Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Similar to #83, --self-inject does not detect python because client does not send server output of remote_command #115

Open
KFDCompiled opened this issue Aug 9, 2022 · 3 comments
Open

Similar to #83, --self-inject does not detect python because client does not send server output of remote_command #115

KFDCompiled opened this issue Aug 9, 2022 · 3 comments
Labels
bug Something isn't working

Comments

@KFDCompiled
Copy link

KFDCompiled commented Aug 9, 2022
edited

ISSUE TYPE

  • Bug Report

OS / ENVIRONMENT

  1. Operating system: Linux
  2. Python version: 2.7, 3.9

Server:

./pwncat -l 192.168.10.184 9999 --self-inject /bin/sh:192.168.10.184:10000 -vvvvv
2022-08-09 13:43:45,186 DEBUG [MainThread] 3396:__init__(): STDOUT isatty: True
2022-08-09 13:43:45,186 DEBUG [MainThread] 3397:__init__(): STDIN  isatty: True
2022-08-09 13:43:45,186 DEBUG [MainThread] 3398:__init__(): STDIN  posix:  False (posix)
2022-08-09 13:43:45,186 DEBUG [MainThread] 1465:create_socket(): Creating (family 10/IPv6, TCP) socket
2022-08-09 13:43:45,186 DEBUG [MainThread] 1485:create_socket(): Disabling IPv4 support on IPv6 socket
2022-08-09 13:43:45,186 DEBUG [MainThread] 1465:create_socket(): Creating (family 2/IPv4, TCP) socket
2022-08-09 13:43:45,186 DEBUG [MainThread] 1414:gethostbyname(): Resolving IPv4 name not required, changing to IPv6: ::ffff:192.168.10.184
2022-08-09 13:43:45,186 DEBUG [MainThread] 1418:gethostbyname(): Resolving IPv4 host not required, already an IP: 192.168.10.184
2022-08-09 13:43:45,187 DEBUG [MainThread] 1517:bind(): Binding (family 10/IPv6, TCP) socket to ::ffff:192.168.10.184:9999
2022-08-09 13:43:45,187 DEBUG [MainThread] 1517:bind(): Binding (family 2/IPv4, TCP) socket to 192.168.10.184:9999
2022-08-09 13:43:45,187 DEBUG [MainThread] 2214:run_server(): Removing (family 10/IPv6) due to: Binding (family 10/IPv6, TCP) socket to ::ffff:192.168.10.184:9999 failed: [Errno 22] Invalid argument
2022-08-09 13:43:45,187 DEBUG [MainThread] 1545:listen(): Listening with backlog=0
2022-08-09 13:43:45,187 INFO [MainThread] 2247:run_server(): Listening on 192.168.10.184:9999 (family 2/IPv4, TCP)
2022-08-09 13:43:45,187 DEBUG [MainThread] 1574:accept(): Waiting for TCP client
2022-08-09 13:44:25,264 INFO [MainThread] 1591:accept(): Client connected from 192.168.10.254:5555 (family 2/IPv4, TCP)
[PWNCAT CnC] Checking if remote sends greeting...
2022-08-09 13:44:25,615 TRACE [MainThread] 4481:send_recv(): Timeout: Receive timed out after 0.350531 sec in 1/5 rounds
2022-08-09 13:44:25,965 TRACE [MainThread] 4481:send_recv(): Timeout: Receive timed out after 0.701250 sec in 2/5 rounds
2022-08-09 13:44:26,316 TRACE [MainThread] 4481:send_recv(): Timeout: Receive timed out after 1.051963 sec in 3/5 rounds
2022-08-09 13:44:26,667 TRACE [MainThread] 4481:send_recv(): Timeout: Receive timed out after 1.402650 sec in 4/5 rounds
2022-08-09 13:44:27,017 TRACE [MainThread] 4481:send_recv(): Timeout: Receive timed out after 1.753344 sec in 5/5 rounds
[PWNCAT CnC] Checking if remote sends prefix/suffix to every request...
2022-08-09 13:44:27,018 DEBUG [MainThread] 1898:send(): Trying to send 15 bytes to 192.168.10.254:5555
2022-08-09 13:44:27,018 TRACE [MainThread] 1904:send(): Trying to send: b'echo "__pwn__"\n'
2022-08-09 13:44:27,018 DEBUG [MainThread] 1921:send(): Sent 15 bytes to 192.168.10.254:5555 (0 bytes remaining)
2022-08-09 13:44:27,368 TRACE [MainThread] 4481:send_recv(): Timeout: Receive timed out after 0.350471 sec in 1/5 rounds
