PDA

View Full Version : S.E.T Error - unpack requires a string argument of length 8



silentnoise
05-18-2011, 10:04 AM
Not sure if this is a bug, I just get this error every time I run S.E.T


[---] The Social-Engineer Toolkit (SET) [---]
[---] Written by: David Kennedy (ReL1K) [---]
[---] Development Team: Thomas Werth [---]
[---] Version: 1.4 [---]
[---] Codename: 'YAY DerbyCon Edition' [---]
[---] Report bugs to: davek@social-engineer.org [---]
[---] Follow me on Twitter: dave_rel1k [---]
[---] Homepage: http://www.secmaniac.com [---]
[---] Framework: http://www.social-engineer.org [---]

Welcome to the Social-Engineer Toolkit (SET). Your one
stop shop for all of your social-engineering needs..

DerbyCon 2011 Sep30-Oct02 - http://www.derbycon.com.
Tickets on sale NOW!

Select from the menu:

1. Spear-Phishing Attack Vectors
2. Website Attack Vectors
3. Infectious Media Generator
4. Create a Payload and Listener
5. Mass Mailer Attack
6. Teensy USB HID Attack Vector
7. SMS Spoofing Attack Vector
8. Wireless Access Point Attack Vector
9. Third Party Modules
10. Update the Metasploit Framework
11. Update the Social-Engineer Toolkit
12. Help, Credits, and About
13. Exit the Social-Engineer Toolkit

Enter your choice: 2

The Social-Engineer Toolkit "Web Attack" vector is a unique way of
utilizing multiple web-based attacks in order to compromise the
intended victim.

Enter what type of attack you would like to utilize.

The Java Applet attack will spoof a Java Certificate and
deliver a metasploit based payload. Uses a customized
java applet created by Thomas Werth to deliver
the payload.

The Metasploit browser exploit method will utilize select
Metasploit browser exploits through an iframe and deliver
a Metasploit payload.

The Credential Harvester Method will utilize web cloning
of a website that has a username and password field and
harvest all the information posted to the website.

The TabNabbing Method will wait for a user to move to a
different tab, then refresh the page to something different.

The Man Left in the Middle Attack Method was introduced by
Kos and utilizes HTTP REFERER's in order to intercept fields
and harvest data from them. You need to have an already vulnerable
site and incorporate <script src="http://YOURIP/">. This could either
be from a compromised site or through XSS.

The web jacking attack method was introduced by white_sheep, Emgent
and the Back|Track team. This method utilizes iframe replacements to
make the highlighted URL link to appear legitimate however when clicked
a window pops up then is replaced with the malicious link. You can edit
the link replacement settings in the set_config if its too slow/fast.

The multi-attack will add a combination of attacks through the web attack
menu. For example you can utilize the Java Applet, Metasploit Browser,
Credential Harvester/Tabnabbing, and the Man Left in the Middle attack
all at once to see which is successful.

1. The Java Applet Attack Method
2. The Metasploit Browser Exploit Method
3. Credential Harvester Attack Method
4. Tabnabbing Attack Method
5. Man Left in the Middle Attack Method
6. Web Jacking Attack Method
7. Multi-Attack Web Method
8. Create or import a CodeSigning Certificate
9. Return to the previous menu

Enter your choice (press enter for default): 1


The first method will allow SET to import a list of pre-defined
web applications that it can utilize within the attack.

The second method will completely clone a website of your choosing
and allow you to utilize the attack vectors within the completely
same web application you were attempting to clone.

The third method allows you to import your own website, note that you
should only have an index.html when using the import website
functionality.

[!] Website Attack Vectors [!]

1. Web Templates
2. Site Cloner
3. Custom Import
4. Return to main menu

Enter number (1-4): 1


Select a template to utilize within the web clone attack

1. Java Required
2. Gmail
3. Google
4. Facebook
5. Twitter

Enter the one to use: 3

UPX packer not found in the pathname specified in config. Disabling UPX packing for executable! I noticed UPX wasn't installed at /pentest/database/sqlmap/lib/contrib/upx/linux/upx so I installed it to usr/bin/upx and updated the config but it still says [!] UPX was not detected. Try configuring the set_config again.

