Binding to local virtual address problem.

[rrecaba at usb.ve (rrecaba at usb.ve)]

On Thu, 29 Dec 2005, H D Moore wrote:

> with the local interface for the handler. We can't change this behavior,
> because LHOST isn't always a local interface address, it can be an
> external address that forwards the port back to the attacking system. If
> you can think of a solution to this that makes sense for both situations
> (virtual interfaces with other services bound and attacking from behind a
> NAT gateway), I would be interested in hearing about it.

Ah! you are right. I see the problem. Fearing talking nonsense because I
havent look at the sources yet, I would try to split LHOST and LPORT into
a BLHOST/BLPORT and PLHOST/PLPORT. Thus you use PLHOST/PLPORT for the
payloads connect back, and use BLHOST/BLPORT for the listeners binding.

It may be a lot of work, I know, but you are also gainning the ability to
attack from behind a NAT and not use the same port as your external
gateway, which could be in some situations usefull (low ports
restrictions, maybe for stealth reasons or to comply with security
policies?)

and of course, if BLHOST/BLPORT are not set, have BLPORT default to PLHOST
and BLHOST to 0.0.0.0

I will try to work on it a bit and let you know what I find out. I guess
it is a very good excuse to finally go into the your framework more deeply
:D

Thanks a lot, and excellent work you guys! :D

Cheers,

> -HD
>
> On Thursday 29 December 2005 21:47, rrecaba at usb.ve wrote:
> > So I have only one app bound to one virtual address port 1863, and
> > nothing bound to port 4321 on any address. The framework seems to try
> > to local bind to ALL IP addresses even though i am specifying only one
> > with LHOST and LPORT.
> >
> > What am i doing wrong??
> >
> > Any help would be greatly appreciated.