[framework] honoring route in aux modules
mmiller at hick.org
mmiller at hick.org
Mon Apr 23 21:01:11 CDT 2007
On Mon, Apr 23, 2007 at 09:54:56PM -0400, j0hnny wrote:
> Hey all!
>
> First post, so be extra kind. =) Anyhow, I'm working on getting pivot
> stuff to work, and I've had great luck with routing exploit modules
> through "route", but no luck in getting aux modules to ehhh... route
> through route.
>
> For my testing, my payload is windows/meterpreter/reverse_tcp fired
> through windows/browser/ms06_013_createtextrange. My target is natted
> on a 10.8.1.0 net. He hits up the MSF url, meterpreter loads, I
> interact with the session and add a route for 10.8.1.0 through that
> session.
>
> As I said, any further exploit module targeting the 10.8.1 net routes
> through the session as expected. Aux modules, like sweep_udp ignore
> the route and fail looking for 10.8.1 on my local net.
At the moment this is a limitation of meterpreter's pivoting. It
doesn't currently support pivoting UDP traffic. It only supports
pivoting outbound TCP connections. Perhaps if the stars align and time,
motivation, and interest all coincide, I might toss support in there :)
With that said, if anyone is interested in taking a look at adding
support for this in the meantime, I can point you to the various
locations where code changes would need to be made. Be forewarned,
though, that it's a non-trivial change :)
If you run into problems with aux modules that establish TCP
connections, definitely let us know as that shouldn't be the case (with
exception of things like nmap, of course).
More information about the framework
mailing list