infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[FixRM #8749] - Make spawn_meterpreter respect lport/lhost options 

[FixRM #8749] Basically the spawn_meterpreter script doesn't
actually allow the user to set their own LHOST/LPORT datastore
options, because they come from the session object, not from the
active module or the framework object.

The fix is to allow the user to config them from framework. But
if they forget to do this (because naturally people probably
assume that active module datastore options are the same as the
ones set in framework), then for LHOST, we default whatever we get
from Rex::Socket.source_address. As for LPORT, we'll pick a one
that's not used by any of the sessions.
bug/bundler_fix
sinn3r 2014-01-23 22:40:34 -06:00
parent 636c43dcdc
commit cb33de24e4
1 changed files with 29 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
scripts/shell/spawn_meterpreter.rb
View File

@ -18,17 +18,39 @@ def progress(total, sent)
end
raise RuntimeError, "You must select a session." if (not session)
raise RuntimeError, "Selected session is not a command shell session!" if (session.type != "shell")
#
# Returns if a port is used by a session
#
def is_port_used?(port)
framework.sessions.each do |sid, obj|
local_info = obj.instance_variable_get(:@local_info)
return true if local_info =~ /:#{port}$/
end
# Check for required datastore options
if (not session.exploit_datastore['LHOST'] or not session.exploit_datastore['LPORT'])
raise RuntimeError, "You must set LPORT and LHOST for this script to work."
false
end
#
# Mimics what MSF alreayd does if the user doesn't manually select a payload and lhost
#
lhost = framework.datastore['LHOST']
unless lhost
lhost = Rex::Socket.source_address('50.50.50.50')
end
lhost = session.exploit_datastore['LHOST']
lport = session.exploit_datastore['LPORT']
#
# If there is no LPORT defined in framework, then pick a random one that's not used
# by current sessions. This is possible if the user assumes module datastore options
# are the same as framework datastore options.
#
lport = framework.datastore['LPORT']
unless lport
lport = 4444 # Default meterpreter port
while is_port_used?(lport)
# Pick a port that's not used
lport = [*49152..65535].sample
end
end
# maybe we want our sessions going to another instance?
use_handler = true