Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix pivot handler to not consume all packets #9492

Merged
merged 1 commit into from
Feb 3, 2018
Merged

Fix pivot handler to not consume all packets #9492

merged 1 commit into from
Feb 3, 2018

Conversation

busterb
Copy link
Member

@busterb busterb commented Feb 3, 2018
edited
Loading

Packet handlers should only return true if they consume a packet. Otherwise, they should return false so something else can consume it. This fixes port forwards by allowing the socket handler to see packets
that were otherwise being discarded in the pivot handler.

Fixes #9479

Verification

List the steps needed to make sure this thing works

  • Start msfconsole
  • Start a listener and get any Meterpreter session type. I primarily tested with:

./msfconsole -qx 'use multi/handler; set payload linux/x86/meterpreter_reverse_tcp; set lhost 192.168.56.1; run'

  • At the Meterpreter prompt add a reverse listener: portfwd add -R -L 127.0.0.1 -l 8080 -p 8081
  • In another terminal, start netcat listening on port 8080: nc -lk 8080
  • In another terminal, connect to port 8081 and send/receive some bytes on port 8081: nc 127.0.0.1 8081
  • Verify that bytes are sent and received.

Alternately, do anything that uses pivot functionality.

@busterb
Fix pivot handler to not consume all packets
d5ae2bb 
Packet handlers should only return true if they consume a packet.
Otherwise, they should return false so something else can consume it.
This fixes port forwards by allowing the socket handler to see packets
that were otherwise being discarded in the pivot handler.
@busterb
Copy link
Member Author

busterb commented Feb 3, 2018

@bwatters-r7 another interesting case to see about adding to the payload regression tests

@scriptjunkie scriptjunkie merged commit d5ae2bb into rapid7:master Feb 3, 2018
scriptjunkie added a commit that referenced this pull request Feb 3, 2018
@scriptjunkie
Land #9492, fix for reverse port forwards
b247b8e
@busterb
Copy link
Member Author

busterb commented Feb 3, 2018

Thanks!

@busterb busterb deleted the fix-non-pivot-handlers branch February 3, 2018 04:11
jmartin-tech pushed a commit to jmartin-tech/metasploit-framework that referenced this pull request Feb 7, 2018
@scriptjunkie @jmartin-tech
Land rapid7#9492, fix for reverse port forwards
64c0d60
@allrosenthal-r7
Copy link

@busterb can you please write release notes for this PR?

@allrosenthal-r7
Copy link

Release Notes

The pivot handler was returning 'true' for any packet, even if it did not actually consume it, which led to the socket channel handler not being sent any packets at all. Now, if the pivot handler does not consume the packet, it returns 'false', which allows the socket handler to see packets that were otherwise being discarded in the pivot handler.

@allrosenthal-r7 allrosenthal-r7 added the rn-fix release notes fix label Feb 28, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
bug meterpreter payload rn-fix release notes fix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Meterpreter_Windows_Reverse_Tcp(x86,x64) can't create session correctly through a pivot
4 participants
@busterb @allrosenthal-r7 @scriptjunkie @acammack-r7