This commit brings configurability to TCP Servers as to which Comm they use. The ReverseListenerComm and ListenerComm advanced options can be used to prevent a given listener from trying to bind a listener over the pivoted routed. This is useful for a number of situations and not possible to configure explicitly before.
git-svn-id: file:///home/svn/framework3/trunk@10534 4d416f70-5f16-0410-b530-b9f4589650da
This commit is contained in:
parent
6a06a95f2f
commit
1b4190df38
|
@ -2905,6 +2905,11 @@ class DBManager
|
||||||
:state => Msf::HostState::Alive
|
:state => Msf::HostState::Alive
|
||||||
)
|
)
|
||||||
|
|
||||||
|
if host.name.to_s.empty?
|
||||||
|
host.name = vhost
|
||||||
|
host.save!
|
||||||
|
end
|
||||||
|
|
||||||
serv = serv ? serv : find_or_create_service(
|
serv = serv ? serv : find_or_create_service(
|
||||||
:workspace => wspace,
|
:workspace => wspace,
|
||||||
:host => host,
|
:host => host,
|
||||||
|
|
|
@ -75,10 +75,19 @@ module Exploit::Remote::HttpServer
|
||||||
def start_service(opts = {})
|
def start_service(opts = {})
|
||||||
check_dependencies
|
check_dependencies
|
||||||
|
|
||||||
|
|
||||||
|
comm = datastore['ListenerComm']
|
||||||
|
if (comm.to_s == "local")
|
||||||
|
comm = ::Rex::Socket::Comm::Local
|
||||||
|
else
|
||||||
|
comm = nil
|
||||||
|
end
|
||||||
|
|
||||||
# Default the server host and port to what is required by the mixin.
|
# Default the server host and port to what is required by the mixin.
|
||||||
opts = {
|
opts = {
|
||||||
'ServerHost' => datastore['SRVHOST'],
|
'ServerHost' => datastore['SRVHOST'],
|
||||||
'ServerPort' => datastore['SRVPORT'],
|
'ServerPort' => datastore['SRVPORT'],
|
||||||
|
'Comm' => comm
|
||||||
}.update(opts)
|
}.update(opts)
|
||||||
|
|
||||||
# Start a new HTTP server service.
|
# Start a new HTTP server service.
|
||||||
|
@ -90,7 +99,8 @@ module Exploit::Remote::HttpServer
|
||||||
{
|
{
|
||||||
'Msf' => framework,
|
'Msf' => framework,
|
||||||
'MsfExploit' => self,
|
'MsfExploit' => self,
|
||||||
}
|
},
|
||||||
|
opts['Comm']
|
||||||
)
|
)
|
||||||
|
|
||||||
self.service.server_name = 'Apache'
|
self.service.server_name = 'Apache'
|
||||||
|
|
|
@ -288,6 +288,12 @@ module Exploit::Remote::TcpServer
|
||||||
OptEnum.new('SSLVersion', [ false, 'Specify the version of SSL that should be used', 'SSL3', ['SSL2', 'SSL3', 'TLS1']]),
|
OptEnum.new('SSLVersion', [ false, 'Specify the version of SSL that should be used', 'SSL3', ['SSL2', 'SSL3', 'TLS1']]),
|
||||||
OptAddress.new('SRVHOST', [ true, "The local host to listen on.", '0.0.0.0' ]),
|
OptAddress.new('SRVHOST', [ true, "The local host to listen on.", '0.0.0.0' ]),
|
||||||
OptPort.new('SRVPORT', [ true, "The local port to listen on.", 8080 ]),
|
OptPort.new('SRVPORT', [ true, "The local port to listen on.", 8080 ]),
|
||||||
|
|
||||||
|
], Msf::Exploit::Remote::TcpServer)
|
||||||
|
|
||||||
|
register_advanced_options(
|
||||||
|
[
|
||||||
|
OptString.new('ListenerComm', [ false, 'The specific communication channel to use for this service']),
|
||||||
], Msf::Exploit::Remote::TcpServer)
|
], Msf::Exploit::Remote::TcpServer)
|
||||||
|
|
||||||
register_evasion_options(
|
register_evasion_options(
|
||||||
|
@ -355,10 +361,18 @@ module Exploit::Remote::TcpServer
|
||||||
def start_service(*args)
|
def start_service(*args)
|
||||||
begin
|
begin
|
||||||
|
|
||||||
|
comm = datastore['ListenerComm']
|
||||||
|
if comm == "local"
|
||||||
|
comm = ::Rex::Socket::Comm::Local
|
||||||
|
else
|
||||||
|
comm = nil
|
||||||
|
end
|
||||||
|
|
||||||
self.service = Rex::Socket::TcpServer.create(
|
self.service = Rex::Socket::TcpServer.create(
|
||||||
'LocalHost' => srvhost,
|
'LocalHost' => srvhost,
|
||||||
'LocalPort' => srvport,
|
'LocalPort' => srvport,
|
||||||
'SSL' => ssl,
|
'SSL' => ssl,
|
||||||
|
'Comm' => comm,
|
||||||
'Context' =>
|
'Context' =>
|
||||||
{
|
{
|
||||||
'Msf' => framework,
|
'Msf' => framework,
|
||||||
|
|
|
@ -50,7 +50,8 @@ module ReverseTcp
|
||||||
register_advanced_options(
|
register_advanced_options(
|
||||||
[
|
[
|
||||||
OptInt.new('ReverseConnectRetries', [ true, 'The number of connection attempts to try before exiting the process', 5 ]),
|
OptInt.new('ReverseConnectRetries', [ true, 'The number of connection attempts to try before exiting the process', 5 ]),
|
||||||
OptAddress.new('ReverseListenerBindAddress', [ false, 'The specific IP address to bind to on the local system'])
|
OptAddress.new('ReverseListenerBindAddress', [ false, 'The specific IP address to bind to on the local system']),
|
||||||
|
OptString.new('ReverseListenerComm', [ false, 'The specific communication channel to use for this listener']),
|
||||||
], Msf::Handler::ReverseTcp)
|
], Msf::Handler::ReverseTcp)
|
||||||
|
|
||||||
|
|
||||||
|
@ -76,6 +77,13 @@ module ReverseTcp
|
||||||
|
|
||||||
addrs = [ Rex::Socket.addr_ntoa(addr), any ]
|
addrs = [ Rex::Socket.addr_ntoa(addr), any ]
|
||||||
|
|
||||||
|
comm = datastore['ReverseListenerComm']
|
||||||
|
if comm.to_s == "local"
|
||||||
|
comm = ::Rex::Socket::Comm::Local
|
||||||
|
else
|
||||||
|
comm = nil
|
||||||
|
end
|
||||||
|
|
||||||
if not datastore['ReverseListenerBindAddress'].to_s.empty?
