-
Notifications
You must be signed in to change notification settings - Fork 13.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support Pivoted SSL Connections (Server Edition) #15796
Support Pivoted SSL Connections (Server Edition) #15796
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Had one question on this but otherwise looks good. Approved.
Not sure if I'm doing something wrong here but this seems to be throwing stack traces. |
70fdfbc
to
40a4d09
Compare
I don't know how that snuck in but you definitely found a bug. I resolved the issue in 40a4d09 which also makes the code more similar to the SSH counterpart. I also rebased to pull in the changes that bump metasploit-payloads to v2.0.60 which fixed an unrelated issue in the Python Meterpreter that was coming up while I was reproducing your results. |
Still getting errors:
|
Looks like this is related to a permissions error, changing this to a higher numbered port that nothing was listening on worked and prevents this stack trace, although we likely should be handling this error to prevent user confusion. |
Curl Side:
Server Side:
|
Getting connection errors with the regular command shell version:
On Curl:
|
And Metasploit:
|
Release NotesSupport for pivoted SSL server connections as used by capture modules and listeners has been added to Metasploit. The support works for both Meterpreter sessions and SSH sessions. |
Heads up had to enable GatewayPorts on Ubuntu, may be named AllowGatewayPorts or similar on other distros, for this to work with SSH sessions. |
This is the other half of #15721 which added SSL support for pivoted client connections. This adds the same support for pivoted server connections as used by capture modules and listeners. The support works for both Meterpreter sessions and SSH sessions (which just got server channel support landed today).
Verification
List the steps needed to make sure this thing works
msfconsole
auxiliary/scanner/ssh/ssh_login
module)route add 0 0 #
auxiliary/server/capture/http_basic
moduleset SSL true
set URI targeturi
(this isn't technically necessary but makes testing a little easier)curl -vvvv --user hello:world -k http://192.168.159.31:8443/targeturi