Land #8336, Specify LHOST by interface name

bug/bundler_fix
William Webb 2017-05-05 18:05:20 -05:00
commit c297e1679c
No known key found for this signature in database
GPG Key ID: 341763D0308DA650
21 changed files with 103 additions and 19 deletions

View File

@ -45,7 +45,7 @@ module ReverseHttp
register_options( register_options(
[ [
OptString.new('LHOST', [true, 'The local listener hostname']), OptAddressLocal.new('LHOST', [true, 'The local listener hostname']),
OptPort.new('LPORT', [true, 'The local listener port', 8080]), OptPort.new('LPORT', [true, 'The local listener port', 8080]),
OptString.new('LURI', [false, 'The HTTP Path', '']) OptString.new('LURI', [false, 'The HTTP Path', ''])
], Msf::Handler::ReverseHttp) ], Msf::Handler::ReverseHttp)

View File

@ -38,7 +38,7 @@ module ReverseHttpsProxy
register_options( register_options(
[ [
OptString.new('LHOST', [ true, "The local listener hostname" ,"127.0.0.1"]), OptAddressLocal.new('LHOST', [ true, "The local listener hostname" ,"127.0.0.1"]),
OptPort.new('LPORT', [ true, "The local listener port", 8443 ]), OptPort.new('LPORT', [ true, "The local listener port", 8443 ]),
OptString.new('PayloadProxyHost', [true, "The proxy server's IP address", "127.0.0.1"]), OptString.new('PayloadProxyHost', [true, "The proxy server's IP address", "127.0.0.1"]),
OptPort.new('PayloadProxyPort', [true, "The proxy port to connect to", 8080 ]), OptPort.new('PayloadProxyPort', [true, "The proxy port to connect to", 8080 ]),

View File

@ -28,7 +28,7 @@ module Msf
# @return [OptAddress] # @return [OptAddress]
def self.LHOST(default=nil, required=true, desc="The listen address") def self.LHOST(default=nil, required=true, desc="The listen address")
Msf::OptAddress.new(__method__.to_s, [ required, desc, default ]) Msf::OptAddressLocal.new(__method__.to_s, [ required, desc, default ])
end end
# @return [OptPort] # @return [OptPort]

View File

@ -0,0 +1,41 @@
# -*- coding: binary -*-
require 'network_interface'
module Msf
###
#
# Network address option.
#
###
class OptAddressLocal < OptAddress
def normalize(value)
return nil unless value.kind_of?(String)
if NetworkInterface.interfaces.include?(value)
ip_address = NetworkInterface.addresses(value).values.flatten.collect{|x| x['addr']}.select do |addr|
begin
IPAddr.new(addr).ipv4?
rescue IPAddr::InvalidAddressError => e
false
end
end
return false if ip_address.blank?
return ip_address.first
end
return value
end
def valid?(value, check_empty: true)
return false if check_empty && empty_required_value?(value)
return false unless value.kind_of?(String) or value.kind_of?(NilClass)
return true if NetworkInterface.interfaces.include?(value)
return super
end
end
end

View File

@ -7,6 +7,7 @@ module Msf
autoload :OptBase, 'msf/core/opt_base' autoload :OptBase, 'msf/core/opt_base'
autoload :OptAddress, 'msf/core/opt_address' autoload :OptAddress, 'msf/core/opt_address'
autoload :OptAddressLocal, 'msf/core/opt_address_local'
autoload :OptAddressRange, 'msf/core/opt_address_range' autoload :OptAddressRange, 'msf/core/opt_address_range'
autoload :OptBool, 'msf/core/opt_bool' autoload :OptBool, 'msf/core/opt_bool'
autoload :OptEnum, 'msf/core/opt_enum' autoload :OptEnum, 'msf/core/opt_enum'

View File

@ -39,7 +39,7 @@ class MetasploitModule < Msf::Auxiliary
register_options( register_options(
[ [
Opt::RPORT(10000), Opt::RPORT(10000),
OptAddress.new('LHOST', OptAddressLocal.new('LHOST',
[ [
false, false,
"The local IP address to accept the data connection" "The local IP address to accept the data connection"

