Multiple Errors in DeepExploit.py about machine_learning_security HOT 18 CLOSED

ah nevermind the AttributeError.
It was the problem with the msfrpc, not DeepExploit xD

from machine_learning_security.

btw should I create a requirements.txt for the python3 libraries?

from machine_learning_security.

Hi, @fanntom
Maybe, this causes are no corresponding exploit modules in the "exploit_list.csv".
So, you delete all file in the DeepExploit/data/ folder, please retry DeepExploit.

Then, DeepExploit creates these files according to the your Metasploit's environment.

from machine_learning_security.

Thank you @13o-bbr-bbq for the reply.
I will try that out and I will comment on this thread about the results.

from machine_learning_security.

Alright here's a followup about the result.
The solution you mentioned did solve the problem.
Thank you very much!
Now I'm looking at a
Exception in thread Thread-19:
Traceback (most recent call last):
File "/usr/lib/python3.6/threading.py", line 916, in _bootstrap_inner
self.run()
File "/usr/lib/python3.6/threading.py", line 864, in run
self._target(self._args, **self._kwargs)
File "DeepExploit.py", line 1604, in
job = lambda: worker.run(exploit_tree, target_tree, saver, env.save_file)
File "DeepExploit.py", line 1161, in run
self.environment.run(exploit_tree, target_tree)
File "DeepExploit.py", line 1101, in run
frames)
File "DeepExploit.py", line 678, in execute_exploit
job_id_list = self.client.get_job_list()
File "DeepExploit.py", line 150, in get_job_list
jobs = self.call('job.list', [])
File "DeepExploit.py", line 65, in call
resp = self.client.getresponse()
File "/usr/lib/python3.6/http/client.py", line 1331, in getresponse
response.begin()
File "/usr/lib/python3.6/http/client.py", line 297, in begin
version, status, reason = self._read_status()
File "/usr/lib/python3.6/http/client.py", line 266, in _read_status
raise RemoteDisconnected("Remote end closed connection without"
http.client.RemoteDisconnected: Remote end closed connection without response
but i think this is a problem with the msfrpc end.
And I don't know if this is an error but im seeing some
[] MsfRPC: Not Authenticated
during the saving train data part.

from machine_learning_security.

And when i run it in the test mode, I get this error:

root@kali:~/machine_learning_security/DeepExploit# python3 DeepExploit.py -t 192.168.74.135 -m test
Using TensorFlow backend.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 　　　　　██████╗ ███████╗███████╗██████╗                      

　 　　　　██╔══██╗██╔════╝██╔════╝██╔══██╗
　 　　　　██║ ██║█████╗ █████╗ ██████╔╝
　 　　　　██║ ██║██╔══╝ ██╔══╝ ██╔═══╝
　 　　　　██████╔╝███████╗███████╗██║
　　 　　　╚═════╝ ╚══════╝╚══════╝╚═╝

 ███████╗██╗  ██╗██████╗ ██╗      ██████╗ ██╗████████╗
 ██╔════╝╚██╗██╔╝██╔══██╗██║     ██╔═══██╗██║╚══██╔══╝
 █████╗   ╚███╔╝ ██████╔╝██║     ██║   ██║██║   ██║   
 ██╔══╝   ██╔██╗ ██╔═══╝ ██║     ██║   ██║██║   ██║   
 ███████╗██╔╝ ██╗██║     ███████╗╚██████╔╝██║   ██║   
 ╚══════╝╚═╝  ╚═╝╚═╝     ╚══════╝ ╚═════╝ ╚═╝   ╚═╝    (beta)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Traceback (most recent call last):
File "DeepExploit.py", line 1532, in
env = Metasploit(rhost)
File "DeepExploit.py", line 270, in init
self.set_state_os()
File "DeepExploit.py", line 310, in set_state_os
os_raw = ret.get(b'data').decode('utf-8')
AttributeError: 'NoneType' object has no attribute 'decode'

from machine_learning_security.

