Metasploit mailing list archives

Problem with LHOST on exploits.

From: egypt at metasploit.com (egypt at metasploit.com)
Date: Tue, 14 Apr 2009 09:33:22 -0600

The purpose of this behavior is to allow you to use a port forward on
a NATing firewall between you and the target.  For example, say you
have an internal address of 192.168.1.2 and your firewall has an
external address of 10.1.1.1. You can set LHOST to 10.1.1.1 and use
your firewall's port forwarding features to forward LPORT on the
outside to 192.168.1.2 on the inside.  If metasploit tried to bind to
10.1.1.1 on your attacking box, it would fail because no interface has
that address.

If a server is already listening on 0.0.0.0, metasploit won't be able
to bind on the "any" address, so it tries to use the specified LHOST
before giving up.  This is useful, for example, when you have a
webserver listening on 0.0.0.0:80 and want to use 192.168.1.2:80 for a
reverse shell.

Hope this helped,
egypt

On Tue, Apr 14, 2009 at 5:13 AM, Professor 0110 <professor0110 at gmail.com> wrote:

Thanks for the quick reply and help Anastasios!

But even with 0.0.0.0 is LHOST still set to my IP address which I specified?

On Tue, Apr 14, 2009 at 9:06 PM, Anastasios Monachos <anastasiosm at gmail.com>
wrote:


This is normal, nothing to worry about. 0.0.0.0 means every ip address.

When you have a server usually you can set it up to listen on a specific
IP address/interface or you can set it to listen on every interface/ip your
system may support, the last option is defined by using 0.0.0.0.

Hope that is clear enough.

2009/4/14 Professor 0110 <professor0110 at gmail.com>


Hi all,

Whenever I attempt to use an exploit with a payload and I execute the
exploit, the output shows the following:

[*] Handler binding to LHOST 0.0.0.0

Why does it do that when I've explicitly stated the LHOST for the
particular payload/exploit?

Ant help on this matter will be greatly appreciated!

Oh yeah, I'm using Ubuntu 8.10.

Cheers,

Professor 0110

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework




--
AM
Key ID: 0x5EB17EE7



_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

Current thread:

Problem with LHOST on exploits. Professor 0110 (Apr 14)
- Problem with LHOST on exploits. Anastasios Monachos (Apr 14)
  - Problem with LHOST on exploits. Professor 0110 (Apr 14)
    - Problem with LHOST on exploits. Anastasios Monachos (Apr 14)
    - Problem with LHOST on exploits. egypt at metasploit.com (Apr 14)
    - vulnerability discovery? jeffs (Apr 14)
    - vulnerability discovery? Patrick Webster (Apr 14)
    - Problem with LHOST on exploits. Professor 0110 (Apr 14)
    - Problem with LHOST on exploits. Patrick Webster (Apr 14)
    - Problem with LHOST on exploits. Professor 0110 (Apr 15)
    - Problem with LHOST on exploits. egypt at metasploit.com (Apr 15)
    - Message not available
    - Problem with LHOST on exploits. Professor 0110 (Apr 15)
    - Message not available
    - Problem with LHOST on exploits. Professor 0110 (Apr 15)