Land #8336, Specify LHOST by interface name
commit
c297e1679c
|
@ -45,7 +45,7 @@ module ReverseHttp
|
||||||
|
|
||||||
register_options(
|
register_options(
|
||||||
[
|
[
|
||||||
OptString.new('LHOST', [true, 'The local listener hostname']),
|
OptAddressLocal.new('LHOST', [true, 'The local listener hostname']),
|
||||||
OptPort.new('LPORT', [true, 'The local listener port', 8080]),
|
OptPort.new('LPORT', [true, 'The local listener port', 8080]),
|
||||||
OptString.new('LURI', [false, 'The HTTP Path', ''])
|
OptString.new('LURI', [false, 'The HTTP Path', ''])
|
||||||
], Msf::Handler::ReverseHttp)
|
], Msf::Handler::ReverseHttp)
|
||||||
|
|
|
@ -38,7 +38,7 @@ module ReverseHttpsProxy
|
||||||
|
|
||||||
register_options(
|
register_options(
|
||||||
[
|
[
|
||||||
OptString.new('LHOST', [ true, "The local listener hostname" ,"127.0.0.1"]),
|
OptAddressLocal.new('LHOST', [ true, "The local listener hostname" ,"127.0.0.1"]),
|
||||||
OptPort.new('LPORT', [ true, "The local listener port", 8443 ]),
|
OptPort.new('LPORT', [ true, "The local listener port", 8443 ]),
|
||||||
OptString.new('PayloadProxyHost', [true, "The proxy server's IP address", "127.0.0.1"]),
|
OptString.new('PayloadProxyHost', [true, "The proxy server's IP address", "127.0.0.1"]),
|
||||||
OptPort.new('PayloadProxyPort', [true, "The proxy port to connect to", 8080 ]),
|
OptPort.new('PayloadProxyPort', [true, "The proxy port to connect to", 8080 ]),
|
||||||
|
|
|
@ -28,7 +28,7 @@ module Msf
|
||||||
|
|
||||||
# @return [OptAddress]
|
# @return [OptAddress]
|
||||||
def self.LHOST(default=nil, required=true, desc="The listen address")
|
def self.LHOST(default=nil, required=true, desc="The listen address")
|
||||||
Msf::OptAddress.new(__method__.to_s, [ required, desc, default ])
|
Msf::OptAddressLocal.new(__method__.to_s, [ required, desc, default ])
|
||||||
end
|
end
|
||||||
|
|
||||||
# @return [OptPort]
|
# @return [OptPort]
|
||||||
|
|
|
@ -0,0 +1,41 @@
|
||||||
|
# -*- coding: binary -*-
|
||||||
|
require 'network_interface'
|
||||||
|
|
||||||
|
module Msf
|
||||||
|
|
||||||
|
###
|
||||||
|
#
|
||||||
|
# Network address option.
|
||||||
|
#
|
||||||
|
###
|
||||||
|
class OptAddressLocal < OptAddress
|
||||||
|
def normalize(value)
|
||||||
|
return nil unless value.kind_of?(String)
|
||||||
|
|
||||||
|
if NetworkInterface.interfaces.include?(value)
|
||||||
|
ip_address = NetworkInterface.addresses(value).values.flatten.collect{|x| x['addr']}.select do |addr|
|
||||||
|
begin
|
||||||
|
IPAddr.new(addr).ipv4?
|
||||||
|
rescue IPAddr::InvalidAddressError => e
|
||||||
|
false
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
return false if ip_address.blank?
