-
Notifications
You must be signed in to change notification settings - Fork 13.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
setg doesn't change default LHOST #17107
Comments
From the debug output it looks like you've set the global rhosts value to The module will only fallback to using the global Solution: Either run |
OK, so I just need to initially do edit: Actually that doesn't work; still have to run |
If you initially do I'll keep this open for a few more cycles until I confirm if there's an issue here 👍 |
Here's another example:
Module/DatastoreThe following global/module datastore, and database setup was configured before the issue occurred: Collapse
Database ConfigurationThe database contains the following information: Collapse
HistoryThe following commands were ran during the session and before this issue occurred: Collapse
Framework ErrorsThe following framework errors occurred before the issue occurred: Collapse
Web Service ErrorsThe following web service errors occurred before the issue occurred: Collapse
Framework LogsThe following framework logs were recorded before the issue occurred: Collapse
Web Service LogsThe following web service logs were recorded before the issue occurred: Collapse
Version/InstallThe versions and install method of your Metasploit setup: Collapse
|
Ah, so it looks like the logic for choosing the default payload for an exploit attempts to set the best LHOST based on the configured RHOST: metasploit-framework/lib/msf/ui/console/command_dispatcher/exploit.rb Lines 271 to 282 in 87fa486
The above logic completely ignores any existing globally set option for LHOST, and instead chooses the best routable IP for the set RHOST, or whatever ip it takes to route to 50.50.50.50 I think most folk globally run |
Hmmmm OK, that would be an equally good solution for me tbh but doesn't seem to be how it's working atm. When I set RHOST to 10.10.15.12, my LHOST still stays as 192.168.x.x, even though there is a tun0 adapter on the 10.10.15.x network 🤔 |
I just ran through this when on a vpn with a tun0 adapter with a 10.10.0.0/16 network Running
Verifying:
Using a module I've not previously used to see lhost and rhost correctly set:
And I can verify the logic that it choose to pick the default lhost from within msfconsole:
|
You can also set options inline which is handy for jumping around modules too, since you can use ctrl+r to search the history for your last run command, or use the up arrow a few times to get the previously run command:
That aside, i'll keep this issue open as it looks like a bug that should be fixed in the future 👍 |
Ah, the mistake I made was using I guess I need to do It would be good to have the Thanks 💜 |
Steps to reproduce
How'd you do it?
setg LHOST 10.10.10.10
options
This section should also tell us any relevant information about the
environment; for example, if an exploit that used to work is failing,
tell us the victim operating system and service versions.
Were you following a specific guide/tutorial or reading documentation?
Following the setg instructions here: https://www.offensive-security.com/metasploit-unleashed/msfconsole-commands/
Expected behavior
Global variables should be set to the value provided, e.g. LHOST=10.10.10.10
Current behavior
Variables are set at their default values, e.g. LHOST=eth0-IP
Metasploit version
6.2.13-dev
Additional Information
Parrot OS 5.1 (Electro Ara) - tried multiple VMs (personal and HackTheBox PwnBox, both Parrot)
Module/Datastore
The following global/module datastore, and database setup was configured before the issue occurred:
Collapse
Database Configuration
The database contains the following information:
Collapse
History
The following commands were ran during the session and before this issue occurred:
Collapse
Framework Errors
The following framework errors occurred before the issue occurred:
Collapse
Web Service Errors
The following web service errors occurred before the issue occurred:
Collapse
Framework Logs
The following framework logs were recorded before the issue occurred:
Collapse
Web Service Logs
The following web service logs were recorded before the issue occurred:
Collapse
Version/Install
The versions and install method of your Metasploit setup:
Collapse
The text was updated successfully, but these errors were encountered: