Metasploit mailing list archives
portfwd bug - Won't bind to local address
From: carlos_perez at darkoperator.com (Carlos Perez)
Date: Sun, 08 Feb 2009 22:11:46 -0400
Natron and I tried for several days to get it to work for RDP but all attempts failed, for light stuff it was working but as soon and we pushed more traffic it failed, I believe there is a ticket open for fixing the portfwd and for re-writing a lot of stuff from meterpreter. Cheers, Carlos On Sun, 2009-02-08 at 19:41 -0500, Mark Baggett wrote:
Is there a bug in portfwd that prevents it from binding to the local meterpreter address? I have tried this on both a vanilla Windows 2000 and a Windows XP SP2 host running meterpreter and I get the same results. Am I doing something wrong or is this a bug? When you run portfwd and don't provide the OPTIONAL -L ip address it appears to work. You get something like this.. meterpreter > portfwd add -l 6666 -r 192.168.1.1 -p 80 [*] Local TCP relay created: 0.0.0.0:6666 <-> 192.168.1.1:80 But nothing is listening on port 6666. A quick "execute -c -f cmd.exe; interact 1; netstat -na" shows nothing listening on the port. An NMAP of the host confirms no listener... Macintosh:~ mark.baggett$ nmap 10.4.4.4 -p 6666 Starting Nmap 4.76 ( http://nmap.org ) at 2009-02-03 22:47 EST Interesting ports on 10.4.4.4: PORT STATE SERVICE 6666/tcp closed irc Nmap done: 1 IP address (1 host up) scanned in 0.27 seconds Macintosh:~ mark.baggett$ If I try to force the matter with a -L I get a nasty "Can't assign requested address" message. meterpreter > portfwd add -L 10.4.4.4 -l 6666 -r 192.168.1.1 -p 80 [-] Error running command portfwd: Can't assign requested address - bind(2) /Applications/framework3/lib/rex/socket/comm/local.rb:138:in `bind'/Applications/framework3/lib/rex/socket/comm/local.rb:138:in `create_by_type'/Applications/framework3/lib/rex/socket/comm/local.rb:26:in `create'/Applications/framework3/lib/rex/socket.rb:45:in `create_param'/Applications/framework3/lib/rex/socket.rb:52:in `create_tcp'/Applications/framework3/lib/rex/socket.rb:59:in `create_tcp_server'/Applications/framework3/lib/rex/services/local_relay.rb:184:in `start_tcp_relay'/Applications/framework3/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/net.rb:219:in `cmd_portfwd'/Applications/framework3/lib/rex/ui/text/dispatcher_shell.rb:234:in `send'/Applications/framework3/lib/rex/ui/text/dispatcher_shell.rb:234:in `run_command'/Applications/framework3/lib/rex/post/meterpreter/ui/console.rb:94:in `run_command'/Applications/framework3/lib/rex/ui/text/dispatcher_shell.rb:196:in `run_single'/Applications/framework3/lib/rex/ui/text/dispatcher_shell.rb:191:in `each'/Applications/framework3/lib/rex/ui/text/dispatcher_shell.rb:191:in `run_single'/Applications/framework3/lib/rex/post/meterpreter/ui/console.rb:60:in `interact'/Applications/framework3/lib/rex/ui/text/shell.rb:123:in `call'/Applications/framework3/lib/rex/ui/text/shell.rb:123:in `run'/Applications/framework3/lib/rex/post/meterpreter/ui/console.rb:58:in `interact'/Applications/framework3/lib/msf/base/sessions/meterpreter.rb:181:in `_interact'/Applications/framework3/lib/rex/ui/interactive.rb:48:in `interact'/Applications/framework3/lib/msf/ui/console/command_dispatcher/core.rb:918:in `cmd_sessions'/Applications/framework3/lib/rex/ui/text/dispatcher_shell.rb:234:in `send'/Applications/framework3/lib/rex/ui/text/dispatcher_shell.rb:234:in `run_command'/Applications/framework3/lib/rex/ui/text/dispatcher_shell.rb:196:in `run_single'/Applications/framework3/lib/rex/ui/text/dispatcher_shell.rb:191:in `each'/Applications/framework3/lib/rex/ui/text/dispatcher_shell.rb:191:in `run_single'/Applications/framework3/lib/msf/ui/console/command_dispatcher/exploit.rb:143:in `cmd_exploit'/Applications/framework3/lib/rex/ui/text/dispatcher_shell.rb:234:in `send'/Applications/framework3/lib/rex/ui/text/dispatcher_shell.rb:234:in `run_command'/Applications/framework3/lib/rex/ui/text/dispatcher_shell.rb:196:in `run_single'/Applications/framework3/lib/rex/ui/text/dispatcher_shell.rb:191:in `each'/Applications/framework3/lib/rex/ui/text/dispatcher_shell.rb:191:in `run_single'/Applications/framework3/lib/rex/ui/text/shell.rb:127:in `run'./msfconsole:82 meterpreter > ipconfig Parallels OEM Adapter. Hardware MAC: 00:1c:42:99:40:22 IP Address : 10.4.4.4 Netmask : 255.255.255.0 Here is more detail on what I am trying to do. http://www.indepthdefense.com/2009/02/reverse-pivots-with-metasploit-how-not.html Thanks, Mark Baggett _______________________________________________ http://spool.metasploit.com/mailman/listinfo/framework
Current thread:
- portfwd bug - Won't bind to local address Mark Baggett (Feb 08)
- portfwd bug - Won't bind to local address Carlos Perez (Feb 08)
- portfwd bug - Won't bind to local address egypt at metasploit.com (Feb 08)
- portfwd bug - Won't bind to local address Mark Baggett (Feb 10)
- portfwd bug - Won't bind to local address egypt at metasploit.com (Feb 08)
- portfwd bug - Won't bind to local address Carlos Perez (Feb 08)