Make Meterpreter Session Address Resolution Sane

If MSF can not match the visible IP address of a Meterpreter session
to an interface--it will attempt to find an IP address associated
with a default route and use it as the session's address.

This commit fixes the logic associated with this process. The old
logic only considers one IP address per Interface, even though an
Interface may have multiple addresses/masks associated with it.

This flaw led to situations where MSF would favor an IPv6 link-local
address over the IPv4 address associated with the default route,
solely because the IPv4 address was not the first value in the
addresses array.

[FixRM #7259]

lib/msf/base/sessions/meterpreter.rb

@@ -320,12 +320,17 @@ class Meterpreter < Rex::Post::Meterpreter::Client
           default_routes = routes.select{ |r| r.subnet == "0.0.0.0" || r.subnet == "::" }
           default_routes.each do |r|
             ifaces.each do |i|
-              bits = Rex::Socket.net2bitmask( i.netmask ) rescue 32
+              # Look at each addr/netmask and see if it matches our gateway
-              rang = Rex::Socket::RangeWalker.new( "#{i.ip}/#{bits}" ) rescue nil
+              i.addrs.zip(i.netmasks).each do |a|
-              if rang and rang.include?( r.gateway )
+                 bits = Rex::Socket.net2bitmask( a[1] )
-                nhost = i.ip
+                 rang = Rex::Socket::RangeWalker.new( "#{a[0]}/#{bits}" ) rescue nil
-                break
+                 if rang and rang.include?( r.gateway )
+                   nhost = a[0]
+                   break
+                 end
+                 break if nhost
               end
+              break if nhost
             end
             break if nhost
           end