CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/lib/msf/core/handler/reverse.rb
Views: 1904
module Msf1module Handler2# Options and methods needed for all handlers that listen for a connection3# from the payload.4module Reverse5autoload :Comm, 'msf/core/handler/reverse/comm'6autoload :SSL, 'msf/core/handler/reverse/ssl'78def initialize(info = {})9super1011register_options(12[13Opt::LHOST,14Opt::LPORT(4444)15], Msf::Handler::Reverse)1617register_advanced_options(18[19OptPort.new('ReverseListenerBindPort', [false, 'The port to bind to on the local system if different from LPORT']),20OptBool.new('ReverseAllowProxy', [ true, 'Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST', false]),21], Msf::Handler::Reverse22)23end2425def is_loopback_address?(address)26begin27a = IPAddr.new(address.to_s)28return true if IPAddr.new('127.0.0.1/8') === a29return true if IPAddr.new('::1') === a30rescue31end32false33end3435# A list of addresses to attempt to bind, in preferred order.36#37# @return [Array<String>] a two-element array. The first element will be38# the address that `datastore['LHOST']` resolves to, the second will39# be the INADDR_ANY address for IPv4 or IPv6, depending on the version40# of the first element.41def bind_addresses42# Switch to IPv6 ANY address if the LHOST is also IPv643addr = Rex::Socket.resolv_nbo(datastore['LHOST'])4445# First attempt to bind LHOST. If that fails, the user probably has46# something else listening on that interface. Try again with ANY_ADDR.47any = (addr.length == 4) ? "0.0.0.0" : "::0"48addr = Rex::Socket.addr_ntoa(addr)4950# Checking if LHOST is a loopback address51if is_loopback_address?(addr)52print_warning("You are binding to a loopback address by setting LHOST to #{addr}. Did you want ReverseListenerBindAddress?")53end5455addrs = [ addr, any ]5657if not datastore['ReverseListenerBindAddress'].to_s.empty?58# Only try to bind to this specific interface59addrs = [ datastore['ReverseListenerBindAddress'] ]6061# Pick the right "any" address if either wildcard is used62addrs[0] = any if (addrs[0] == "0.0.0.0" or addrs == "::0")63end6465addrs66end6768# @return [Integer]69def bind_port70port = datastore['ReverseListenerBindPort'].to_i71(port > 0) ? port : datastore['LPORT'].to_i72end7374#75# Starts the listener but does not actually attempt76# to accept a connection. Throws socket exceptions77# if it fails to start the listener.78#79def setup_handler80if !datastore['Proxies'].blank? && !datastore['ReverseAllowProxy']81raise RuntimeError, "TCP connect-back payloads cannot be used with Proxies. Use 'set ReverseAllowProxy true' to override this behaviour."82end8384ex = false8586comm = select_comm87local_port = bind_port8889bind_addresses.each do |ip|90begin91self.listener_sock = Rex::Socket::TcpServer.create(92'LocalHost' => ip,93'LocalPort' => local_port,94'Comm' => comm,95'Context' =>96{97'Msf' => framework,98'MsfPayload' => self,99'MsfExploit' => assoc_exploit100})101rescue102ex = $!103print_error("Handler failed to bind to #{ip}:#{local_port}:- #{comm} -")104else105ex = false106via = via_string(self.listener_sock.client) if self.listener_sock.respond_to?(:client)107print_status("Started #{human_name} handler on #{ip}:#{local_port} #{via}")108break109end110end111raise ex if (ex)112end113end114end115end116117118