I was using metasploit atutorsqli exploit when I came across an error. This has been bugging me and bugging me and I can't seem to figure this out anybody got a clue.
Here is the bug
Dumping the username and password hash...
Got the 's hash: !
Exploit failed: TypeError no implicit conversion of nil into String
* Exploit completed, but no session was created.
msf exploit(atutorsqli) >
21 Responses
Can you provide a screenshot of what you did before this error appears?
sure sorry about the delay was at work.
The reason its so short is when I was looking for more payloads it took up my whole screen so I cleared the screen all except the exploit and payload. It still had the hose I'm using and ports just didn't have them shown
Please leave the site alone after the screenshots
what do you mean please leave the site alone? and can i see all the options for the exploit?
Sorry my anxiety kicked in when you hadn't responded I'll send one when I get home from work
Sorry about the wait.
The error appears to be local(ruby), but just to make sure, are you certain the target is vulnerable?
As far as I know it is armitage recommended that vunerability and how do I fix a local ruby problem
Yea, armitage isn't always correct, i do not know if the exploit can be checked, but did you try and check it before executing? and i apologise, but i am not very experienced in ruby. If you haven't checked in armitage first, i would recommend doing it, it may reveal that the target isn't vulnerable and that is why it isn't working.
When I did it in armitage first it gave me.the same error never told me if it wasn't vunerable. So I don't know
If you hover over the exploit menu, you should be able to click the check button if you are in armitage, if not, then simply type check when you have filled out all of the options and it will return with: target is not vulnerable, target is vulnerable, or module does not support check. If a target isn't vulnerable and you run an exploit on it, it won't tell you it isn't vulnerable, it will merely alert you that the exploit hasn't worked. How much experience do you have with metasploit?
Very minimum right now still learning I'm good with sql injections and scanning but trying to learn because I'm wanting to go to school for network security
Right, well i would advise avoiding armitage until you know how to use metasploit on its own and subsequent tools to help with it. Armitage is useful if you know what you're doing and you want to be quick, but i would avoid it at the start as you risk becoming a bit of a script kiddie. Try checking the exploit and i am quite certain that the exploit will return that the target isn't vulnerable.
I know how to use metasploit fir searching exploits just I've never been successful I work in code lol most of the time I'm over in metasploit lol just I found armitage and gave it a go and it recommended that but yea I've searched
for vunerbilities and set them up on my own with out armitage just it makes it useful when your struggling
yea, i understand. Did the check function yield any results?
Sorry long day at work I went and took a nap. I couldn't find it before I took a nap.
Also I think it's a gem problem because it does it for more than one site that I'm testing
I'm updating the gems I'll keep you posted if this breaks through cause it might be a gem problem cause it's just says null nothing else
I have checked the exploit against the server myself, and the target you have specified isn't vulnerable, and that is probably why it isn't working. Oh, and you do have permission to try and penetrate the site don't you?
Ok thank you for the heads up. Also I do their offering bounty and I'm just testing to see what all they are vulnerable to thank you for the heads up though.
np, happy to help
Share Your Thoughts