In the msfconsole window i get this:
#<Thread:0x00007f6d5945ac40@/usr/share/metasploit-framework/lib/msf/core/thread_manager.rb:93 run> terminated with exception (report_on_exception is true):
Traceback (most recent call last):
22: from /usr/share/metasploit-framework/lib/msf/core/thread_manager.rb:111:in block in spawn' 21: from /usr/share/metasploit-framework/lib/msf/core/db_manager/connection.rb:6:in active'
20: from /usr/share/metasploit-framework/lib/msf/core/db_manager/connection.rb:123:in connection_established?' 19: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/activerecord-4.2.10/lib/active_record/connection_adapters/abstract/connection_pool.rb:292:in with_connection'
18: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/activerecord-4.2.10/lib/active_record/connection_adapters/abstract/connection_pool.rb:262:in connection' 17: from /usr/lib/ruby/2.5.0/monitor.rb:226:in mon_synchronize'
16: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/activerecord-4.2.10/lib/active_record/connection_adapters/abstract/connection_pool.rb:263:in block in connection' 15: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/activerecord-4.2.10/lib/active_record/connection_adapters/abstract/connection_pool.rb:348:in checkout'
14: from /usr/lib/ruby/2.5.0/monitor.rb:226:in mon_synchronize' 13: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/activerecord-4.2.10/lib/active_record/connection_adapters/abstract/connection_pool.rb:349:in block in checkout'
12: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/activerecord-4.2.10/lib/active_record/connection_adapters/abstract/connection_pool.rb:424:in acquire_connection' 11: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/activerecord-4.2.10/lib/active_record/connection_adapters/abstract/connection_pool.rb:397:in reap'
10: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/activerecord-4.2.10/lib/active_record/connection_adapters/abstract/connection_pool.rb:397:in each' 9: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/activerecord-4.2.10/lib/active_record/connection_adapters/abstract/connection_pool.rb:398:in block in reap'
8: from /usr/lib/ruby/2.5.0/monitor.rb:226:in mon_synchronize' 7: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/activerecord-4.2.10/lib/active_record/connection_adapters/abstract/connection_pool.rb:400:in block (2 levels) in reap'
6: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/activerecord-4.2.10/lib/active_record/connection_adapters/postgresql_adapter.rb:281:in reset!' 5: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/activerecord-4.2.10/lib/active_record/connection_adapters/postgresql_adapter.rb:258:in clear_cache!'
4: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/activerecord-4.2.10/lib/active_record/connection_adapters/postgresql_adapter.rb:197:in clear' 3: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/activerecord-4.2.10/lib/active_record/connection_adapters/postgresql_adapter.rb:197:in each_value'
2: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/activerecord-4.2.10/lib/active_record/connection_adapters/postgresql_adapter.rb:198:in block in clear' 1: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/activerecord-4.2.10/lib/active_record/connection_adapters/postgresql_adapter.rb:215:in dealloc'
/usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/activerecord-4.2.10/lib/active_record/connection_adapters/postgresql_adapter.rb:215:in `exec': ERROR: prepared statement "a9" does not exist (PG::InvalidSqlStatementName)

from machine_learning_security.

Hi Fanntom, how exactly did you fix the msfrpc errors? I'm getting MFGRCP Not Authenticated though the msfrpc is started with the same values as in config.ini

from machine_learning_security.

@pieterhouwen in which phase does that error popup?

from machine_learning_security.

In the training phase when it's saving to the database (at the end)

from machine_learning_security.

@pieterhouwen hmmm i get that error as well. I'll look into the issue myself. @13o-bbr-bbq can you check if the MsfRCP error occurs in your environment as well please?

from machine_learning_security.

@fanntom @pieterhouwen
I'm getting MSFRPC Not Authenticated
In the training phase when it's saving to the database (at the end)
It's error message is also displayed in my environment. But, the trained data is saved normally.
Was the trained data saved normally in your environment?

It is a bug that "MSFRPC Not Authenticated" is output, so I will fix it.

from machine_learning_security.

Yup, it saved the data alright, but now I'm getting other errors:

[*] Restore learned data.
[+] Executing start: local_thread1
Exception in thread Thread-1:
Traceback (most recent call last):
File "/usr/lib/python3.6/threading.py", line 916, in _bootstrap_inner
self.run()
File "/usr/lib/python3.6/threading.py", line 864, in run
self._target(*self._args, **self._kwargs)
File "DeepExploit.py", line 1613, in
job = lambda: worker.run(exploit_tree, target_tree)
File "DeepExploit.py", line 1176, in run
self.environment.run(exploit_tree, target_tree)
File "DeepExploit.py", line 1042, in run
target_list = exploit_tree[exploit[8:]]['target_list']
KeyError: 'windows/scada/advantech_webaccess_webvrpcs_bof'

Are these exploit-specific errors?
The msfconsole window shows nothing

from machine_learning_security.

