Metasploit mailing list archives
honoring route in aux modules
From: mmiller at hick.org (mmiller at hick.org)
Date: Mon, 23 Apr 2007 19:01:11 -0700
On Mon, Apr 23, 2007 at 09:54:56PM -0400, j0hnny wrote:
Hey all! First post, so be extra kind. =) Anyhow, I'm working on getting pivot stuff to work, and I've had great luck with routing exploit modules through "route", but no luck in getting aux modules to ehhh... route through route. For my testing, my payload is windows/meterpreter/reverse_tcp fired through windows/browser/ms06_013_createtextrange. My target is natted on a 10.8.1.0 net. He hits up the MSF url, meterpreter loads, I interact with the session and add a route for 10.8.1.0 through that session. As I said, any further exploit module targeting the 10.8.1 net routes through the session as expected. Aux modules, like sweep_udp ignore the route and fail looking for 10.8.1 on my local net.
At the moment this is a limitation of meterpreter's pivoting. It doesn't currently support pivoting UDP traffic. It only supports pivoting outbound TCP connections. Perhaps if the stars align and time, motivation, and interest all coincide, I might toss support in there :) With that said, if anyone is interested in taking a look at adding support for this in the meantime, I can point you to the various locations where code changes would need to be made. Be forewarned, though, that it's a non-trivial change :) If you run into problems with aux modules that establish TCP connections, definitely let us know as that shouldn't be the case (with exception of things like nmap, of course).
Current thread:
- honoring route in aux modules j0hnny (Apr 23)
- honoring route in aux modules mmiller at hick.org (Apr 23)