Make Meterpreter Session Address Resolution Sane
If MSF can not match the visible IP address of a Meterpreter session to an interface--it will attempt to find an IP address associated with a default route and use it as the session's address. This commit fixes the logic associated with this process. The old logic only considers one IP address per Interface, even though an Interface may have multiple addresses/masks associated with it. This flaw led to situations where MSF would favor an IPv6 link-local address over the IPv4 address associated with the default route, solely because the IPv4 address was not the first value in the addresses array. [FixRM #7259]bug/bundler_fix
parent
7cc3c47349
commit
ac151794f3
|
@ -320,12 +320,17 @@ class Meterpreter < Rex::Post::Meterpreter::Client
|
||||||
default_routes = routes.select{ |r| r.subnet == "0.0.0.0" || r.subnet == "::" }
|
default_routes = routes.select{ |r| r.subnet == "0.0.0.0" || r.subnet == "::" }
|
||||||
default_routes.each do |r|
|
default_routes.each do |r|
|
||||||
ifaces.each do |i|
|
ifaces.each do |i|
|
||||||
bits = Rex::Socket.net2bitmask( i.netmask ) rescue 32
|
# Look at each addr/netmask and see if it matches our gateway
|
||||||
rang = Rex::Socket::RangeWalker.new( "#{i.ip}/#{bits}" ) rescue nil
|
i.addrs.zip(i.netmasks).each do |a|
|
||||||
|
bits = Rex::Socket.net2bitmask( a[1] )
|
||||||
|
rang = Rex::Socket::RangeWalker.new( "#{a[0]}/#{bits}" ) rescue nil
|
||||||
if rang and rang.include?( r.gateway )
|
if rang and rang.include?( r.gateway )
|
||||||
nhost = i.ip
|
nhost = a[0]
|
||||||
break
|
break
|
||||||
end
|
end
|
||||||
|
break if nhost
|
||||||
|
end
|
||||||
|
break if nhost
|
||||||
end
|
end
|
||||||
break if nhost
|
break if nhost
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in New Issue