Fixing Metasploit on the Pwn Plug R3
After spending a few hours troubleshooting a broken PostgreSQL instance, I finally got Metasploit fired up with a working database. Since I was on a Windows network with a ton of exposed SMB I wanted to see whether the MS17-010 module had been released yet. Mainly so I could stuff ETERNALBLUE NSA hacks in my attack timeline, but also because I wanted to take the new MS08-067 for a spin.
Using my shiny new search, I did a quick search for “MS17”. Nothing. That’s odd. I then searched for “SMB”. Still nothing. Checked my local instance and found
ms17_010_eternalblue no problem. Hmm. Then I checked out the version banner.
Weird, especially since I’d updated everything before sending it out. Maybe a long patch cycle?
I ran an
apt update. No updates found.
Then I browsed over to http://kalirepo.pxinfra.net/kali-rolling/dists/kali-rolling/main/. No updates since January 15, 2017. Hmmm.
Sanity check against https://http.kali.org/kali/dists/kali-rolling/main/ showed updates that same day.
Putting the Nope in Support
I reach out to Pwnie support a third time (previous call and email had gone unanswered) and leave a voicemail. Nothing.
I reach out to Pwnie sales and the call is answered on the second ring. I explain my situation and support calls in under an hour. Three cheers for FOMO. I explain our situation and he goes to investigate.
By this point I’m not holding out much hope for a timely response so I decide to fall back on the hack workaround method. I know the Pwn Plug uses a fork of Kali, but I’m not sure what parts of it they hold back and don’t particularly want to troubleshoot a broken Pwn Plug while it’s sitting at a customer’s site.
Here’s what I did.
- Add the official Kali repo (deb http://http.kali.org/kali kali-rolling main contrib non-free) to your
- Upgrade Metasploit only using
apt-get install --only-upgrade metasploit-framework
Five months of exploity goodness come streaming down and I’m up and running. To guard against future Liam’s foolishness, I comment out the Kali repo to avoid an unexpected bricking of my expensive pentesting paperweight.
The day after I got everything up and running, and after a few rounds of victim blaming, we get to the root cause:
I have learned from our developers the reason why our repository fell out of sync with the Kali repository is that Offensive Security broke the connection. As a result, our repository is not up-to-date. While we work on correcting this, one option you could consider is to modify the /etc/apt/sources.list file and add the Kali repository to it. After doing so, you can update Metasploit. Please note this is untested.
As I write this four days later, things are still broken. This is a little annoying since one of the reasons you pay a premium to a vendor rather than build your own is so you don’t have to deal with the headache of ongoing support & maintenance.
I’m a little curious as to why Offensive Security would cut off updates to The World’s Leading Penetration Testing Devices™, but for now am glad to be spending my time popping boxes rather than fixing them.
Update: 6 weeks after I emailed regarding the repository being effed they seem to have sorted things out. Leaving this up here for posterity. And snark.