gate session reported when using bind udp

While this method here is somewhat noisy on the network it eliminates a poor user experience when the handler is started but the payload is not yet running on the target. When a target is sent a udp packet and it is not rejected push down an initial "echo syn" command that will respond with output. This allows framework to be aware that the payload is what is running on the server port instead of assuming a non-existent target is a valid session.
2018-02-13 13:21:22 -06:00 · 2018-02-13 13:21:22 -06:00 · f5768e7ced
parent d56111a33c
commit f5768e7ced
1 changed files with 18 additions and 1 deletions
--- a/lib/msf/core/handler/bind_udp.rb
+++ b/lib/msf/core/handler/bind_udp.rb
@ -81,6 +81,9 @@ module BindUdp
    # Maximum number of seconds to run the handler
    ctimeout = 150

+    # Maximum number of seconds to await initial udp response
+    rtimeout = 5
+
    if (exploit_config and exploit_config['active_timeout'])
      ctimeout = exploit_config['active_timeout'].to_i
    end
@ -131,7 +134,21 @@ module BindUdp
        end

        client.extend(Rex::IO::Stream)
-        break if client
+        begin
+          # If a connection was acknowledged, request a basic response before promoting as a session
+          if client
+            message = 'syn'
+            client.write("echo #{message}\n")
+            response = client.get(rtimeout)
+            break if response && response.include?(message)
+            client.close()
+            client = nil
+          end
+        rescue Errno::ECONNREFUSED
+          client.close()
+          client = nil
+          wlog("Connection failed in udp bind handler continuing attempts: #{$!.class} #{$!}")
+        end

        # Wait a second before trying again
        Rex::ThreadSafe.sleep(0.5)