View File

@ -44,7 +44,7 @@ class MetasploitModule < Msf::Auxiliary
OptString.new( 'REMOTE_FILENAME', [false, "The remote filename"]), OptString.new( 'REMOTE_FILENAME', [false, "The remote filename"]),
OptAddress.new('RHOST', [true, "The remote TFTP server"]), OptAddress.new('RHOST', [true, "The remote TFTP server"]),
OptPort.new( 'LPORT', [false, "The local port the TFTP client should listen on (default is random)" ]), OptPort.new( 'LPORT', [false, "The local port the TFTP client should listen on (default is random)" ]),
OptAddress.new('LHOST', [false, "The local address the TFTP client should bind to"]), OptAddressLocal.new('LHOST', [false, "The local address the TFTP client should bind to"]),
OptString.new( 'MODE', [false, "The TFTP mode; usual choices are netascii and octet.", "octet"]), OptString.new( 'MODE', [false, "The TFTP mode; usual choices are netascii and octet.", "octet"]),
Opt::RPORT(69) Opt::RPORT(69)
]) ])

View File

@ -45,7 +45,7 @@ class MetasploitModule < Msf::Auxiliary
register_options( register_options(
[ [
OptAddress.new('LHOST',[true, 'Server IP or hostname that the .docx document points to.']), OptAddressLocal.new('LHOST',[true, 'Server IP or hostname that the .docx document points to.']),
OptPath.new('SOURCE', [false, 'Full path and filename of .docx file to use as source. If empty, creates new document.']), OptPath.new('SOURCE', [false, 'Full path and filename of .docx file to use as source. If empty, creates new document.']),
OptString.new('FILENAME', [true, 'Document output filename.', 'msf.docx']), OptString.new('FILENAME', [true, 'Document output filename.', 'msf.docx']),
OptString.new('DOCAUTHOR',[false,'Document author for empty document.']), OptString.new('DOCAUTHOR',[false,'Document author for empty document.']),

View File

@ -34,9 +34,8 @@ class MetasploitModule < Msf::Auxiliary
register_options( register_options(
[ [
OptAddress.new('LHOST', [true, "The spoofed address of a vulnerable ntpd server" ]) OptAddressLocal.new('LHOST', [true, "The spoofed address of a vulnerable ntpd server" ])
]) ])
deregister_options('FILTER','PCAPFILE') deregister_options('FILTER','PCAPFILE')
end end

View File

@ -45,7 +45,7 @@ class MetasploitModule < Msf::Auxiliary
register_options( register_options(
[ [
OptAddress.new('LHOST', [false, "The local IP address to bind to"]), OptAddressLocal.new('LHOST', [false, "The local IP address to bind to"]),
OptInt.new('RECV_TIMEOUT', [false, "Time (in seconds) to wait between packets", 3]), OptInt.new('RECV_TIMEOUT', [false, "Time (in seconds) to wait between packets", 3]),
Opt::RPORT(69) Opt::RPORT(69)
]) ])

View File

@ -34,7 +34,7 @@ class MetasploitModule < Msf::Auxiliary
Opt::RPORT(1604), Opt::RPORT(1604),
Opt::RHOST('0.0.0.0'), Opt::RHOST('0.0.0.0'),
OptString.new('LHOST', [true, 'This is our IP (as it appears to the DarkComet C2 server)', '0.0.0.0']), OptAddressLocal.new('LHOST', [true, 'This is our IP (as it appears to the DarkComet C2 server)', '0.0.0.0']),
OptString.new('KEY', [false, 'DarkComet RC4 key (include DC prefix with key eg. #KCMDDC51#-890password)', '']), OptString.new('KEY', [false, 'DarkComet RC4 key (include DC prefix with key eg. #KCMDDC51#-890password)', '']),
OptBool.new('NEWVERSION', [false, 'Set to true if DarkComet version >= 5.1, set to false if version < 5.1', true]), OptBool.new('NEWVERSION', [false, 'Set to true if DarkComet version >= 5.1, set to false if version < 5.1', true]),
OptString.new('TARGETFILE', [false, 'Target file to download (assumes password is set)', '']), OptString.new('TARGETFILE', [false, 'Target file to download (assumes password is set)', '']),

