Last updated at Fri, 12 Jan 2024 19:42:52 GMT
Overview
The Update (2014122301) which was released on December, 23th 2014, failed to include necessary files for the application to update to version 4.11.0 for the first time.
Issue
The application will not start, therefore browser will provide generic "The page can't be displayed" message when trying to load the web UI.
Additionally, various log messages may appear in respective log files.
Windows: C:\metasploit\apps\pro\engine\prosvc.log
Linux: /opt/metasploit/apps/pro/engine/prosvc_stderr.log
/opt/metasploit/apps/pro/ui/lib/metasploit/pro/ui/common_configuration.rb:2:in `<top (required)>': uninitialized constant Metasploit::Pro::UI (NameError)
from /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/polyglot-0.3.5/lib/polyg lot.rb:65:in `require'
from /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/polyglot-0.3.5/lib/polyg lot.rb:65:in `require'
from /opt/metasploit/apps/pro/ui/lib/metasploit/pro/ui/engine.rb:1:in `<top (required)>'
from /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/polyglot-0.3.5/lib/polyg lot.rb:65:in `require'
from /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/polyglot-0.3.5/lib/polyg lot.rb:65:in `require'
from /opt/metasploit/apps/pro/engine/config/application.rb:22:in `<top (required)>'
from /opt/metasploit/apps/pro/engine/lib/metasploit/pro/engine/command/base.rb:44:in `require'
from /opt/metasploit/apps/pro/engine/lib/metasploit/pro/engine/command/base.rb:44:in `require_environment!'
from /opt/metasploit/apps/pro/engine/lib/metasploit/pro/engine/command/base.rb:65:in `start'
from prosvc.rb:17:in `<main>’
Windows: C:\metasploit\apps\pro\ui\thin.log
Linux: /opt/metasploit/apps/pro/ui/log/thin.log
/opt/metasploit/apps/pro/ui/lib/metasploit/pro/ui/common_configuration.rb:2:in `<top (required)>': uninitialized constant Metasploit::Pro::UI (NameError)
from /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/polyglot-0.3.5/lib/polyg lot.rb:65:in `require'
from /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/polyglot-0.3.5/lib/polyg lot.rb:65:in `require'
from /opt/metasploit/apps/pro/ui/config/application.rb:23:in `<top (required)>'
from /opt/metasploit/apps/pro/ui/config/environment.rb:2:in `require'
from /opt/metasploit/apps/pro/ui/config/environment.rb:2:in `<top (required)>'
from /opt/metasploit/apps/pro/ui/config.ru:3:in `require'
from /opt/metasploit/apps/pro/ui/config.ru:3:in `block in <main>'
from /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/rack-1.4.5/lib/rack/buil der.rb:51:in `instance_eval'
from /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/rack-1.4.5/lib/rack/buil der.rb:51:in `initialize'
from /opt/metasploit/apps/pro/ui/config.ru:1:in `new'
from /opt/metasploit/apps/pro/ui/config.ru:1:in `<main>'
from /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/thin-1.5.1/lib/rack/adap ter/loader.rb:33:in `eval'
from /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/thin-1.5.1/lib/rack/adap ter/loader.rb:33:in `load'
from /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/thin-1.5.1/lib/rack/adap ter/loader.rb:42:in `for'
from /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/thin-1.5.1/lib/thin/cont rollers/controller.rb:169:in `load_adapter'
from /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/thin-1.5.1/lib/thin/cont rollers/controller.rb:73:in `start'
from /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/thin-1.5.1/lib/thin/runn er.rb:187:in `run_command'
from /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/thin-1.5.1/lib/thin/runn er.rb:152:in `run!'
from /opt/metasploit/apps/pro/vendor/bundle/ruby/1.9.1/gems/thin-1.5.1/bin/thin:6:in `<top (required)>'
from /opt/metasploit/apps/pro/ui/scripts/ctl.rb:33:in `load'
from /opt/metasploit/apps/pro/ui/scripts/ctl.rb:33:in `start_thin'
from /opt/metasploit/apps/pro/ui/scripts/ctl.rb:47:in `<main>'
Affected Editions
Metasploit Pro, Express and Community.
Scope
The issue is only applicable if the application updated to version 4.11.0 between December, 23rd 2014 and January, 7th 2015. If the application updated to version 4.11.0 before or after these dates, and is currently running 4.11.0, it should not be affected by this issue.
Solution
On Linux:
1. Launch a Linux terminal via SSH or console
2. Stop Metasploit:
/etc/init.d/metasploit stop
3. Change to your Metasploit installation directory, e.g.:
cd /opt/metasploit
4. Create a hotfix directory:
mkdir -p apps/pro/install/hotfix
5. Change to the hotfix directory:
cd apps/pro/install/hotfix
6. Download the hotfix from Rapid7:
wget http://updates.metasploit.com/data/metasploit-4.10.2-hotfix.7z
7. Extract the hotfix (substitute your installation directory as necessary):
/opt/metasploit/common/bin/7za x metasploit-4.10.2-hotfix.7z
8. Install the hotfix (substitute your installation directory as necessary):
/opt/metasploit/ruby/bin/ruby install.rb
On Windows:
1. Stop Metasploit:
Start Menu -> Metasploit -> Services -> Stop
2. Open a Windows command prompt/shell as an administrator:
Start Menu -> type cmd.exe -> right click cmd.exe -> click Run as administrator
3. Change to your Metasploit installation directory, e.g.:
cd C:\metasploit
4. Create a hotfix directory:
mkdir apps\pro\install\hotfix
5. Change to the hotfix directory:
cd apps\pro\install\hotfix
6. Download the hotfix via your web browser:
http://updates.metasploit.com/data/metasploit-4.10.2-hotfix.7z
Save or move the hotfix to C:\metasploit\apps\pro\install\hotfix (substitute your installation directory as necessary)
7. Extract the hotfix (substitute your installation directory as necessary):
C:\metasploit\ruby\bin\7za.exe x metasploit-4.10.2-hotfix.7z
8. Install the hotfix (substitute your installation directory as necessary):
C:\metasploit\ruby\bin\update-windows.bat
The hotfix will take a few minutes to run and provide no output. You may see some warnings that you may safely ignore.
After it completes, Metasploit will be automatically started. Please wait 5 minutes and then access Metasploit in your browser:
Once logged in, you will need to update Metasploit to the latest version as you normally would. Download Metasploit Framework here or Metasploit Pro here.
