', 'meterpreter.dex')

      # Add stageless classname at offset 8000

      config += "\x00" * (8000 - config.size)

      config += 'com.metasploit.meterpreter.AndroidMeterpreter'

    else

      classes = MetasploitPayloads.read('android', 'apk', 'classes.dex')

    end

    config += "\x00" * (8195 - config.size)

    classes.gsub!("\xde\xad\xba\xad" + "\x00" * 8191, config)

    jar = Rex::Zip::Jar.new

    files = [

      [ "AndroidManifest.xml" ],

      [ "resources.arsc" ]

    ]

    jar.add_files(files, MetasploitPayloads.path("android", "apk"))

    jar.add_file("classes.dex", fix_dex_header(classes))

    jar.build_manifest

    sign_jar(jar)

    jar

  end

end

msfconsole启动失败并报错`not_after=': bignum too big to convert into `long'的解决方法的更多相关文章

  1. 输入指令npx webpack-dev-server报错:Error: Cannot find module ‘webpack-cli/bin/config-yargs‘的解决方法

    输入指令npx webpack-dev-server报错:Error: Cannot find module 'webpack-cli/bin/config-yargs'的解决方法 输入指令:npx ...

  2. mesos-master启动失败,报错Failed to load unknown flag 'quorum.rpmsave'

    [现象] mesos启动失败,查看mesos状态报错: [root@hps102 ~]# systemctl status mesos-master ● mesos-master.service - ...

  3. JMeter3.0启动日志报错WARN - org.jmeterplugins.repository.Plugin: Unable to load class解决方法

    解决方法: 通过sh find-in-jars 'HlsSampler' -d /data/apache-jmeter-3.0/lib/ext/确定这个class文件在哪个jar包 由于find-in ...

  4. npm install 报错,提示`gyp ERR! stack Error: EACCES: permission denied` 解决方法

    m install 报错,提示gyp ERR! stack Error: EACCES: permission denied 猜测可能是因为没有权限读写,ls -la看下文件权限设置情况 [root@ ...

  5. Myeclipse运行报错:an out of memory error has occurred的解决方法

    不知道怎么了,重装的myeclipse2013,里边就放了一个项目,启动myeclipse就报 an out of memory error has occurred....... 一点yes就退出 ...

  6. centos在yum install报错:Another app is currently holding the yum lock解决方法

    centos在yum install报错:Another app is currently holding the yum lock,这个问题可能是很多的新手经常遇到问题,之前也有人问我,包括本人在刚 ...

  7. Oracle 安装报错 [INS-06101] IP address of localhost could not be determined 解决方法[转]

    --安装Oracle 11gR2,报错:[INS-06101] IP address of localhost could not be determined--------------------- ...

  8. 运行python脚本时,报错InsecurePlatformWarning: A true SSLContext object is not available,解决方法

    今天,要在新环境里运行一个python脚本,遇到下面的报错: /usr/lib/python2.7/site-packages/urllib3/util/ssl_.py:160: InsecurePl ...

  9. Oracle 安装报错 [INS-06101] IP address of localhost could not be determined 解决方法

    安装Oracle 11gR2,报错:[INS-06101] IP address of localhost could not be determined 出现这种错误是因为主机名和/etc/host ...

随机推荐

  1. Resnet——深度残差网络(一)

    我们都知道随着神经网络深度的加深,训练过程中会很容易产生误差的积累,从而出现梯度爆炸和梯度消散的问题,这是由于随着网络层数的增多,在网络中反向传播的梯度会随着连乘变得不稳定(特别大或特别小),出现最多 ...

  2. c#画图之柱形图

    public JsonResult DrawBarChart() { #region 允许配置项 //定义宽高 , width = ; //边缘位置留白 ; ; ; ; //辅助线距离顶部的距离 ; ...

  3. 走进MEasy的世界:基于STM32MP1的IOT参考设计

    前言:在万物互联快速发展的趋势下,板卡处理器性能.内存大小.接口外设等都是人们非常关心的硬件参数,但是如何让硬件的作用实现它的功能最大化,一套完善的软件支持尤为重要. 背景:随着HTML5技术的发展, ...

  4. VSCode常用插件之ESLint使用

    更多VSCode插件使用请访问:VSCode常用插件汇总 ESLint这是VS Code ESLint扩展,将ESLint JavaScript集成到VS Code中. 首先简单说一下使用流程: 1. ...

  5. laravel orWhere

    场景描述 需要根据商品分类.商品名称和条形码这三个查询条件去取出结果集,这三者的关系是:商品分类 and (商品名称 or 条形码) 错误尝试 第一次写出来的代码是这样的: $goodsModel = ...

  6. CentOS8中进行IP和主机名的网络配置的过程图解

    摘要: 很多人不知道如何在字符界面下配置主机名和ip,所以写了这个文章,本人也是新手,希望指出错误与不足.(本文只是在字符界面下教程) 一.输入你的账号密码登录 1)ifconfig 查看你目前的 主 ...

  7. pyqt5-进度条控制

    1.基于自定义类的方式 继承自QProgressBar类,然后重写timerEvent方法,当该组件设置定时器的时候,会自己处理定时的处理方法,完成相应的功能 from PyQt5.Qt import ...

  8. .net mvc 多文件上传

    1.input文件上传设置允许选择多个文件,设置属性 multiple即可 <input type="file" multiple="multiple" ...

  9. Educational Codeforces Round 79 (Rated for Div. 2) Finished (A-D)

    如果最大值比剩余两个加起来的总和+1还大,就是NO,否则是YES #include<bits/stdc++.h> using namespace std; int main(){ int ...

  10. xctf-ics-07

    首先管理页面进入到云平台项目管理中心 发现下面可以查看源码,点击view-source: 这个直接就绕过去了 看第二个 第二个需要满足$_SESSION['admin']==true才行,因此看看第三 ...