Skip to content

RegEx Replacement Warning in smb_version #20121

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
ccurzio opened this issue May 2, 2025 · 1 comment
Open

RegEx Replacement Warning in smb_version #20121

ccurzio opened this issue May 2, 2025 · 1 comment
Labels

Comments

@ccurzio
Copy link

ccurzio commented May 2, 2025

Steps to reproduce

How'd you do it?

  1. Start msfconsole
  2. use auxiliary/scanner/smb
  3. set RHOST xxx.xxx.xxx.xxx
  4. exploit

Were you following a specific guide/tutorial or reading documentation?

No.

Current behavior

RegEx Warning:

/usr/share/metasploit-framework/vendor/bundle/ruby/3.3.0/gems/recog-3.1.16/lib/recog/fingerprint/regexp_factory.rb:34: warning: nested repeat operator '+' and '?' was replaced with '*' in regular expression

Metasploit version

Framework: 6.4.56-dev
Console : 6.4.56-dev

Module/Datastore

The following global/module datastore, and database setup was configured before the issue occurred:

Collapse
[framework/core]
loglevel=3

[framework/ui/console]
ActiveModule=auxiliary/scanner/smb/smb_version

[scanner/smb/smb_version]
RHOSTS=REDACTED
WORKSPACE=
VERBOSE=false
RPORT=
SSL=false
SSLServerNameIndication=
SSLVersion=Auto
SSLVerifyMode=PEER
SSLCipher=
Proxies=
CPORT=
CHOST=
ConnectTimeout=10
TCP::max_send_size=0
TCP::send_delay=0
DCERPC::max_frag_size=4096
DCERPC::fake_bind_multi=true
DCERPC::fake_bind_multi_prepend=0
DCERPC::fake_bind_multi_append=0
DCERPC::smb_pipeio=rw
DCERPC::ReadTimeout=10
NTLM::UseNTLMv2=true
NTLM::UseNTLM2_session=true
NTLM::SendLM=true
NTLM::UseLMKey=false
NTLM::SendNTLM=true
NTLM::SendSPN=true
SMB::pipe_evasion=false
SMB::pipe_write_min_size=1
SMB::pipe_write_max_size=1024
SMB::pipe_read_min_size=1
SMB::pipe_read_max_size=1024
SMB::pad_data_level=0
SMB::pad_file_level=0
SMB::obscure_trans_pipe_level=0
SMBDirect=true
SMBUser=
SMBPass=
SMBDomain=.
SMBName=*SMBSERVER
SMB::VerifySignature=false
SMB::ChunkSize=500
SMB::Native_OS=Windows 2000 2195
SMB::Native_LM=Windows 2000 5.0
SMB::AlwaysEncrypt=true
THREADS=1
ShowProgress=true
ShowProgressPercent=10
KrbCacheMode=read-write
SMB::Auth=auto
SMB::Rhostname=
DomainControllerRhost=
SMB::Krb5Ccname=
SMB::KrbOfferedEncryptionTypes=AES256,AES128,RC4-HMAC,DES-CBC-MD5,DES3-CBC-SHA1

Database Configuration

The database contains the following information:

Collapse
Session Type: postgresql selected, no connection

Framework Configuration

The features are configured as follows:

Collapse
name enabled
wrapped_tables true
fully_interactive_shells false
manager_commands false
metasploit_payload_warnings true
defer_module_loads false
smb_session_type true
postgresql_session_type true
mysql_session_type true
mssql_session_type true
ldap_session_type true
show_successful_logins false
dns true
hierarchical_search_table true
display_module_action true

History

The following commands were ran during the session and before this issue occurred:

Collapse
14     set loglevel 3
15     use auxiliary/scanner/smb/smb_version
16     set RHOST REDACTED
17     exploit
18     debug

Framework Errors

The following framework errors occurred before the issue occurred:

Collapse
[05/02/2025 09:40:03] [e(0)] core: Failed to connect to the database: No database YAML file
[05/02/2025 09:40:32] [e(0)] core: Failed to open history file: /home/pilot/.msf4/history with error: No such file or directory @ rb_sysopen - /home/pilot/.msf4/history
[05/02/2025 09:40:50] [e(0)] core: Module auxiliary/scanner/smb not found, and no loading errors found. If you're using a custom module refer to our wiki: https://docs.metasploit.com/docs/using-metasploit/intermediate/running-private-modules.html
[05/02/2025 09:51:58] [e(0)] core: Failed to connect to the database: No database YAML file
[05/02/2025 09:53:14] [e(0)] core: Failed to connect to the database: No database YAML file

Web Service Errors

The following web service errors occurred before the issue occurred:

Collapse
msf-ws.log does not exist.