View File

@ -53,7 +53,7 @@ class MetasploitModule < Msf::Auxiliary
OptString.new('CLIENT', [true, 'SAP client', '001']), OptString.new('CLIENT', [true, 'SAP client', '001']),
OptString.new('HttpUsername', [false, 'Username (Ex SAP*)']), OptString.new('HttpUsername', [false, 'Username (Ex SAP*)']),
OptString.new('HttpPassword', [false, 'Password (Ex 06071992)']), OptString.new('HttpPassword', [false, 'Password (Ex 06071992)']),
OptAddress.new('LHOST', [true, 'Server IP or hostname of the SMB Capture system']), OptAddressLocal.new('LHOST', [true, 'Server IP or hostname of the SMB Capture system']),
OptEnum.new('ABUSE', [true, 'SMB Relay abuse to use', "MMR", OptEnum.new('ABUSE', [true, 'SMB Relay abuse to use', "MMR",
[ [
"MMR", "MMR",

View File

@ -30,7 +30,7 @@ class MetasploitModule < Msf::Auxiliary
register_options([ register_options([
OptEnum.new("SOURCE", [true, "Grab the startup (3) or running (4) configuration", "4", ["3","4"]]), OptEnum.new("SOURCE", [true, "Grab the startup (3) or running (4) configuration", "4", ["3","4"]]),
OptString.new('OUTPUTDIR', [ false, "The directory where we should save the configuration files (disabled by default)"]), OptString.new('OUTPUTDIR', [ false, "The directory where we should save the configuration files (disabled by default)"]),
OptAddress.new('LHOST', [ false, "The IP address of the system running this module" ]) OptAddressLocal.new('LHOST', [ false, "The IP address of the system running this module" ])
]) ])
end end

View File

@ -28,7 +28,7 @@ class MetasploitModule < Msf::Auxiliary
) )
register_options([ register_options([
OptPath.new('SOURCE', [true, "The filename to upload" ]), OptPath.new('SOURCE', [true, "The filename to upload" ]),
OptAddress.new('LHOST', [ false, "The IP address of the system running this module" ]) OptAddressLocal.new('LHOST', [ false, "The IP address of the system running this module" ])
]) ])
end end

View File

@ -60,7 +60,7 @@ class MetasploitModule < Msf::Auxiliary
'DefaultAction' => 'WebServer')) 'DefaultAction' => 'WebServer'))
register_options([ register_options([
OptAddress.new('LHOST', [true, OptAddressLocal.new('LHOST', [true,
'The IP address to use for reverse-connect payloads' 'The IP address to use for reverse-connect payloads'
]) ])
]) ])

View File

@ -66,7 +66,7 @@ class MetasploitModule < Msf::Exploit::Remote
[ [
OptString.new('HttpUsername', [ true, 'The username to authenticate as', 'admin' ]), OptString.new('HttpUsername', [ true, 'The username to authenticate as', 'admin' ]),
OptString.new('HttpPassword', [ true, 'The password for the specified username', 'admin' ]), OptString.new('HttpPassword', [ true, 'The password for the specified username', 'admin' ]),
OptAddress.new('LHOST', [ true, 'The listen IP address from where the victim downloads the MIPS payload' ]), OptAddressLocal.new('LHOST', [ true, 'The listen IP address from where the victim downloads the MIPS payload' ]),
OptString.new('DOWNFILE', [ false, 'Filename to download, (default: random)' ]), OptString.new('DOWNFILE', [ false, 'Filename to download, (default: random)' ]),
OptInt.new('DELAY', [true, 'Time that the HTTP Server will wait for the ELF payload request', 10]) OptInt.new('DELAY', [true, 'Time that the HTTP Server will wait for the ELF payload request', 10])
]) ])

