Metasploit mailing list archives
Specify interface with browser_autopwn?
From: egypt at metasploit.com (egypt at metasploit.com)
Date: Mon, 10 Aug 2009 10:59:18 -0600
With all of its listeners, metasploit first tries to bind 0.0.0.0, the 'any' address which will work on all interfaces. If that fails, it will try the specific LHOST that you gave it. The reason for trying all interfaces first is the scenario when LHOST is a different IP from the attack platform. This will happen in the case of a NATing gateway that forwards a particular port to your box, or when setting up exploit/multi/handler to catch shells on a different machine from the one sending exploits. The local IP you're seeing there is determined after the bind happens. Since the listener bound to all interfaces, the local IP will appear to be whichever one has a default gateway. Hope this helped, egypt On Mon, Aug 10, 2009 at 8:05 AM, Ben Greenfield<bcg at struxural.com> wrote:
Is there a way to specify which interface browser_autopwn will use? I'd like to have the listeners spawn on a specific interface, but it seems like its behavior is to spawn on the interface with the default gateway. ?Does it listen on all interfaces? ?I may be using it incorrectly as well, but I've tried a few combinations of LHOST/SRVHOST to try to get the LOCAL IP once it's running to read as what I'm expecting. Here's an example of what I mean:set LHOST 10.254.254.1LHOST => 10.254.254.1set SRVHOST 10.254.254.1SRVHOST => 10.254.254.1msf auxiliary(browser_autopwn) > set SRVPORT 80SRVPORT => 80msf auxiliary(browser_autopwn) > exploit[*] Auxiliary module running as background job msf auxiliary(browser_autopwn) > [*] Starting exploit modules on host 10.254.254.1... [*] --- [*] Starting exploit multi/browser/firefox_escape_retval with payload generic/shell_reverse_tcp [*] Handler binding to LHOST 0.0.0.0 [*] Started reverse handler [*] Using URL: http://0.0.0.0:80/GqXTRJbF5EX4hY [*] ?Local IP: http://67.***.**.**:80/GqXTRJbF5EX4hY [*] Server started. If I want this to spawn on 10.254.254.1, doesn't the LOCAL IP also need to be that same address? ?Maybe I missed an option or a way to specify interface? Thanks, _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Specify interface with browser_autopwn? Ben Greenfield (Aug 10)
- Specify interface with browser_autopwn? egypt at metasploit.com (Aug 10)