What payload do you want to generate:

Name: Description:

1. Windows Shell Reverse_TCP Spawn a command shell on victim and send back to attacker.
2. Windows Reverse_TCP Meterpreter Spawn a meterpreter shell on victim and send back to attacker.
3. Windows Reverse_TCP VNC DLL Spawn a VNC server on victim and send back to attacker.
4. Windows Bind Shell Execute payload and create an accepting port on remote system.
5. Windows Bind Shell X64 Windows x64 Command Shell, Bind TCP Inline
6. Windows Shell Reverse_TCP X64 Windows X64 Command Shell, Reverse TCP Inline
7. Windows Meterpreter Reverse_TCP X64 Connect back to the attacker (Windows x64), Meterpreter
8. Windows Meterpreter Egress Buster Spawn a meterpreter shell and find a port home via multiple ports
9. Windows Meterpreter Reverse HTTPS Tunnel communication over HTTP using SSL and use Meterpreter
10. Windows Meterpreter Reverse DNS Use a hostname instead of an IP address and spawn Meterpreter
11. SET Custom Written Interactive Shell This is the new custom interactive reverse shell designed for SET
12. RATTE HTTP Tunneling Payload This is a security bypass payload that will tunnel all comms over HTTP
13. Import your own executable Specify a path for your own executable

Enter choice (hit enter for default): 2

Below is a list of encodings to try and bypass AV.

Select one of the below, 'backdoored executable' is typically the best.

1. avoid_utf8_tolower (Normal)
2. shikata_ga_nai (Very Good)
3. alpha_mixed (Normal)
4. alpha_upper (Normal)
5. call4_dword_xor (Normal)
6. countdown (Normal)
7. fnstenv_mov (Normal)
8. jmp_call_additive (Normal)
9. nonalpha (Normal)
10. nonupper (Normal)
11. unicode_mixed (Normal)
12. unicode_upper (Normal)
13. alpha2 (Normal)
14. No Encoding (None)
15. Multi-Encoder (Excellent)
16. Backdoored Executable (BEST)

Enter your choice (enter for default): 16
[-] Enter the PORT of the listener (enter for default): 4444

[-] Backdooring a legit executable to bypass Anti-Virus. Wait a few seconds...
[-] Backdoor completed successfully. Payload is now hidden within a legit executable.
UPX Encoding is set to ON, attempting to pack the executable with UPX encoding.
[!] UPX was not detected. Try configuring the set_config again.
Digital Signature Stealing is ON, hijacking a legit digital certificate.



Something went wrong, printing the error: unpack requires a string argument of length 8


Does anyone know how to fix it?

Thanks

ColForbin
05-18-2011, 05:33 PM
I did a #grep -R UPX /pentest/exploits/set/

In the results, there's a line in set_config that reads:
UPX_PATH=/pentest/database/sqlmap/lib/contrib/upx/linux/upx

tried to cd to that directory, but it is not there.

Then I did an apt-get install sqlmap. It's installed in /pentest/web/scanners/sqlmap

Try adjusting the that directive and see if that helps at all.

ColForbin
05-18-2011, 05:48 PM
Sorry for the self-reply. I tried this out myself, and still getting the, "Something went wrong, printing the error: unpack requires a string argument of length 8".

adjusting the path to upx does seem to help the alleviate the first error, "UPX packer not found in the pathname"

Also, just noticed your note within your initial post.

Not sure how to fix this. I'm off to google-town.

thorin
05-18-2011, 06:35 PM
So if you do "echo $PATH" then either "which upx" or "locate upx" is upx in $PATH?

Disregard, :( /me didn't read closely enough.

ralphx
05-18-2011, 08:40 PM
mm i had the same problem but only in backtrack5-64Bits Edition

i fix the path but i had the same issue..