Hi, @pieterhouwen
Maybe, this causes are no corresponding exploit modules in the "exploit_list.csv".
So, you delete all file in the DeepExploit/data/ folder, please retry DeepExploit.

Then, DeepExploit creates these files according to the your Metasploit's environment.

from machine_learning_security.

That fixed it, but when using the test option I get the following output on the msfconsole side: (I trained and tested twice):

Traceback (most recent call last):
28: from /usr/share/metasploit-framework/lib/msf/core/thread_manager.rb:100:in block in spawn' 27: from /usr/share/metasploit-framework/lib/rex/thread_factory.rb:22:in block in spawn'
26: from /usr/share/metasploit-framework/lib/rex/job.rb:40:in block in start' 25: from /usr/share/metasploit-framework/lib/rex/job.rb:39:in ensure in block in start'
24: from /usr/share/metasploit-framework/lib/msf/core/exploit_driver.rb:153:in block in run' 23: from /usr/share/metasploit-framework/lib/msf/core/exploit_driver.rb:249:in job_cleanup_proc'
22: from /usr/share/metasploit-framework/lib/msf/core/event_dispatcher.rb:186:in method_missing' 21: from /usr/share/metasploit-framework/lib/msf/core/event_dispatcher.rb:186:in each'
20: from /usr/share/metasploit-framework/lib/msf/core/event_dispatcher.rb:188:in block in method_missing' 19: from /usr/share/metasploit-framework/lib/msf/core/framework.rb:332:in on_module_complete'
18: from /usr/share/metasploit-framework/lib/msf/core/framework.rb:309:in module_event' 17: from /usr/share/metasploit-framework/lib/msf/core/module.rb:221:in workspace'
16: from /usr/share/metasploit-framework/lib/msf/core/db_manager/workspace.rb:24:in workspace' 15: from /usr/share/metasploit-framework/lib/msf/core/db_manager/workspace.rb:18:in find_workspace'
14: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/activerecord-4.2.10/lib/active_record/connection_adapters/abstract/connection_pool.rb:292:in with_connection' 13: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/activerecord-4.2.10/lib/active_record/connection_adapters/abstract/connection_pool.rb:262:in connection'
12: from /usr/lib/ruby/2.5.0/monitor.rb:226:in mon_synchronize' 11: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/activerecord-4.2.10/lib/active_record/connection_adapters/abstract/connection_pool.rb:263:in block in connection'
10: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/activerecord-4.2.10/lib/active_record/connection_adapters/abstract/connection_pool.rb:348:in checkout' 9: from /usr/lib/ruby/2.5.0/monitor.rb:226:in mon_synchronize'
8: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/activerecord-4.2.10/lib/active_record/connection_adapters/abstract/connection_pool.rb:349:in block in checkout' 7: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/activerecord-4.2.10/lib/active_record/connection_adapters/abstract/connection_pool.rb:425:in acquire_connection'
6: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/activerecord-4.2.10/lib/active_record/connection_adapters/abstract/connection_pool.rb:133:in poll' 5: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/activerecord-4.2.10/lib/active_record/connection_adapters/abstract/connection_pool.rb:145:in synchronize'
4: from /usr/lib/ruby/2.5.0/monitor.rb:226:in mon_synchronize' 3: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/activerecord-4.2.10/lib/active_record/connection_adapters/abstract/connection_pool.rb:135:in block in poll'
2: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/activerecord-4.2.10/lib/active_record/connection_adapters/abstract/connection_pool.rb:180:in wait_poll' 1: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/activerecord-4.2.10/lib/active_record/connection_adapters/abstract/connection_pool.rb:180:in loop'
/usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/activerecord-4.2.10/lib/active_record/connection_adapters/abstract/connection_pool.rb:189:in `block in wait_poll': could not obtain a database connection within 5.000 seconds (waited 5.900 seconds) (ActiveRecord::ConnectionTimeoutError)

from machine_learning_security.

Hi, @pieterhouwen
Maybe, it is connection error between client and Metasploit.
Could you check your "config.ini"?

• config.ini

[Common]
server_host : "Your IP address of Metasploit"
server_port : "Your port number of Metasploit"
...snip...
[Metasploit]
lhost         : "Your IP address of Metasploit"

from machine_learning_security.

Hi, @fanntom
Thanks for advice.
I'll create the requirements.txt soon.

from machine_learning_security.

I've created the requirement.txt.
Please, try it.

from machine_learning_security.