Support dual IPv4 / IPv6 TCP servers in Python

[zeroSteiner]

This adds dual stack IPv4 / IPv6 TCP server support to the Python Meterpreter. When a TCP server channel is opened and the LocalHost is blank (the TLV is completely missing or the value is an empty string), the Meterpreter will bind to all interfaces it can. This includes both IPv4 and IPv6 addresses. This does what the Windows Meterpreter currently does. Once #599 is landed, the Windows Meterpreter will also actually honor the LocalHost option meaning that once both are landed they will both behave in the same way.

Test this with:

• Warn On Ignoring Bind Information for Reverse Port Forwarding metasploit-framework#17340

• Open a Meterpreter session
• Setup a reverse port forward
• See that the target host is listening on both IPv4 and IPv6 addresses
  • On Windows, these will show up as separate entries in netstat, you can check with netstat /anp tcp and netstat /anp tcpv6. On Linux it'll only show up as a listening IPv6 socket, but you'll be able to connect to the host on IPv4 too.

Tested on both Windows and Linux.

[gwillcox-r7]

Confirmed this is working as expected:

 ~/git/metasploit-framework │ master *2 ?10  ./msfconsole                                                    ✔ │ 3.0.5 Ruby │ 01:45:16 PM 
                                                  
IIIIII    dTb.dTb        _.---._
  II     4'  v  'B   .'"".'/|\`.""'.
  II     6.     .P  :  .' / | \ `.  :
  II     'T;. .;P'  '.'  /  |  \  `.'
  II      'T; ;P'    `. /   |   \ .'
IIIIII     'YvP'       `-.__|__.-'

I love shells --egypt


       =[ metasploit v6.2.36-dev-436e1489c7               ]
+ -- --=[ 2277 exploits - 1192 auxiliary - 408 post       ]
+ -- --=[ 951 payloads - 45 encoders - 11 nops            ]
+ -- --=[ 9 evasion                                       ]

Metasploit tip: You can use help to view all 
available commands
Metasploit Documentation: https://docs.metasploit.com/

msf6 > exit
 ~/git/metasploit-framework │ master *2 ?10  git checkout upstream/pr/17340 -b land-pr17340            ✔ │ 40s │ 3.0.5 Ruby │ 01:46:01 PM 
fatal: A branch named 'land-pr17340' already exists.
 ~/git/metasploit-framework │ master *2 ?10  git checkout land-pr17340                                   128 ✘ │ 3.0.5 Ruby │ 01:46:26 PM 
Switched to branch 'land-pr17340'
Your branch and 'upstream/pr/17340' have diverged,
and have 3 and 335 different commits each, respectively.
  (use "git pull" to merge the remote branch into yours)
 ~/git/metasploit-framework │ land-pr17340:pr/17340 ⇣335⇡3 *2 ?10  git checkout master                       ✔ │ 3.0.2 Ruby │ 01:46:32 PM 
Switched to branch 'master'
Your branch is up to date with 'origin/master'.
 ~/git/metasploit-framework │ master *2 ?10  git branch -D land-pr17340                                      ✔ │ 3.0.5 Ruby │ 01:46:40 PM 
Deleted branch land-pr17340 (was 329f54abce).
 ~/git/metasploit-framework │ master *2 ?10  git checkout upstream/pr/17340 -b land-pr17340                  ✔ │ 3.0.5 Ruby │ 01:46:47 PM 
Branch 'land-pr17340' set up to track remote branch 'pr/17340' from 'upstream'.
Switched to a new branch 'land-pr17340'
 ~/git/metasploit-framework │ land-pr17340:pr/17340 *2 ?10  git log                                          ✔ │ 3.0.5 Ruby │ 01:46:51 PM 

 ~/git/metasploit-framework │ land-pr17340:pr/17340 *2 ?10  ./msfconsole                           INT ✘ │ 29s │ 3.0.5 Ruby │ 01:47:22 PM 
                                                  

  Metasploit Park, System Security Interface
  Version 4.0.5, Alpha E
  Ready...
  > access security
  access: PERMISSION DENIED.
  > access security grid
  access: PERMISSION DENIED.
  > access main security grid
  access: PERMISSION DENIED....and...
  YOU DIDN'T SAY THE MAGIC WORD!
  YOU DIDN'T SAY THE MAGIC WORD!
  YOU DIDN'T SAY THE MAGIC WORD!
  YOU DIDN'T SAY THE MAGIC WORD!
  YOU DIDN'T SAY THE MAGIC WORD!
  YOU DIDN'T SAY THE MAGIC WORD!
  YOU DIDN'T SAY THE MAGIC WORD!


       =[ metasploit v6.2.35-dev-2b0081c680               ]
+ -- --=[ 2277 exploits - 1192 auxiliary - 406 post       ]
+ -- --=[ 951 payloads - 45 encoders - 11 nops            ]
+ -- --=[ 9 evasion                                       ]

Metasploit tip: Adapter names can be used for IP params 
set LHOST eth0
Metasploit Documentation: https://docs.metasploit.com/

msf6 > use payload/python/meterpreter/bind_tcp
msf6 payload(python/meterpreter/bind_tcp) > show options

Module options (payload/python/meterpreter/bind_tcp):

   Name   Current Setting  Required  Description
   ----   ---------------  --------  -----------
   LPORT  4444             yes       The listen port
   RHOST                   no        The target address


View the full module info with the info, or info -d command.

msf6 payload(python/meterpreter/bind_tcp) > set RHOST 192.168.153.205
RHOST => 192.168.153.205
msf6 payload(python/meterpreter/bind_tcp) > generate -f raw -o reverse_python.py
[*] Writing 388 bytes to reverse_python.py...
msf6 payload(python/meterpreter/bind_tcp) > run
[-] Unknown command: run
msf6 payload(python/meterpreter/bind_tcp) > to_handler
[*] Payload Handler Started as Job 0
msf6 payload(python/meterpreter/bind_tcp) > 
[*] Started bind TCP handler against 192.168.153.205:4444
[*] Sending stage (24380 bytes) to 192.168.153.205
WARNING: Local file /home/gwillcox/.msf4/payloads/meterpreter/ext_server_stdapi.py is being used
WARNING: Local files may be incompatible with the Metasploit Framework
[*] Meterpreter session 1 opened (192.168.153.128:34779 -> 192.168.153.205:4444) at 2023-01-13 13:57:32 -0600

msf6 payload(python/meterpreter/bind_tcp) > seInterrupt: use the 'exit' command to quit0.0.1 -p 2222 -r 127.0.0.1
msf6 payload(python/meterpreter/bind_tcp) > sessions -i 1
[*] Starting interaction with 1...

meterpreter > portfwd add -R -l 8080 -L 127.0.0.1 -p 2222 -r 127.0.0.1
[!] The remote host (-r) option is ignored for reverse port forwards.
[*] Reverse TCP relay created: (remote) 127.0.0.1:2222 -> (local) [::]:2222
meterpreter >