Handler binding to LHOST 0.0.0.0

[ricardo.teixas at gmail.com (Ricardo F. Teixeira)]

Quoting egypt

> With all of its listeners, metasploit first tries to bind 0.0.0.0, the 'any'
> address which will work on all interfaces.  If that fails, it will try the
> specific LHOST that you gave it.  The reason for trying all interfaces first
> is the scenario when LHOST is a different IP from the attack platform.



> This will happen in the case of a NATing gateway that forwards a particular
> port to your box, or when setting up exploit/multi/handler to catch shells
> on a different machine from the one sending exploits.



> The local IP you're seeing there is determined after the bind happens.

 Since the listener bound to all interfaces, the local IP will appear to be
> whichever one has a default gateway.



> Hope this helped,

 egypt


If you still have doubts, just ask (again) :)

-- 
Ricardo F. Teixeira

uid:  0x5BBD1456

On Sun, Sep 13, 2009 at 12:42 PM, ricky-lee birtles
<mr.r.birtles at gmail.com>wrote:

> I have started playing with the autopwn feature in msf and noticed
> every time I use the -r switch with db_autopwn regardless to what
> LHOST is set to msf bind to 0.0.0.0 (I have a global LHOST variable
> setg). I have tryed setting LHOST just before I run db_autopwn and
> still find it binds to 0.0.0.0.
>
> Is anyone else having this happen? Any one found a way to make
> msf/autopwn work correctly?
>
> Thanks,
> -- Mr R Birtles
> _______________________________________________
> https://mail.metasploit.com/mailman/listinfo/framework
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20090913/87de0767/attachment.html>