View File

@ -51,7 +51,7 @@ class MetasploitModule < Msf::Exploit::Remote
Opt::RPORT(80), Opt::RPORT(80),
OptString.new('USERNAME', [true, 'Username for the web interface (using default credentials)', 'supervisor']), OptString.new('USERNAME', [true, 'Username for the web interface (using default credentials)', 'supervisor']),
OptString.new('PASSWORD', [true, 'Password for the web interface (using default credentials)', 'zyad1234']), OptString.new('PASSWORD', [true, 'Password for the web interface (using default credentials)', 'zyad1234']),
OptAddress.new('LHOST', [ true, 'The listen IP address from where the victim downloads the MIPS payload' ]), OptAddressLocal.new('LHOST', [ true, 'The listen IP address from where the victim downloads the MIPS payload' ]),
OptInt.new('DELAY', [true, "How long to wait for the device to download the payload", 30]), OptInt.new('DELAY', [true, "How long to wait for the device to download the payload", 30]),
]) ])
end end

View File

@ -26,7 +26,7 @@ class MetasploitModule < Msf::Post
)) ))
register_options( register_options(
[ [
OptAddress.new('LHOST', OptAddressLocal.new('LHOST',
[false, 'IP of host that will receive the connection from the payload (Will try to auto detect).', nil]), [false, 'IP of host that will receive the connection from the payload (Will try to auto detect).', nil]),
OptInt.new('LPORT', OptInt.new('LPORT',
[true, 'Port for payload to connect to.', 4433]), [true, 'Port for payload to connect to.', 4433]),

View File

@ -20,7 +20,7 @@ class MetasploitModule < Msf::Post
)) ))
register_options( register_options(
[ [
OptAddress.new('LHOST', OptAddressLocal.new('LHOST',
[true, 'IP of host that will receive the connection from the payload.']), [true, 'IP of host that will receive the connection from the payload.']),
OptInt.new('LPORT', OptInt.new('LPORT',
[false, 'Port for Payload to connect to.', 4433]), [false, 'Port for Payload to connect to.', 4433]),

View File

@ -28,7 +28,7 @@ class MetasploitModule < Msf::Post
register_options( register_options(
[ [
OptString.new('PAYLOAD', [false, 'Windows Payload to inject into memory of a process.', "windows/meterpreter/reverse_tcp"]), OptString.new('PAYLOAD', [false, 'Windows Payload to inject into memory of a process.', "windows/meterpreter/reverse_tcp"]),
OptAddress.new('LHOST', [true, 'IP of host that will receive the connection from the payload.']), OptAddressLocal.new('LHOST', [true, 'IP of host that will receive the connection from the payload.']),
OptInt.new('LPORT', [false, 'Port for Payload to connect to.', 4433]), OptInt.new('LPORT', [false, 'Port for Payload to connect to.', 4433]),
OptInt.new('PID', [false, 'Process Identifier to inject of process to inject payload.']), OptInt.new('PID', [false, 'Process Identifier to inject of process to inject payload.']),
OptBool.new('HANDLER', [ false, 'Start an exploit/multi/handler to receive the connection', false]), OptBool.new('HANDLER', [ false, 'Start an exploit/multi/handler to receive the connection', false]),

View File

@ -0,0 +1,43 @@
# -*- coding:binary -*-
require 'spec_helper'
require 'msf/core/option_container'
RSpec.describe Msf::OptAddressLocal do
iface = NetworkInterface.interfaces.collect do |iface|
ip_address = NetworkInterface.addresses(iface).values.flatten.collect{|x| x['addr']}.select do |addr|
begin
IPAddr.new(addr).ipv4? && !addr[/^127.*/]
rescue IPAddr::InvalidAddressError => e
false
end
end.first
{name: iface, addr: ip_address}
end.select {|ni| ni[:addr]}.first
valid_values = [
{ :value => "192.0.2.0", :normalized => "192.0.2.0" },
{ :value => "127.0.0.1", :normalized => "127.0.0.1" },
{ :value => "2001:db8::", :normalized => "2001:db8::" },
{ :value => "::1", :normalized => "::1" },
{ :value => iface[:name], :normalized => iface[:addr]}
]
invalid_values = [
# Too many dots
{ :value => "192.0.2.0.0" },
# Not enough
{ :value => "192.0.2" },
# Non-string values
{ :value => true},
{ :value => 5 },
{ :value => []},
{ :value => [1,2]},
{ :value => {}},
]
it_behaves_like "an option", valid_values, invalid_values, 'address'
let(:required_opt) { Msf::OptAddressLocal.new('LHOST', [true, 'local address', '']) }
end