A lot of people have been asking me to support domain names directly from Shellter in the LHOST parameter.
This is something that I am planning to implement in the upcoming version (v5.2) of Shellter. If you need this right now, then you can generate the payload in raw format from metasploit and feed it to Shellter.
However, this is also a good opportunity to make some things clear about setting domain names as LHOST parameter at the various payloads that support reverse connection back to the attacker’s server.
While some people might be aware of what actually happens in the background during the payload generation in metasploit regarding this matter, it also came to my attention that not everyone is.
Depending on which payload you are using, domain names don’t always make sense for the generated shellcode itself.
In other words, depending on which functions the payload is using to connect back to the attacker’s server, the shellcode output doesn’t necessarily include the domain name.
Let’s take as an example the case where you use the reverse_shell_tcp or the meterpreter_reverse_tcp payloads with a domain name as LHOST parameter.
What happends in reality is that your host is doing a DNS request to get the IP for that domain, which will then hardcode in the generated shellcode. If you try to do the same from a host that can’t succesfully obtain an IP address, then the payload will not be generated and you will get an error saying that the LHOST parameter is not valid.
On the other hand when you use payloads such as meterpreter_reverse_http(s), in those cases using a domain name it actually makes sense because it will be hardcoded in the generated shellcode as is. In a few words, your host won’t perform any DNS requests for this payload, since it doesn’t need to hardcode any IPs in the shellcode.
Enjoy,
kyREcon