|
||||||
|
return ip_address.first
|
||||||
|
end
|
||||||
|
|
||||||
|
return value
|
||||||
|
end
|
||||||
|
|
||||||
|
def valid?(value, check_empty: true)
|
||||||
|
return false if check_empty && empty_required_value?(value)
|
||||||
|
return false unless value.kind_of?(String) or value.kind_of?(NilClass)
|
||||||
|
|
||||||
|
return true if NetworkInterface.interfaces.include?(value)
|
||||||
|
|
||||||
|
return super
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
end
|
|
@ -7,6 +7,7 @@ module Msf
|
||||||
autoload :OptBase, 'msf/core/opt_base'
|
autoload :OptBase, 'msf/core/opt_base'
|
||||||
|
|
||||||
autoload :OptAddress, 'msf/core/opt_address'
|
autoload :OptAddress, 'msf/core/opt_address'
|
||||||
|
autoload :OptAddressLocal, 'msf/core/opt_address_local'
|
||||||
autoload :OptAddressRange, 'msf/core/opt_address_range'
|
autoload :OptAddressRange, 'msf/core/opt_address_range'
|
||||||
autoload :OptBool, 'msf/core/opt_bool'
|
autoload :OptBool, 'msf/core/opt_bool'
|
||||||
autoload :OptEnum, 'msf/core/opt_enum'
|
autoload :OptEnum, 'msf/core/opt_enum'
|
||||||
|
|
|
@ -39,7 +39,7 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
register_options(
|
register_options(
|
||||||
[
|
[
|
||||||
Opt::RPORT(10000),
|
Opt::RPORT(10000),
|
||||||
OptAddress.new('LHOST',
|
OptAddressLocal.new('LHOST',
|
||||||
[
|
[
|
||||||
false,
|
false,
|
||||||
"The local IP address to accept the data connection"
|
"The local IP address to accept the data connection"
|
||||||
|
|
|
@ -44,7 +44,7 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
OptString.new( 'REMOTE_FILENAME', [false, "The remote filename"]),
|
OptString.new( 'REMOTE_FILENAME', [false, "The remote filename"]),
|
||||||
OptAddress.new('RHOST', [true, "The remote TFTP server"]),
|
OptAddress.new('RHOST', [true, "The remote TFTP server"]),
|
||||||
OptPort.new( 'LPORT', [false, "The local port the TFTP client should listen on (default is random)" ]),
|
OptPort.new( 'LPORT', [false, "The local port the TFTP client should listen on (default is random)" ]),
|
||||||
OptAddress.new('LHOST', [false, "The local address the TFTP client should bind to"]),
|
OptAddressLocal.new('LHOST', [false, "The local address the TFTP client should bind to"]),
|
||||||
OptString.new( 'MODE', [false, "The TFTP mode; usual choices are netascii and octet.", "octet"]),
|
OptString.new( 'MODE', [false, "The TFTP mode; usual choices are netascii and octet.", "octet"]),
|
||||||
Opt::RPORT(69)
|
Opt::RPORT(69)
|
||||||
])
|
])
|
||||||
|
|
|
@ -45,7 +45,7 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
|
|
||||||
register_options(
|
register_options(
|
||||||
[
|
[
|
||||||
OptAddress.new('LHOST',[true, 'Server IP or hostname that the .docx document points to.']),
|
OptAddressLocal.new('LHOST',[true, 'Server IP or hostname that the .docx document points to.']),
|
||||||
OptPath.new('SOURCE', [false, 'Full path and filename of .docx file to use as source. If empty, creates new document.']),
|
OptPath.new('SOURCE', [false, 'Full path and filename of .docx file to use as source. If empty, creates new document.']),
|
||||||
OptString.new('FILENAME', [true, 'Document output filename.', 'msf.docx']),
|
OptString.new('FILENAME', [true, 'Document output filename.', 'msf.docx']),
|
||||||
OptString.new('DOCAUTHOR',[false,'Document author for empty document.']),
|
OptString.new('DOCAUTHOR',[false,'Document author for empty document.']),
|
||||||
|
|
|
@ -34,9 +34,8 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
|
|
||||||
register_options(
|
register_options(
