Binding HTTPServer (Non SSL) and reverse_*https to same port doesn't give a warning

rapid7 / metasploit-framework

Metasploit Framework

https://www.metasploit.com/

Other

34.05k stars 13.95k forks source link

Binding HTTPServer (Non SSL) and reverse_*https to same port doesn't give a warning #5048

Open Meatballs1 opened 9 years ago

Meatballs1 commented 9 years ago

Repro

use exploit/multi/script/webdelivery
set payload windows/meterpreter/reverse_winhttps
set SRVPORT 80
set LPORT 80

Expected result - should give an error telling you that you have attempted to register both an SSL and a Non SSL handler on the web server.

Actual result - handler runs. When you attempt to access it over HTTP your connection will reset after sending the HTTP request. If you access it over HTTPS you won't get the resource

bcook-r7 commented 9 years ago

If pro has a way of managing used ports, perhaps that should be pulled into framework, says @limhoff-r7 .

wchen-r7 commented 9 years ago

So I guess we'll need to talk to @limhoff-r7 about how and when we'll be able to do this.