Merge pull request #298 from Veil-Framework/rpc_bind

This is a mitigation for a security vulnerability with Veil-Evasions RPC server
Veil-Framework · Mar 29, 2016 · 3cffe14 · 3cffe14
2 parents c30d2f0 + 5533057
commit 3cffe14
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 2 deletions.
diff --git a/CHANGELOG b/CHANGELOG
@@ -1,3 +1,8 @@
+[03.29.2016]
+     Released.: 2.25
+     Fixed....: Security vulnerability reported to us by @botnet_hunter.  There was an issue with the RPC server when binding to 0.0.0.0 that essentially allowed RCE.  If you weren't using the RPC server, you weren't affected, but it's good to patch.
+     Thanks...: Thanks to Brian Wallace (@botnet_hunter) for reporting this vulnerability and allowing us to push a patch.
+
 [02.16.2016]
      Released.: 2.24
      Added....: I've added obfuscation to the python payloads.  Some AVs are triggering on ctypes being referenced everywhere, at the moment, it's only in the file once.

diff --git a/Veil-Evasion.py b/Veil-Evasion.py
@@ -213,7 +213,7 @@ def runRPC(port=4242):
     s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
 
     #  Start listening on the socket for connections
-    s.bind(('', port))
+    s.bind(('127.0.0.1', port))
     s.listen(1)
 
     # Create a server thread handling incoming connections

diff --git a/modules/common/messages.py b/modules/common/messages.py
@@ -8,7 +8,7 @@
 import helpers
 
 
-version = "2.24"
+version = "2.25"
 
 
 # try to find and import the settings.py config file