|
||||||
[
|
[
|
||||||
OptAddress.new('LHOST', [true, "The spoofed address of a vulnerable ntpd server" ])
|
OptAddressLocal.new('LHOST', [true, "The spoofed address of a vulnerable ntpd server" ])
|
||||||
])
|
])
|
||||||
|
|
||||||
deregister_options('FILTER','PCAPFILE')
|
deregister_options('FILTER','PCAPFILE')
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
|
@ -45,7 +45,7 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
|
|
||||||
register_options(
|
register_options(
|
||||||
[
|
[
|
||||||
OptAddress.new('LHOST', [false, "The local IP address to bind to"]),
|
OptAddressLocal.new('LHOST', [false, "The local IP address to bind to"]),
|
||||||
OptInt.new('RECV_TIMEOUT', [false, "Time (in seconds) to wait between packets", 3]),
|
OptInt.new('RECV_TIMEOUT', [false, "Time (in seconds) to wait between packets", 3]),
|
||||||
Opt::RPORT(69)
|
Opt::RPORT(69)
|
||||||
])
|
])
|
||||||
|
|
|
@ -34,7 +34,7 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
Opt::RPORT(1604),
|
Opt::RPORT(1604),
|
||||||
Opt::RHOST('0.0.0.0'),
|
Opt::RHOST('0.0.0.0'),
|
||||||
|
|
||||||
OptString.new('LHOST', [true, 'This is our IP (as it appears to the DarkComet C2 server)', '0.0.0.0']),
|
OptAddressLocal.new('LHOST', [true, 'This is our IP (as it appears to the DarkComet C2 server)', '0.0.0.0']),
|
||||||
OptString.new('KEY', [false, 'DarkComet RC4 key (include DC prefix with key eg. #KCMDDC51#-890password)', '']),
|
OptString.new('KEY', [false, 'DarkComet RC4 key (include DC prefix with key eg. #KCMDDC51#-890password)', '']),
|
||||||
OptBool.new('NEWVERSION', [false, 'Set to true if DarkComet version >= 5.1, set to false if version < 5.1', true]),
|
OptBool.new('NEWVERSION', [false, 'Set to true if DarkComet version >= 5.1, set to false if version < 5.1', true]),
|
||||||
OptString.new('TARGETFILE', [false, 'Target file to download (assumes password is set)', '']),
|
OptString.new('TARGETFILE', [false, 'Target file to download (assumes password is set)', '']),
|
||||||
|
|
|
@ -53,7 +53,7 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
OptString.new('CLIENT', [true, 'SAP client', '001']),
|
OptString.new('CLIENT', [true, 'SAP client', '001']),
|
||||||
OptString.new('HttpUsername', [false, 'Username (Ex SAP*)']),
|
OptString.new('HttpUsername', [false, 'Username (Ex SAP*)']),
|
||||||
OptString.new('HttpPassword', [false, 'Password (Ex 06071992)']),
|
OptString.new('HttpPassword', [false, 'Password (Ex 06071992)']),
|
||||||
OptAddress.new('LHOST', [true, 'Server IP or hostname of the SMB Capture system']),
|
OptAddressLocal.new('LHOST', [true, 'Server IP or hostname of the SMB Capture system']),
|
||||||
OptEnum.new('ABUSE', [true, 'SMB Relay abuse to use', "MMR",
|
OptEnum.new('ABUSE', [true, 'SMB Relay abuse to use', "MMR",
|
||||||
[
|
[
|
||||||
"MMR",
|
"MMR",
|
||||||
|
|
|
@ -30,7 +30,7 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
register_options([
|
register_options([
|
||||||
OptEnum.new("SOURCE", [true, "Grab the startup (3) or running (4) configuration", "4", ["3","4"]]),
|
OptEnum.new("SOURCE", [true, "Grab the startup (3) or running (4) configuration", "4", ["3","4"]]),
|
||||||
OptString.new('OUTPUTDIR', [ false, "The directory where we should save the configuration files (disabled by default)"]),
|
OptString.new('OUTPUTDIR', [ false, "The directory where we should save the configuration files (disabled by default)"]),
|
||||||
OptAddress.new('LHOST', [ false, "The IP address of the system running this module" ])
|
OptAddressLocal.new('LHOST', [ false, "The IP address of the system running this module" ])
