Fix issue where Linux x64 shell_find_port did not set the sockaddr_len value #11923
Conversation
|
Hi there, @CCob! Thanks for the contribution! |
|
No problem. Will update the PR tomorrow. |
|
@bwatters-r7, updated the PR but tests are still failing, although not sure it's related to the PR this time. |
|
I checked the test report. Those are Windows payload tests failing. There's nothing you did that should have affected them, and every test failed. My guess is that it failed for infrastructure reasons. I will dig a bit more to be sure. |
|
Yup; @jmartin-r7 I think there was something up with the sanity testing on this one. I got full-pass on my side. |
|
@msjenkins-r7 test this please. |
|
Test looks good now, Let me know if you need anything else. |
|
@CCob someone needs to test it and land it. I can do that, but I am not super familiar with this payload's practical use, to be honest. From the asm, I can see it finds a conected port then dups the file descriptor, but can you give me a scenario that requires it to a I can do a quick test and land? I tried earlier to run it with a netcatted connection, and I think I may be getting the use case wrong. |
|
@bwatters-r7 Generally it will be used in situations where you can neither setup a listening port for a shell or an outgoing reverse shell due to firewall restrictions. You have to bind the client socket that you are connecting with to match that of the payload (or patch the payload at runtime). I'm not sure if netcat allows you to specify the client port when connecting, so you may need a python script to test. Also it probably wont work behind a natted connection, since the client port generally changes and it wont match |
|
Landing this to fix the obvious bug. |
Release NotesWe have fixed an an issue caused by an uninitialized value in the Linux x64 shell_find_port payload. |
PR to fix issue #11908