Metasploit 3.5.2 Windows VB-XCACLS Error

Posted by Adam on August 1, 2012

I was installing the Windows Metasploit on a Windows XP desktop host today and I encountered an error message. After resolving the error I thought I’d post about it here to inform people of why it occurs and how it fix it.

Problem running post-install step. Installation may not complete correctly
Error running cscript “C:metasploittoolsXCALCS.vbs” “C:metasploit” / G “(Username):f” /G SID#S-1-5-18:f /I REMOVE /T: Program ended with an error exit code

If you get that message and you’re using XP you’re dating yourself. In Windows versions prior to Windows Vista you’ll need the the VB tools located at: Download details: Extended Change Access Control List Tool (Xcacls)

The r00tsec blog describes this as being caused by the fact that in prior Metasploit utilizes the ability to run without requiring special permissions from the user and, in XP, this feature requires the right tool (the Xcacls expansion from MS).

It is my understanding that the tool above allows Metasploit to run with the right privileges without requiring any additional access/permission(s) on the part of the user.

Prior to Vista there was no special group of users (“Authenticated Users” group), so Xcacls.vbs is needed to facilitate this operation in earlier operating systems.

To fix the error(s)

All I did was uninstall Metasploit (may or may not be required), install the VB tool, and reinstall.

When asked where XCacls.vbs should install, you can install to your framework directory. Then from a DOS prompt in the same directory as Xcacls.vbs:

Cscript.exe /h:cscript
Cscript.exe xcacls.vbs
xcacls.vbs (framework directory) /E /R SID#S-1-5-32-545 /T

Note – If your VBS scripts are opening in Notepad, the correct Visual Basic scripts association has been broken (yeah, and you just wanted to open all scripts in your cool new text editing program, right?). You can correct this by altering the appropriate registry string or simply by downloading a .reg fix which will reset it for you.*

A similar problem can also occur in Vista but to read more about it please follow the r00tsec link below.

Keep in mind that Metasploit works best in Linux as there are many bugs that need ironing out in the Windows release.

Source: Computer Security Blog | Learning The Offensive Security: Metasploit Framework 3.5.2 Released!

Source2: http://blog.metasploit.com/2011/02/metasploit-framework-352-released.html

* VBS Association Fix (XP):
http://www.dougknox.com/xp/fileassoc/xp_vbs_file_association.zip

#coding, #security, #windowsmetasploit, windows host

← Computer Security Resources

Public Wi-Fi? Be Mindful of Session Hijacking →

fork()

Forensics and Information Security