Fixing Metasploit on the Pwn Plug R3

May 28, 2017

After spending a few hours troubleshooting a broken PostgreSQL instance, I finally got Metasploit fired up with a working database. Since I was on a Windows network with a ton of exposed SMB I wanted to see whether the MS17-010 module had been released yet. Mainly so I could stuff ETERNALBLUE NSA hacks in my attack timeline, but also because I wanted to take the new MS08-067 for a spin.

Using my shiny new search, I did a quick search for “MS17”. Nothing. That’s odd. I then searched for “SMB”. Still nothing. Checked my local instance and found ms17_010_eternalblue no problem. Hmm. Then I checked out the version banner.

Pwnie: v4.13.13-dev

Local: v4.14.19-dev

Weird, especially since I’d updated everything before sending it out. Maybe a long patch cycle?

I ran an apt update. No updates found.

Then I browsed over to http://kalirepo.pxinfra.net/kali-rolling/dists/kali-rolling/main/. No updates since January 15, 2017. Hmmm.

Sanity check against https://http.kali.org/kali/dists/kali-rolling/main/ showed updates that same day.

Putting the Nope in Support

I reach out to Pwnie support a third time (previous call and email had gone unanswered) and leave a voicemail. Nothing.

I reach out to Pwnie sales and the call is answered on the second ring. I explain my situation and support calls in under an hour. Three cheers for FOMO. I explain our situation and he goes to investigate.

The Fix

By this point I’m not holding out much hope for a timely response so I decide to fall back on the hack workaround method. I know the Pwn Plug uses a fork of Kali, but I’m not sure what parts of it they hold back and don’t particularly want to troubleshoot a broken Pwn Plug while it’s sitting at a customer’s site.

Here’s what I did.

  1. Add the official Kali repo (deb http://http.kali.org/kali kali-rolling main contrib non-free) to your /etc/apt/sources.list
  2. Run apt-get update.
  3. Upgrade Metasploit only using apt-get install --only-upgrade metasploit-framework

Five months of exploity goodness come streaming down and I’m up and running. To guard against future Liam’s foolishness, I comment out the Kali repo to avoid an unexpected bricking of my expensive pentesting paperweight.

Conclusion

The day after I got everything up and running, and after a few rounds of victim blaming, we get to the root cause:

I have learned from our developers the reason why our repository fell out of sync with the Kali repository is that Offensive Security broke the connection. As a result, our repository is not up-to-date. While we work on correcting this, one option you could consider is to modify the /etc/apt/sources.list file and add the Kali repository to it. After doing so, you can update Metasploit. Please note this is untested.

As I write this four days later, things are still broken. This is a little annoying since one of the reasons you pay a premium to a vendor rather than build your own is so you don’t have to deal with the headache of ongoing support & maintenance.

I’m a little curious as to why Offensive Security would cut off updates to The World’s Leading Penetration Testing Devices™, but for now am glad to be spending my time popping boxes rather than fixing them.

Update: 6 weeks after I emailed regarding the repository being effed they seem to have sorted things out. Leaving this up here for posterity. And snark.