Comments (6)
Thanks! Good catch, we should def be validating these
from silenttrinity.
I'd expect ST to validate that the BindIP given is one that can be bound.
Maybe not one that can be bound? Might affect people using any sort of proxy in front of ST and expect callbacks to that IP. But probably a good idea to at least make sure the IP is a valid IP.
from silenttrinity.
Didn't think of that! Yeah I'll def just add a check to make sure the IP is valid.
from silenttrinity.
I just had a weird moment of clarity. Maybe there should be a listener IP value and a callback IP value.
The listener should be something that can be bound to, since that's immediately exposed to ST.
The callback value doesn't have to be exposed to ST, and generating stagers should use the callback value if it's set. Otherwise, use the listener value.
..unless that's already what happens with CallbackUrls. I haven't tried that. 🤷🏾♂️
from silenttrinity.
I just had a weird moment of clarity. Maybe there should be a listener IP value and a callback IP value.
The listener should be something that can be bound to, since that's immediately exposed to ST.
The callback value doesn't have to be exposed to ST, and generating stagers should use the callback value if it's set. Otherwise, use the listener value.
..unless that's already what happens with CallbackUrls. I haven't tried that. 🤷🏾♂️
This is what CallbackURLs is for.
from silenttrinity.
I cannot reproduce this. Without supplying a valid BindIP the listener won't start (which makes sense).
It's easy enough to add validation to the inputs when being set...but I'm curious how you managed to start the listener without a valid address.
from silenttrinity.
Related Issues (20)
- [Feature Request] Linked Docker Hub builds HOT 1
- Sessions do not appear on client HOT 1
- Update Install Documentation HOT 1
- [BUG] 'PromptSession' object has no attribute 'prompt_async' HOT 3
- Cannot use staged payloads (only stageless) [BUG] HOT 5
- upload.py: module 'module' has no attribute 'STModule' HOT 2
- [BUG] Unable to perform http POST request using exe stager HOT 5
- Could not find a version that satisfies the requirement Hypercorn==0.9.0
- [BUG] env -S not supported on Ubuntu 18.04 HOT 1
- Boo casting exception when executing modules HOT 5
- [FEATURE REQUEST] Implicitly set rhost value in stagers
- [enhancement] Implicitly set rhost value for stargers HOT 1
- [BUG] Unhandled exception in event loop HOT 1
- [BUG]
- [BUG] Not able to run st.py HOT 1
- Stagers never complete. HOT 3
- [BUG]Multi Operator Setup
- [BUG] Silenttrinity Client strait lines not showing up HOT 1
- [BUG] Client crashes after using any command HOT 1
- Got error while using boo/inject
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from silenttrinity.