Enter your choice (enter for default): 16
[-] Enter the PORT of the listener (enter for default):

[-] Backdooring a legit executable to bypass Anti-Virus. Wait a few seconds...
[-] Backdoor completed successfully. Payload is now hidden within a legit executable.
UPX Encoding is set to ON, attempting to pack the executable with UPX encoding.
Packing the executable with UPX, one moment.
Digital Signature Stealing is ON, hijacking a legit digital certificate.


Something went wrong, printing the error: unpack requires a string argument of length 8

ColForbin
05-18-2011, 09:26 PM
I think this has something to do with the DIGITAL_SIGNATURE_STEAL=ON directive, in set_config.

The reason I think this, is because, the point when SET reaches this:

Digital Signature Stealing is ON, hijacking a legit digital certificate.

This is when SET throws the "unpack requires a string argument of length 8".

Going in, and changing the DIGITAL_SIGNATURE_STEAL to OFF, and the attack plays out.

I did a dpkg --get-selections | grep pefile, and python-pefile is is installed.

That's about all I can figure out, at this point. Hope that helps.

ralphx
05-18-2011, 10:47 PM
yeah indeed works thanks:)

patriotzhou
05-19-2011, 02:41 AM
in addition to digital signature stealing, you can do additional packing by using UPX. This is installed by default on Back|Track linux, if this is set to ON and it does not find it, it will still continue but disable the UPX packing.

http://www.offensive-security.com/metasploit-unleashed/SET_Getting_Started

ColForbin
05-19-2011, 02:02 PM
The errors described within the initial post seem to be taken care of when two directives in set_config read as follows:


DIGITAL_SIGNATURE_STEAL=OFF

UPX_PATH=/pentest/web/scanners/sqlmap/lib/contrib/upx/linux/upx

corrupt
05-19-2011, 04:02 PM
Having the same issue. I changed UPX_PATH in /pentest/exploits/set/config/set_config

to

UPX_PATH=/pentest/web/scanners/sqlmap/lib/contrib/upx/linux/upx

and I still get the following error in SET:

UPX packer not found in the pathname specified in config. Disabling UPX packing for executable!

/pentest/web/scanners/sqlmap/lib/contrib/upx/linux/upx appears to be the correct path - so I'm stumped.

Running BT5_GNOME-VM-32 image.

Also - I can verify that setting DIGITAL_SIGNATURE_STEAL to OFF fixes the UPX issue... definitely something odd going on with config has both set.

ColForbin
05-21-2011, 11:42 PM
Having the same issue. I changed UPX_PATH in /pentest/exploits/set/config/set_config

to

UPX_PATH=/pentest/web/scanners/sqlmap/lib/contrib/upx/linux/upx

and I still get the following error in SET:

UPX packer not found in the pathname specified in config. Disabling UPX packing for executable!

/pentest/web/scanners/sqlmap/lib/contrib/upx/linux/upx appears to be the correct path - so I'm stumped.

Running BT5_GNOME-VM-32 image.

Also - I can verify that setting DIGITAL_SIGNATURE_STEAL to OFF fixes the UPX issue... definitely something odd going on with config has both set.

I don't think the DIGITAL_SIGNATURE_STEAL is an issue per se. If you read the release notes (http://www.secmaniac.com/may-2011/the-social-engineer-toolkit-set-v1-4-yay-derbycon-edition-has-been-released/) for s.e.t. 1.4, you can see what is being done there.

The thing about set_config is that is allows you to change variables within an attack vector, based on the results you're trying to achieve.

relik
05-23-2011, 02:24 AM
Hey guys, the problem was how the checksums were being created on x64 based platforms. It worked fine on 32 bit. I also fixed the relative path to UPX, all should be working fine now. I had to redo how the checksum calculations were being done for the peheaders for the digital signature stealing. It uses disitools by Didier, so it required a bit of modification (and actually downgrading to 0.1) which isn't a big deal. Everything is working like a champ now, shouldn't be getting any of those errors. Sorry about that. -ReL

DaKahuna
05-23-2011, 12:37 PM
Confirmed as working.

Just ran the same scenario as in the original post after updating SET and no error at all. I am running KDE 64-bit in a VM.