From 1b4190df38cc99974e9cd8f152b93f7a2110b913 Mon Sep 17 00:00:00 2001 From: HD Moore Date: Mon, 4 Oct 2010 02:11:22 +0000 Subject: [PATCH] This commit brings configurability to TCP Servers as to which Comm they use. The ReverseListenerComm and ListenerComm advanced options can be used to prevent a given listener from trying to bind a listener over the pivoted routed. This is useful for a number of situations and not possible to configure explicitly before. git-svn-id: file:///home/svn/framework3/trunk@10534 4d416f70-5f16-0410-b530-b9f4589650da --- lib/msf/core/db.rb | 5 +++++ lib/msf/core/exploit/http/server.rb | 12 +++++++++++- lib/msf/core/exploit/tcp.rb | 14 ++++++++++++++ lib/msf/core/handler/reverse_tcp.rb | 13 +++++++++++-- lib/rex/proto/http/server.rb | 8 +++++--- lib/rex/socket.rb | 5 +++-- 6 files changed, 49 insertions(+), 8 deletions(-) diff --git a/lib/msf/core/db.rb b/lib/msf/core/db.rb index 3464dde6de..218644b090 100644 --- a/lib/msf/core/db.rb +++ b/lib/msf/core/db.rb @@ -2905,6 +2905,11 @@ class DBManager :state => Msf::HostState::Alive ) + if host.name.to_s.empty? + host.name = vhost + host.save! + end + serv = serv ? serv : find_or_create_service( :workspace => wspace, :host => host, diff --git a/lib/msf/core/exploit/http/server.rb b/lib/msf/core/exploit/http/server.rb index 3d4d17496d..f5500f550e 100644 --- a/lib/msf/core/exploit/http/server.rb +++ b/lib/msf/core/exploit/http/server.rb @@ -75,10 +75,19 @@ module Exploit::Remote::HttpServer def start_service(opts = {}) check_dependencies + + comm = datastore['ListenerComm'] + if (comm.to_s == "local") + comm = ::Rex::Socket::Comm::Local + else + comm = nil + end + # Default the server host and port to what is required by the mixin. opts = { 'ServerHost' => datastore['SRVHOST'], 'ServerPort' => datastore['SRVPORT'], + 'Comm' => comm }.update(opts) # Start a new HTTP server service. @@ -90,7 +99,8 @@ module Exploit::Remote::HttpServer { 'Msf' => framework, 'MsfExploit' => self, - } + }, + opts['Comm'] ) self.service.server_name = 'Apache' diff --git a/lib/msf/core/exploit/tcp.rb b/lib/msf/core/exploit/tcp.rb index db9fce701f..85152c37b4 100644 --- a/lib/msf/core/exploit/tcp.rb +++ b/lib/msf/core/exploit/tcp.rb @@ -288,6 +288,12 @@ module Exploit::Remote::TcpServer OptEnum.new('SSLVersion', [ false, 'Specify the version of SSL that should be used', 'SSL3', ['SSL2', 'SSL3', 'TLS1']]), OptAddress.new('SRVHOST', [ true, "The local host to listen on.", '0.0.0.0' ]), OptPort.new('SRVPORT', [ true, "The local port to listen on.", 8080 ]), + + ], Msf::Exploit::Remote::TcpServer) + + register_advanced_options( + [ + OptString.new('ListenerComm', [ false, 'The specific communication channel to use for this service']), ], Msf::Exploit::Remote::TcpServer) register_evasion_options( @@ -355,10 +361,18 @@ module Exploit::Remote::TcpServer def start_service(*args) begin + comm = datastore['ListenerComm'] + if comm == "local" + comm = ::Rex::Socket::Comm::Local + else + comm = nil + end + self.service = Rex::Socket::TcpServer.create( 'LocalHost' => srvhost, 'LocalPort' => srvport, 'SSL' => ssl, + 'Comm' => comm, 'Context' => { 'Msf' => framework, diff --git