Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix issue where Linux x64 shell_find_port did not set the sockaddr_len value #11923

Merged
merged 1 commit into from Jun 29, 2019

Conversation

Projects
None yet
4 participants
@CCob
Copy link
Contributor

commented Jun 1, 2019

PR to fix issue #11908

@bwatters-r7

This comment has been minimized.

Copy link
Contributor

commented Jun 1, 2019

Hi there, @CCob! Thanks for the contribution!
The Travis tests are failing because the cached payload size has changed. After changing a payload, you've got to run ./tools/modules/update_payload_cached_sizes.rb to update the cached sizes to match the new payload size. If you run that script and push your changes, the Travis tests should pass.

@CCob

This comment has been minimized.

Copy link
Contributor Author

commented Jun 1, 2019

No problem. Will update the PR tomorrow.

@CCob CCob force-pushed the CCob:master branch from 9205dd5 to aaa017e Jun 2, 2019

@CCob

This comment has been minimized.

Copy link
Contributor Author

commented Jun 2, 2019

@bwatters-r7, updated the PR but tests are still failing, although not sure it's related to the PR this time.

testlog:[2019-06-02 08:40:30.782873] TEST FAILED: Sanity_Win2016x64:windows/x64/meterpreter_bind_tcp:exploit/multi/handler
@bwatters-r7

This comment has been minimized.

Copy link
Contributor

commented Jun 2, 2019

I checked the test report. Those are Windows payload tests failing. There's nothing you did that should have affected them, and every test failed. My guess is that it failed for infrastructure reasons. I will dig a bit more to be sure.

@bwatters-r7

This comment has been minimized.

Copy link
Contributor

commented Jun 2, 2019

Yup; @jmartin-r7 I think there was something up with the sanity testing on this one. I got full-pass on my side.

@jmartin-r7

This comment has been minimized.

Copy link
Contributor

commented Jun 2, 2019

@msjenkins-r7 test this please.

@CCob

This comment has been minimized.

Copy link
Contributor Author

commented Jun 3, 2019

Test looks good now, Let me know if you need anything else.

@bwatters-r7

This comment has been minimized.

Copy link
Contributor

commented Jun 3, 2019

@CCob someone needs to test it and land it. I can do that, but I am not super familiar with this payload's practical use, to be honest. From the asm, I can see it finds a conected port then dups the file descriptor, but can you give me a scenario that requires it to a I can do a quick test and land? I tried earlier to run it with a netcatted connection, and I think I may be getting the use case wrong.

@CCob

This comment has been minimized.

Copy link
Contributor Author

commented Jun 3, 2019

@bwatters-r7 Generally it will be used in situations where you can neither setup a listening port for a shell or an outgoing reverse shell due to firewall restrictions. You have to bind the client socket that you are connecting with to match that of the payload (or patch the payload at runtime). I'm not sure if netcat allows you to specify the client port when connecting, so you may need a python script to test. Also it probably wont work behind a natted connection, since the client port generally changes and it wont match

@busterb busterb self-assigned this Jun 29, 2019

@busterb

This comment has been minimized.

Copy link
Member

commented Jun 29, 2019

Landing this to fix the obvious bug.

@busterb busterb merged commit aaa017e into rapid7:master Jun 29, 2019

3 checks passed

Metasploit Automation - Sanity Test Execution Successfully completed all tests.
Details
Metasploit Automation - Test Execution Successfully completed all tests.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details

busterb added a commit that referenced this pull request Jun 29, 2019

@busterb

This comment has been minimized.

Copy link
Member

commented Jun 29, 2019

Release Notes

This corrects a bug from an uninitialized value in the Linux x64 shell_find_port payload.

msjenkins-r7 added a commit that referenced this pull request Jun 29, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.