Framework Logs

The following framework logs were recorded before the issue occurred:

Collapse
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage linux/armle/shell have incompatible platforms: ["Android"] - ["Linux"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage linux/mipsbe/meterpreter have incompatible platforms: ["Android"] - ["Linux"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage linux/mipsbe/shell have incompatible platforms: ["Android"] - ["Linux"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage linux/aarch64/meterpreter have incompatible platforms: ["Android"] - ["Linux"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage linux/aarch64/shell have incompatible platforms: ["Android"] - ["Linux"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage linux/mipsle/meterpreter have incompatible platforms: ["Android"] - ["Linux"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage linux/mipsle/shell have incompatible platforms: ["Android"] - ["Linux"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage linux/x64/meterpreter have incompatible platforms: ["Android"] - ["Linux"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage linux/x64/shell have incompatible platforms: ["Android"] - ["Linux"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage osx/x86/vforkshell have incompatible platforms: ["Android"] - ["OSX"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage osx/x86/isight have incompatible platforms: ["Android"] - ["OSX"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage osx/x86/bundleinject have incompatible platforms: ["Android"] - ["OSX"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage osx/armle/execute have incompatible platforms: ["Android"] - ["OSX"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage osx/armle/shell have incompatible platforms: ["Android"] - ["OSX"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage osx/ppc/shell have incompatible platforms: ["Android"] - ["OSX"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage osx/aarch64/meterpreter have incompatible platforms: ["Android"] - ["OSX"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage osx/x64/dupandexecve have incompatible platforms: ["Android"] - ["OSX"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage osx/x64/meterpreter have incompatible platforms: ["Android"] - ["OSX"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage netware/shell have incompatible platforms: ["Android"] - ["Netware"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage java/meterpreter have incompatible platforms: ["Android"] - ["Java"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage java/shell have incompatible platforms: ["Android"] - ["Java"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage bsdi/x86/shell have incompatible platforms: ["Android"] - ["BSDi"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage python/meterpreter have incompatible platforms: ["Android"] - ["Python"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage windows/vncinject have incompatible platforms: ["Android"] - ["Windows"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage windows/meterpreter have incompatible platforms: ["Android"] - ["Windows"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage windows/patchupdllinject have incompatible platforms: ["Android"] - ["Windows"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage windows/patchupmeterpreter have incompatible platforms: ["Android"] - ["Windows"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage windows/custom have incompatible platforms: ["Android"] - ["Windows"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage windows/dllinject have incompatible platforms: ["Android"] - ["Windows"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage windows/upexec have incompatible platforms: ["Android"] - ["Windows"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage windows/peinject have incompatible platforms: ["Android"] - ["Windows"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage windows/shell have incompatible platforms: ["Android"] - ["Windows"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage windows/x64/vncinject have incompatible platforms: ["Android"] - ["Windows"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage windows/x64/meterpreter have incompatible platforms: ["Android"] - ["Windows"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage windows/x64/custom have incompatible platforms: ["Android"] - ["Windows"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage windows/x64/peinject have incompatible platforms: ["Android"] - ["Windows"]
[05/02/2025 09:53:38] [d(2)] core: Stager android/reverse_https and stage windows/x64/shell have incompatible platforms: ["Android"] - ["Windows"]
[05/02/2025 09:53:38] [d(3)] core: Checking compat [ with ]: javasocket to javaurl
[05/02/2025 09:53:38] [d(3)] core: Checking compat [ with ]: javaurl to javaurl
[05/02/2025 09:53:38] [d(1)] core: Module  is compatible with
[05/02/2025 09:53:38] [d(3)] core: Checking compat [ with ]: javasocket to javaurl
[05/02/2025 09:53:38] [d(3)] core: Checking compat [ with ]: javaurl to javaurl
[05/02/2025 09:53:38] [d(1)] core: Module  is compatible with
[05/02/2025 09:53:38] [d(2)] core: Built staged payload android/meterpreter/reverse_https.
[05/02/2025 09:53:38] [d(1)] core: Module  is compatible with
[05/02/2025 09:53:38] [d(1)] core: Module  is compatible with
[05/02/2025 09:53:38] [d(2)] core: Built staged payload android/shell/reverse_https.
[05/02/2025 09:53:41] [i(2)] core: Reloading auxiliary module scanner/smb/smb_version. Ambiguous module warnings are safe to ignore
[05/02/2025 09:53:52] [d(0)] core: SMB version(s) to negotiate: [1]
[05/02/2025 09:53:52] [d(0)] core: Negotiated SMB version: SMB1

Web Service Logs

The following web service logs were recorded before the issue occurred:

Collapse
msf-ws.log does not exist.

Version/Install

The versions and install method of your Metasploit setup:

Collapse
Framework: 6.4.56-dev
Ruby: ruby 3.3.7 (2025-01-15 revision be31f993d7) [x86_64-linux-gnu]
OpenSSL: OpenSSL 3.4.0 22 Oct 2024
Install Root: /usr/share/metasploit-framework
Session Type: postgresql selected, no connection
Install Method: Other - Please specify
Copy link

github-actions bot commented Jun 2, 2025

Hi!

This issue has been left open with no activity for a while now.

We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here.
If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.

@github-actions github-actions bot added the Stale Marks an issue as stale, to be closed if no action is taken label Jun 2, 2025
@adfoster-r7 adfoster-r7 removed the Stale Marks an issue as stale, to be closed if no action is taken label Jun 2, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
Status: No status
Development

No branches or pull requests

2 participants