|
||||||
])
|
])
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -28,7 +28,7 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
)
|
)
|
||||||
register_options([
|
register_options([
|
||||||
OptPath.new('SOURCE', [true, "The filename to upload" ]),
|
OptPath.new('SOURCE', [true, "The filename to upload" ]),
|
||||||
OptAddress.new('LHOST', [ false, "The IP address of the system running this module" ])
|
OptAddressLocal.new('LHOST', [ false, "The IP address of the system running this module" ])
|
||||||
])
|
])
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -60,7 +60,7 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
'DefaultAction' => 'WebServer'))
|
'DefaultAction' => 'WebServer'))
|
||||||
|
|
||||||
register_options([
|
register_options([
|
||||||
OptAddress.new('LHOST', [true,
|
OptAddressLocal.new('LHOST', [true,
|
||||||
'The IP address to use for reverse-connect payloads'
|
'The IP address to use for reverse-connect payloads'
|
||||||
])
|
])
|
||||||
])
|
])
|
||||||
|
|
|
@ -66,7 +66,7 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||||
[
|
[
|
||||||
OptString.new('HttpUsername', [ true, 'The username to authenticate as', 'admin' ]),
|
OptString.new('HttpUsername', [ true, 'The username to authenticate as', 'admin' ]),
|
||||||
OptString.new('HttpPassword', [ true, 'The password for the specified username', 'admin' ]),
|
OptString.new('HttpPassword', [ true, 'The password for the specified username', 'admin' ]),
|
||||||
OptAddress.new('LHOST', [ true, 'The listen IP address from where the victim downloads the MIPS payload' ]),
|
OptAddressLocal.new('LHOST', [ true, 'The listen IP address from where the victim downloads the MIPS payload' ]),
|
||||||
OptString.new('DOWNFILE', [ false, 'Filename to download, (default: random)' ]),
|
OptString.new('DOWNFILE', [ false, 'Filename to download, (default: random)' ]),
|
||||||
OptInt.new('DELAY', [true, 'Time that the HTTP Server will wait for the ELF payload request', 10])
|
OptInt.new('DELAY', [true, 'Time that the HTTP Server will wait for the ELF payload request', 10])
|
||||||
])
|
])
|
||||||
|
|
|
@ -51,7 +51,7 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||||
Opt::RPORT(80),
|
Opt::RPORT(80),
|
||||||
OptString.new('USERNAME', [true, 'Username for the web interface (using default credentials)', 'supervisor']),
|
OptString.new('USERNAME', [true, 'Username for the web interface (using default credentials)', 'supervisor']),
|
||||||
OptString.new('PASSWORD', [true, 'Password for the web interface (using default credentials)', 'zyad1234']),
|
OptString.new('PASSWORD', [true, 'Password for the web interface (using default credentials)', 'zyad1234']),
|
||||||
OptAddress.new('LHOST', [ true, 'The listen IP address from where the victim downloads the MIPS payload' ]),
|
OptAddressLocal.new('LHOST', [ true, 'The listen IP address from where the victim downloads the MIPS payload' ]),
|
||||||
OptInt.new('DELAY', [true, "How long to wait for the device to download the payload", 30]),
|
OptInt.new('DELAY', [true, "How long to wait for the device to download the payload", 30]),
|
||||||
])
|
])
|
||||||
end
|
end
|
||||||
|
|
|
@ -26,7 +26,7 @@ class MetasploitModule < Msf::Post
|
||||||
))
|
))
|
||||||
register_options(
|
register_options(
|
||||||
[
|
[
|
||||||
OptAddress.new('LHOST',
|
OptAddressLocal.new('LHOST',
|
||||||
[false, 'IP of host that will receive the connection from the payload (Will try to auto detect).', nil]),
|
