Accept multiple addresses and netmasks

[See #6476]
2012-03-13 02:08:34 -06:00 · 2012-03-13 02:08:34 -06:00 · 1d99330795
parent 58bc9346f4
commit 1d99330795
4 changed files with 28 additions and 15 deletions
--- a/lib/msf/base/sessions/meterpreter.rb
+++ b/lib/msf/base/sessions/meterpreter.rb
@ -312,18 +312,18 @@ class Meterpreter < Rex::Post::Meterpreter::Client

 				# Try to match our visible IP to a real interface
 				# TODO: Deal with IPv6 addresses
-				found    = ifaces.find {|i| i.ip == shost }
+				found    = !!(ifaces.find {|i| i.addrs.find {|a| p a; a == shost } })
 				nhost    = nil
 				hobj     = nil

 				if Rex::Socket.is_ipv4?(shost) and not found

 					# Try to find an interface with a default route
-					default_routes = routes.select{ |r| r.subnet == "0.0.0.0" }
+					default_routes = routes.select{ |r| r.subnet == "0.0.0.0" || r.subnet == "::" }
 					default_routes.each do |r|
 						ifaces.each do |i|
-							cidr = Rex::Socket.net2bitmask( i.netmask ) rescue "/32"
-							rang = Rex::Socket::RangeWalker.new( "#{i.ip}/#{cidr}" ) rescue nil
+							bits = Rex::Socket.net2bitmask( i.netmask ) rescue 32
+							rang = Rex::Socket::RangeWalker.new( "#{i.ip}/#{bits}" ) rescue nil
 							if rang and rang.include?( r.gateway )
 								nhost = i.ip
 								break
--- a/lib/rex/post/meterpreter/extensions/stdapi/net/config.rb
+++ b/lib/rex/post/meterpreter/extensions/stdapi/net/config.rb
@ -59,8 +59,16 @@ class Config

 		response.each(TLV_TYPE_NETWORK_INTERFACE) { |iface|
 			addrs = []
+			netmasks = []
 			while (a = iface.get_tlv_value(TLV_TYPE_IP, addrs.length))
+				# Netmasks aren't tightly associated with addresses, they're
+				# just thrown all together in the interface TLV ordered to
+				# match up. This could be done better by creating another
+				# GroupTlv type for addresses containing an address, a netmask,
+				# and possibly a scope.
+				n = iface.get_tlv_value(TLV_TYPE_NETMASK, addrs.length)
 				addrs << Rex::Socket.addr_ntoa(a)
+				netmasks << Rex::Socket.addr_ntoa(n) if n
 			end
 			ifaces << Interface.new(
 					:index    => iface.get_tlv_value(TLV_TYPE_INTERFACE_INDEX),
@ -68,7 +76,8 @@ class Config
 					:mac_name => iface.get_tlv_value(TLV_TYPE_MAC_NAME),
 					:mtu      => iface.get_tlv_value(TLV_TYPE_INTERFACE_MTU),
 					:flags    => iface.get_tlv_value(TLV_TYPE_INTERFACE_FLAGS),
-					:addrs    => addrs
+					:addrs    => addrs,
+					:netmasks => netmasks
 				)
 		}

--- a/lib/rex/post/meterpreter/extensions/stdapi/net/interface.rb
+++ b/lib/rex/post/meterpreter/extensions/stdapi/net/interface.rb
@ -34,6 +34,7 @@ class Interface
 		self.mtu      = opts[:mtu]
 		self.flags    = opts[:flags]
 		self.addrs    = opts[:addrs]
+		self.netmasks = opts[:netmasks]
 	end

 	#
@ -53,11 +54,18 @@ class Interface
 			["Flags"        , flags     ],
 		]

-		addrs.select { |a| Rex::Socket.is_ipv4?(a) }.each { |a|
-			info << [ "IPv4 Address", a ]
+		# If all went as planned, addrs and netmasks will have the same number
+		# of elements and be properly ordered such that they match up
+		# correctly.
+		addr_masks = addrs.zip(netmasks)
+
+		addr_masks.select { |a| Rex::Socket.is_ipv4?(a[0]) }.each { |a|
+			info << [ "IPv4 Address", a[0] ]
+			info << [ "IPv4 Netmask", a[1] ]
 		}
-		addrs.select { |a| Rex::Socket.is_ipv6?(a) }.each { |a|
-			info << [ "IPv6 Address", a ]
+		addr_masks.select { |a| Rex::Socket.is_ipv6?(a[0]) }.each { |a|
+			info << [ "IPv6 Address", a[0] ]
+			info << [ "IPv6 Netmask", a[1] ]
 		}

 		pad = info.map{|i| i[0] }.max_by{|k|k.length}.length
@ -111,6 +119,7 @@ class Interface
 	# The flags associated with the interface.
 	#
 	attr_accessor :flags
+	attr_accessor :netmasks
 end

 end; end; end; end; end; end
--- a/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb
+++ b/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb
@ -51,17 +51,12 @@ TLV_TYPE_SUBNET             = TLV_META_TYPE_RAW     | 1420
 TLV_TYPE_NETMASK            = TLV_META_TYPE_RAW     | 1421
 TLV_TYPE_GATEWAY            = TLV_META_TYPE_RAW     | 1422
 TLV_TYPE_NETWORK_ROUTE      = TLV_META_TYPE_GROUP   | 1423
-TLV_TYPE_SUBNET6            = TLV_META_TYPE_RAW     | 1424
-TLV_TYPE_NETMASK6           = TLV_META_TYPE_RAW     | 1425
-TLV_TYPE_GATEWAY6           = TLV_META_TYPE_RAW     | 1426
-TLV_TYPE_NETWORK_ROUTE6     = TLV_META_TYPE_GROUP   | 1427
-

 TLV_TYPE_IP                 = TLV_META_TYPE_RAW     | 1430
 TLV_TYPE_MAC_ADDRESS        = TLV_META_TYPE_RAW     | 1431
 TLV_TYPE_MAC_NAME           = TLV_META_TYPE_STRING  | 1432
 TLV_TYPE_NETWORK_INTERFACE  = TLV_META_TYPE_GROUP   | 1433
-TLV_TYPE_IP6                = TLV_META_TYPE_RAW     | 1434
+TLV_TYPE_IP6_SCOPE          = TLV_META_TYPE_RAW     | 1434

 TLV_TYPE_SUBNET_STRING      = TLV_META_TYPE_STRING  | 1440
 TLV_TYPE_NETMASK_STRING     = TLV_META_TYPE_STRING  | 1441