ComputerSecurityStudent (CSS) [Login] [Join Now]

|UNIX >> Kali >> Kali 1.0 >> Current Page |Views: 9389

(Kali: Lesson 5)

{ Fix bignum too big to convert into `long' (RangeError)  }

Section 0. Background Information
  1. Background information.
    • The objective of the lesson is to show you how to fix the RangeError when running older versions of Metasploit on a 32 bit Linux Operating System.
    • Below is a typical error you might see when running tools like msfconsole and msfvenom.
    • /opt/metasploit/apps/pro/msf3/modules/payloads/stagers/android/reverse_tcp.rb:77:in `not_after=': bignum too big to convert into `long' (RangeError)

  2. Prerequisite
  3. Lab Notes
    • In this lab we will do the following:
      1. We will display RangeError
      2. We will make a backup of reverse_tcp.rb
      3. We will adjust the calculation for the cert.net_after variable
      4. We will start of msfconsole successfully

  4. Legal Disclaimer
    • As a condition of your use of this Web site, you warrant to that you will not use this Web site for any purpose that is unlawful or that is prohibited by these terms, conditions, and notices.
    • In accordance with UCC § 2-316, this product is provided with "no warranties, either express or implied." The information contained is provided "as-is", with "no guarantee of merchantability."
    • In addition, this is a teaching website that does not condone malicious behavior of any kind.
    • You are on notice, that continuing and/or using this lab outside your "own" test environment is considered malicious and is against the law.
    • © 2020 No content replication of any kind is allowed without express written permission.

Section 1. Start Kali
  1. Open VMware Player on your windows machine.
    • Instructions:
      1. Click the Start Button
      2. Type "vmware player" in the search box
      3. Click on VMware Player


  2. Edit Virtual Machine Settings
    • Instructions:
      1. Click on the Kali VM
      2. Click on Edit virtual machine settings


  3. Auto Detect Hard Drive
    • Instructions:
      1. Click on CD/DVD(IDE)
      2. Click the Use physical drive: radio button
      3. Make sure Auto detect is selected


  4. Edit Network Adapter
    • Instructions:
      1. Highlight Network Adapter
      2. Select Bridged
      3. Click the OK Button


  5. Start the Kali VM
    • Instructions:
      1. Click on the Kali VM
      2. Click on Play virtual machine


Section 2. Login to Kali
  1. Supply Username
    • Instructions:
      1. Click Other
      2. Username: root
      3. Click the Login Button


  2. Supply Password
    • Instructions:
      1. Password: Provide the root password
      2. Click the Login Button


Section 3. Obtain IP Address Address
  1. Open a Terminal
    • Instructions:
      1. Applications --> Accessories --> Terminal


  2. Get IP Address
    • Instructions:
      1. ifconfig -a
    • Notes (FYI):
      • As indicated below, my IP address is for Network Interface eth0.
        • Please record your IP address
      • The Local Loopback Address is for Network Interface lo.
        • The loopback device is a special, virtual network interface that your computer uses to communicate with itself.  When the network or wifi is disconnected the loopback exists so applications running on your computer can always connect to servers on the same machine.


Section 4. Start msfconsole and View RangeError
  1. msfconsole RangeError
    • Instructions:
      1. Notice the RangeError produced by reverse_tcp.rb
    • Note(FYI):
      • /opt/metasploit/apps/pro/msf3/modules/payloads/stagers/android/reverse_tcp.rb:77:in `not_after=': bignum too big to convert into `long' (RangeError)
      • This is because the value for the cert.net_after variable in reverse_tcp.rb exceeded 2,147,483,648.


Section 5. Fix msfconsole RangeError
  1. Make Backup Copy of reverse_tcp.rb
    • Instructions:
      1. cd /opt/metasploit/apps/pro/msf3/modules/payloads/stagers/android
      2. ls
      3. cp reverse_tcp.rb reverse_tcp.rb-BKP
      4. ls -l
    • Note(FYI):
      • Command #1, Use (cd) to change directory to (/opt/metasploit/apps/pro/msf3/modules/payloads/stagers/android). 
      • Command #2, Use (ls) to list the contents of the current directory.
      • Command #3, Use (cp) to make a copy of the (reverse_tcp.rb) file.
      • Command #4, Use (ls -l) to long list the contents of the current directory. 


  2. Open reverse_tcp.rb
    • Instructions:
      1. leafpad reverse_tcp.rb
    • Note(FYI):
      • Command #1, Use the text editor (leafpad) to open the following file (reverse_tcp.rb).


  3. Enable Line Numbers
    • Instructions:
      1. Select Options
      2. Click on Line Numbers


  4. Go To Line 77
    • Instructions:
      1. Arrow Down to Line 77
    • Note(FYI):
      • The Cursor should be on the same line as cert.net_after


  5. Cursor Over
    • Instructions:
      1. Cursor over to the position immediately after the first number 20.


  6. Delete Trailing Zero
    • Instructions:
      1. Press the <Backspace> key to delete the "0" at the end of the number 20 to create the number 2.
    • Note(FYI):
      • The new number should be 2.
      • In ruby, the bignum data type goes up to 2,147,483,648.
      • The bignum data types range (2,147,483,648) is exceeded, when the value of (cert.not_before) is added to (3600*24*365*20)


  7. Save File
    • Instructions:
      1. Select File
      2. Select Save


  8. Close File
    • Instructions:
      1. Select File
      2. Select Quit


Section 6. Start msfconsole successfully
  1. Start Metasploit Console (msfconsole)
    • Instructions:
      1. msfconsole
      2. You should now see a Metasploit banner and "msf >" prompt.


Section 7. Proof of Lab
  1. Start a second Terminal
    • Instructions:
      1. Select Applications
      2. Select Accessories
      3. Select Terminal
  2. Proof of Lab
    • Instructions:
      1. cd /opt/metasploit/apps/pro/msf3/modules/payloads/stagers/android
      2. grep cert.not_after reverse_tcp.rb
      3. ps -eaf | grep msf
      4. date
      5. echo "Your Name"
        • Replace the string "Your Name" with your actual name.
        • e.g., echo "John Gray"
    • Proof of Lab Instructions
      1. Do a <PrtScn>
      2. Paste into a word document
      3. Upload to Moodle

Help ComputerSecurityStudent
pay for continued research,
resources & bandwidth