Metasploit mailing list archives

Specify interface with browser_autopwn?

From: egypt at metasploit.com (egypt at metasploit.com)
Date: Mon, 10 Aug 2009 10:59:18 -0600

With all of its listeners, metasploit first tries to bind 0.0.0.0, the
'any' address which will work on all interfaces.  If that fails, it
will try the specific LHOST that you gave it.  The reason for trying
all interfaces first is the scenario when LHOST is a different IP from
the attack platform.  This will happen in the case of a NATing gateway
that forwards a particular port to your box, or when setting up
exploit/multi/handler to catch shells on a different machine from the
one sending exploits.

The local IP you're seeing there is determined after the bind happens.
 Since the listener bound to all interfaces, the local IP will appear
to be whichever one has a default gateway.

Hope this helped,
egypt

On Mon, Aug 10, 2009 at 8:05 AM, Ben Greenfield<bcg at struxural.com> wrote:

Is there a way to specify which interface browser_autopwn will use?
I'd like to have the listeners spawn on a specific interface, but it
seems like its behavior is to spawn on the interface with the default
gateway. ?Does it listen on all interfaces? ?I may be using it
incorrectly as well, but I've tried a few combinations of
LHOST/SRVHOST to try to get the LOCAL IP once it's running to read as
what I'm expecting.

Here's an example of what I mean:

set LHOST 10.254.254.1

LHOST => 10.254.254.1

set SRVHOST 10.254.254.1

SRVHOST => 10.254.254.1

msf auxiliary(browser_autopwn) > set SRVPORT 80

SRVPORT => 80

msf auxiliary(browser_autopwn) > exploit

[*] Auxiliary module running as background job
msf auxiliary(browser_autopwn) >

[*] Starting exploit modules on host 10.254.254.1...
[*] ---

[*] Starting exploit multi/browser/firefox_escape_retval with payload
generic/shell_reverse_tcp
[*] Handler binding to LHOST 0.0.0.0
[*] Started reverse handler
[*] Using URL: http://0.0.0.0:80/GqXTRJbF5EX4hY
[*] ?Local IP: http://67.***.**.**:80/GqXTRJbF5EX4hY
[*] Server started.

If I want this to spawn on 10.254.254.1, doesn't the LOCAL IP also
need to be that same address? ?Maybe I missed an option or a way to
specify interface?

Thanks,
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

Current thread:

Specify interface with browser_autopwn? Ben Greenfield (Aug 10)
- Specify interface with browser_autopwn? egypt at metasploit.com (Aug 10)