a/lib/msf/core/handler/reverse_tcp.rb b/lib/msf/core/handler/reverse_tcp.rb index bb902120b2..8b6a6dad6d 100644 --- a/lib/msf/core/handler/reverse_tcp.rb +++ b/lib/msf/core/handler/reverse_tcp.rb @@ -50,7 +50,8 @@ module ReverseTcp register_advanced_options( [ OptInt.new('ReverseConnectRetries', [ true, 'The number of connection attempts to try before exiting the process', 5 ]), - OptAddress.new('ReverseListenerBindAddress', [ false, 'The specific IP address to bind to on the local system']) + OptAddress.new('ReverseListenerBindAddress', [ false, 'The specific IP address to bind to on the local system']), + OptString.new('ReverseListenerComm', [ false, 'The specific communication channel to use for this listener']), ], Msf::Handler::ReverseTcp) @@ -76,6 +77,13 @@ module ReverseTcp addrs = [ Rex::Socket.addr_ntoa(addr), any ] + comm = datastore['ReverseListenerComm'] + if comm.to_s == "local" + comm = ::Rex::Socket::Comm::Local + else + comm = nil + end + if not datastore['ReverseListenerBindAddress'].to_s.empty? # Only try to bind to this specific interface addrs = [ datastore['ReverseListenerBindAddress'] ] @@ -89,6 +97,7 @@ module ReverseTcp self.listener_sock = Rex::Socket::TcpServer.create( 'LocalHost' => ip, 'LocalPort' => datastore['LPORT'].to_i, + 'Comm' => comm, 'Context' => { 'Msf' => framework, @@ -98,7 +107,7 @@ module ReverseTcp ex = false - comm_used = Rex::Socket::SwitchBoard.best_comm( ip ) + comm_used = comm || Rex::Socket::SwitchBoard.best_comm( ip ) comm_used = Rex::Socket::Comm::Local if comm_used == nil if( comm_used.respond_to?( :type ) and comm_used.respond_to?( :sid ) ) diff --git a/lib/rex/proto/http/server.rb b/lib/rex/proto/http/server.rb index 123512ab4f..71676149fb 100644 --- a/lib/rex/proto/http/server.rb +++ b/lib/rex/proto/http/server.rb @@ -99,7 +99,7 @@ class Server # Initializes an HTTP server as listening on the provided port and # hostname. # - def initialize(port = 80, listen_host = '0.0.0.0', ssl = false, context = {}) + def initialize(port = 80, listen_host = '0.0.0.0', ssl = false, context = {}, comm = nil) self.listen_host = listen_host self.listen_port = port self.context = context @@ -107,6 +107,7 @@ class Server self.resources = {} self.server_name = DefaultServer self.ssl = ssl + self.comm = comm end # @@ -132,7 +133,8 @@ class Server 'LocalHost' => self.listen_host, 'LocalPort' => self.listen_port, 'Context' => self.context, - 'SSL' => self.ssl + 'SSL' => self.ssl, + 'Comm' => self.comm ) # Register callbacks @@ -254,7 +256,7 @@ class Server cli.send_response(resp) end - attr_accessor :listen_port, :listen_host, :server_name, :context, :ssl + attr_accessor :listen_port, :listen_host, :server_name, :context, :ssl, :comm attr_accessor :listener, :resources protected diff --git a/lib/rex/socket.rb b/lib/rex/socket.rb index de846518b8..0a759e3bbf 100644 --- a/lib/rex/socket.rb +++ b/lib/rex/socket.rb @@ -440,11 +440,12 @@ module Socket # ## - def self.source_address(dest='50.50.50.50') + def self.source_address(dest='50.50.50.50', comm = ::Rex::Socket::Comm::Local) begin s = self.create_udp( 'PeerHost' => dest, - 'PeerPort' => 31337 + 'PeerPort' => 31337, + 'Comm' => comm ) r = s.getsockname[1] s.close