[false, 'IP of host that will receive the connection from the payload (Will try to auto detect).', nil]),
|
||||||
OptInt.new('LPORT',
|
OptInt.new('LPORT',
|
||||||
[true, 'Port for payload to connect to.', 4433]),
|
[true, 'Port for payload to connect to.', 4433]),
|
||||||
|
|
|
@ -20,7 +20,7 @@ class MetasploitModule < Msf::Post
|
||||||
))
|
))
|
||||||
register_options(
|
register_options(
|
||||||
[
|
[
|
||||||
OptAddress.new('LHOST',
|
OptAddressLocal.new('LHOST',
|
||||||
[true, 'IP of host that will receive the connection from the payload.']),
|
[true, 'IP of host that will receive the connection from the payload.']),
|
||||||
OptInt.new('LPORT',
|
OptInt.new('LPORT',
|
||||||
[false, 'Port for Payload to connect to.', 4433]),
|
[false, 'Port for Payload to connect to.', 4433]),
|
||||||
|
|
|
@ -28,7 +28,7 @@ class MetasploitModule < Msf::Post
|
||||||
register_options(
|
register_options(
|
||||||
[
|
[
|
||||||
OptString.new('PAYLOAD', [false, 'Windows Payload to inject into memory of a process.', "windows/meterpreter/reverse_tcp"]),
|
OptString.new('PAYLOAD', [false, 'Windows Payload to inject into memory of a process.', "windows/meterpreter/reverse_tcp"]),
|
||||||
OptAddress.new('LHOST', [true, 'IP of host that will receive the connection from the payload.']),
|
OptAddressLocal.new('LHOST', [true, 'IP of host that will receive the connection from the payload.']),
|
||||||
OptInt.new('LPORT', [false, 'Port for Payload to connect to.', 4433]),
|
OptInt.new('LPORT', [false, 'Port for Payload to connect to.', 4433]),
|
||||||
OptInt.new('PID', [false, 'Process Identifier to inject of process to inject payload.']),
|
OptInt.new('PID', [false, 'Process Identifier to inject of process to inject payload.']),
|
||||||
OptBool.new('HANDLER', [ false, 'Start an exploit/multi/handler to receive the connection', false]),
|
OptBool.new('HANDLER', [ false, 'Start an exploit/multi/handler to receive the connection', false]),
|
||||||
|
|
|
@ -0,0 +1,43 @@
|
||||||
|
# -*- coding:binary -*-
|
||||||
|
|
||||||
|
require 'spec_helper'
|
||||||
|
require 'msf/core/option_container'
|
||||||
|
|
||||||
|
RSpec.describe Msf::OptAddressLocal do
|
||||||
|
iface = NetworkInterface.interfaces.collect do |iface|
|
||||||
|
ip_address = NetworkInterface.addresses(iface).values.flatten.collect{|x| x['addr']}.select do |addr|
|
||||||
|
begin
|
||||||
|
IPAddr.new(addr).ipv4? && !addr[/^127.*/]
|
||||||
|
rescue IPAddr::InvalidAddressError => e
|
||||||
|
false
|
||||||
|
end
|
||||||
|
end.first
|
||||||
|
{name: iface, addr: ip_address}
|
||||||
|
end.select {|ni| ni[:addr]}.first
|
||||||
|
|
||||||
|
valid_values = [
|
||||||
|
{ :value => "192.0.2.0", :normalized => "192.0.2.0" },
|
||||||
|
{ :value => "127.0.0.1", :normalized => "127.0.0.1" },
|
||||||
|
{ :value => "2001:db8::", :normalized => "2001:db8::" },
|
||||||
|
{ :value => "::1", :normalized => "::1" },
|
||||||
|
{ :value => iface[:name], :normalized => iface[:addr]}
|
||||||
|
]
|
||||||
|
|
||||||
|
invalid_values = [
|
||||||
|
# Too many dots
|
||||||
|
{ :value => "192.0.2.0.0" },
|
||||||
|
# Not enough
|
||||||
|
{ :value => "192.0.2" },
|
||||||
|
# Non-string values
|
||||||
|
{ :value => true},
|
||||||
|
{ :value => 5 },
|
||||||
|
{ :value => []},
|
||||||
|
{ :value => [1,2]},
|
||||||
|
{ :value => {}},
|
||||||
|
]
|
||||||
|
|
||||||
|
it_behaves_like "an option", valid_values, invalid_values, 'address'
|
||||||
|
|
||||||
|
let(:required_opt) { Msf::OptAddressLocal.new('LHOST', [true, 'local address', '']) }
|
||||||
|
|
||||||
|
end
|
Loading…
Reference in New Issue