Metasploit mailing list archives
Problem with LHOST on exploits.
From: professor0110 at gmail.com (Professor 0110)
Date: Wed, 15 Apr 2009 08:37:20 +1000
Thanks for the reply, egypt. :) One further question: should I specify my internal or external IP address? And does it really matter which one I specify? Cheers, On Wed, Apr 15, 2009 at 1:33 AM, <egypt at metasploit.com> wrote:
The purpose of this behavior is to allow you to use a port forward on a NATing firewall between you and the target. For example, say you have an internal address of 192.168.1.2 and your firewall has an external address of 10.1.1.1. You can set LHOST to 10.1.1.1 and use your firewall's port forwarding features to forward LPORT on the outside to 192.168.1.2 on the inside. If metasploit tried to bind to 10.1.1.1 on your attacking box, it would fail because no interface has that address. If a server is already listening on 0.0.0.0, metasploit won't be able to bind on the "any" address, so it tries to use the specified LHOST before giving up. This is useful, for example, when you have a webserver listening on 0.0.0.0:80 and want to use 192.168.1.2:80 for a reverse shell. Hope this helped, egypt On Tue, Apr 14, 2009 at 5:13 AM, Professor 0110 <professor0110 at gmail.com> wrote:Thanks for the quick reply and help Anastasios! But even with 0.0.0.0 is LHOST still set to my IP address which Ispecified?On Tue, Apr 14, 2009 at 9:06 PM, Anastasios Monachos <anastasiosm at gmail.com>wrote:This is normal, nothing to worry about. 0.0.0.0 means every ip address. When you have a server usually you can set it up to listen on a specific IP address/interface or you can set it to listen on every interface/ipyoursystem may support, the last option is defined by using 0.0.0.0. Hope that is clear enough. 2009/4/14 Professor 0110 <professor0110 at gmail.com>Hi all, Whenever I attempt to use an exploit with a payload and I execute the exploit, the output shows the following: [*] Handler binding to LHOST 0.0.0.0 Why does it do that when I've explicitly stated the LHOST for the particular payload/exploit? Ant help on this matter will be greatly appreciated! Oh yeah, I'm using Ubuntu 8.10. Cheers, Professor 0110 _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework-- AM Key ID: 0x5EB17EE7_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.metasploit.com/pipermail/framework/attachments/20090415/63173ca5/attachment.htm>
Current thread:
- Problem with LHOST on exploits. Professor 0110 (Apr 14)
- Problem with LHOST on exploits. Anastasios Monachos (Apr 14)
- Problem with LHOST on exploits. Professor 0110 (Apr 14)
- Problem with LHOST on exploits. Anastasios Monachos (Apr 14)
- Problem with LHOST on exploits. egypt at metasploit.com (Apr 14)
- vulnerability discovery? jeffs (Apr 14)
- vulnerability discovery? Patrick Webster (Apr 14)
- Problem with LHOST on exploits. Professor 0110 (Apr 14)
- Problem with LHOST on exploits. Patrick Webster (Apr 14)
- Problem with LHOST on exploits. Professor 0110 (Apr 15)
- Problem with LHOST on exploits. egypt at metasploit.com (Apr 15)
- Message not available
- Problem with LHOST on exploits. Professor 0110 (Apr 15)
- Message not available
- Problem with LHOST on exploits. Professor 0110 (Apr 15)
- Problem with LHOST on exploits. Professor 0110 (Apr 14)
- Problem with LHOST on exploits. Anastasios Monachos (Apr 14)