|
if not datastore['ReverseListenerBindAddress'].to_s.empty?
|
||||||
# Only try to bind to this specific interface
|
# Only try to bind to this specific interface
|
||||||
addrs = [ datastore['ReverseListenerBindAddress'] ]
|
addrs = [ datastore['ReverseListenerBindAddress'] ]
|
||||||
|
@ -89,6 +97,7 @@ module ReverseTcp
|
||||||
self.listener_sock = Rex::Socket::TcpServer.create(
|
self.listener_sock = Rex::Socket::TcpServer.create(
|
||||||
'LocalHost' => ip,
|
'LocalHost' => ip,
|
||||||
'LocalPort' => datastore['LPORT'].to_i,
|
'LocalPort' => datastore['LPORT'].to_i,
|
||||||
|
'Comm' => comm,
|
||||||
'Context' =>
|
'Context' =>
|
||||||
{
|
{
|
||||||
'Msf' => framework,
|
'Msf' => framework,
|
||||||
|
@ -98,7 +107,7 @@ module ReverseTcp
|
||||||
|
|
||||||
ex = false
|
ex = false
|
||||||
|
|
||||||
comm_used = Rex::Socket::SwitchBoard.best_comm( ip )
|
comm_used = comm || Rex::Socket::SwitchBoard.best_comm( ip )
|
||||||
comm_used = Rex::Socket::Comm::Local if comm_used == nil
|
comm_used = Rex::Socket::Comm::Local if comm_used == nil
|
||||||
|
|
||||||
if( comm_used.respond_to?( :type ) and comm_used.respond_to?( :sid ) )
|
if( comm_used.respond_to?( :type ) and comm_used.respond_to?( :sid ) )
|
||||||
|
|
|
@ -99,7 +99,7 @@ class Server
|
||||||
# Initializes an HTTP server as listening on the provided port and
|
# Initializes an HTTP server as listening on the provided port and
|
||||||
# hostname.
|
# hostname.
|
||||||
#
|
#
|
||||||
def initialize(port = 80, listen_host = '0.0.0.0', ssl = false, context = {})
|
def initialize(port = 80, listen_host = '0.0.0.0', ssl = false, context = {}, comm = nil)
|
||||||
self.listen_host = listen_host
|
self.listen_host = listen_host
|
||||||
self.listen_port = port
|
self.listen_port = port
|
||||||
self.context = context
|
self.context = context
|
||||||
|
@ -107,6 +107,7 @@ class Server
|
||||||
self.resources = {}
|
self.resources = {}
|
||||||
self.server_name = DefaultServer
|
self.server_name = DefaultServer
|
||||||
self.ssl = ssl
|
self.ssl = ssl
|
||||||
|
self.comm = comm
|
||||||
end
|
end
|
||||||
|
|
||||||
#
|
#
|
||||||
|
@ -132,7 +133,8 @@ class Server
|
||||||
'LocalHost' => self.listen_host,
|
'LocalHost' => self.listen_host,
|
||||||
'LocalPort' => self.listen_port,
|
'LocalPort' => self.listen_port,
|
||||||
'Context' => self.context,
|
'Context' => self.context,
|
||||||
'SSL' => self.ssl
|
'SSL' => self.ssl,
|
||||||
|
'Comm' => self.comm
|
||||||
)
|
)
|
||||||
|
|
||||||
# Register callbacks
|
# Register callbacks
|
||||||
|
@ -254,7 +256,7 @@ class Server
|
||||||
cli.send_response(resp)
|
cli.send_response(resp)
|
||||||
end
|
end
|
||||||
|
|
||||||
attr_accessor :listen_port, :listen_host, :server_name, :context, :ssl
|
attr_accessor :listen_port, :listen_host, :server_name, :context, :ssl, :comm
|
||||||
attr_accessor :listener, :resources
|
attr_accessor :listener, :resources
|
||||||
|
|
||||||
protected
|
protected
|
||||||
|
|
|
@ -440,11 +440,12 @@ module Socket
|
||||||
#
|
#
|
||||||
##
|
##
|
||||||
|
|
||||||
def self.source_address(dest='50.50.50.50')
|
def self.source_address(dest='50.50.50.50', comm = ::Rex::Socket::Comm::Local)
|
||||||
begin
|
begin
|
||||||
s = self.create_udp(
|
s = self.create_udp(
|
||||||
'PeerHost' => dest,
|
'PeerHost' => dest,
|
||||||
'PeerPort' => 31337
|
'PeerPort' => 31337,
|
||||||
|
'Comm' => comm
|
||||||
)
|
)
|
||||||
r = s.getsockname[1]
|
r = s.getsockname[1]
|
||||||
s.close
|
s.close
|
||||||
|
|
Loading…
Reference in New Issue