2022-08-09 13:44:27,719 TRACE [MainThread] 4481:send_recv(): Timeout: Receive timed out after 0.701191 sec in 2/5 rounds
2022-08-09 13:44:28,070 TRACE [MainThread] 4481:send_recv(): Timeout: Receive timed out after 1.051911 sec in 3/5 rounds
2022-08-09 13:44:28,420 TRACE [MainThread] 4481:send_recv(): Timeout: Receive timed out after 1.402645 sec in 4/5 rounds
2022-08-09 13:44:28,771 TRACE [MainThread] 4481:send_recv(): Timeout: Receive timed out after 1.753336 sec in 5/5 rounds
2022-08-09 13:44:28,771 DEBUG [MainThread] 4771:__set_remote_prefix(): Set suffix before: []
2022-08-09 13:44:28,771 DEBUG [MainThread] 4773:__set_remote_prefix(): Set suffix after:  []
[PWNCAT CnC] Remote does not send prefix
[PWNCAT CnC] Remote does not send suffix
2022-08-09 13:44:28,772 DEBUG [MainThread] 4827:__set_remote_python_path(): Probing for: which python3
2022-08-09 13:44:28,772 DEBUG [MainThread] 1898:send(): Trying to send 26 bytes to 192.168.10.254:5555
2022-08-09 13:44:28,772 TRACE [MainThread] 1904:send(): Trying to send: b'which python3 2>/dev/null\n'
2022-08-09 13:44:28,772 DEBUG [MainThread] 1921:send(): Sent 26 bytes to 192.168.10.254:5555 (0 bytes remaining)
2022-08-09 13:44:29,122 TRACE [MainThread] 4481:send_recv(): Timeout: Receive timed out after 0.350484 sec in 1/5 rounds
2022-08-09 13:44:29,473 TRACE [MainThread] 4481:send_recv(): Timeout: Receive timed out after 0.701201 sec in 2/5 rounds
2022-08-09 13:44:29,824 TRACE [MainThread] 4481:send_recv(): Timeout: Receive timed out after 1.051899 sec in 3/5 rounds
2022-08-09 13:44:30,175 TRACE [MainThread] 4481:send_recv(): Timeout: Receive timed out after 1.402663 sec in 4/5 rounds
2022-08-09 13:44:30,525 TRACE [MainThread] 4481:send_recv(): Timeout: Receive timed out after 1.753401 sec in 5/5 rounds
[PWNCAT CnC] Response:
2022-08-09 13:44:30,526 DEBUG [MainThread] 4827:__set_remote_python_path(): Probing for: which python
2022-08-09 13:44:30,526 DEBUG [MainThread] 1898:send(): Trying to send 25 bytes to 192.168.10.254:5555
2022-08-09 13:44:30,526 TRACE [MainThread] 1904:send(): Trying to send: b'which python 2>/dev/null\n'
2022-08-09 13:44:30,526 DEBUG [MainThread] 1921:send(): Sent 25 bytes to 192.168.10.254:5555 (0 bytes remaining)
2022-08-09 13:44:30,877 TRACE [MainThread] 4481:send_recv(): Timeout: Receive timed out after 0.350487 sec in 1/5 rounds
2022-08-09 13:44:31,228 TRACE [MainThread] 4481:send_recv(): Timeout: Receive timed out after 0.701441 sec in 2/5 rounds
2022-08-09 13:44:31,579 TRACE [MainThread] 4481:send_recv(): Timeout: Receive timed out after 1.052403 sec in 3/5 rounds
2022-08-09 13:44:31,930 TRACE [MainThread] 4481:send_recv(): Timeout: Receive timed out after 1.403363 sec in 4/5 rounds
2022-08-09 13:44:32,281 TRACE [MainThread] 4481:send_recv(): Timeout: Receive timed out after 1.754384 sec in 5/5 rounds
[PWNCAT CnC] Response:
2022-08-09 13:44:32,282 DEBUG [MainThread] 4827:__set_remote_python_path(): Probing for: which python2
2022-08-09 13:44:32,282 DEBUG [MainThread] 1898:send(): Trying to send 26 bytes to 192.168.10.254:5555
2022-08-09 13:44:32,283 TRACE [MainThread] 1904:send(): Trying to send: b'which python2 2>/dev/null\n'
2022-08-09 13:44:32,283 DEBUG [MainThread] 1921:send(): Sent 26 bytes to 192.168.10.254:5555 (0 bytes remaining)
2022-08-09 13:44:32,634 TRACE [MainThread] 4481:send_recv(): Timeout: Receive timed out after 0.350500 sec in 1/5 rounds
2022-08-09 13:44:32,985 TRACE [MainThread] 4481:send_recv(): Timeout: Receive timed out after 0.701460 sec in 2/5 rounds
2022-08-09 13:44:33,336 TRACE [MainThread] 4481:send_recv(): Timeout: Receive timed out after 1.052369 sec in 3/5 rounds
2022-08-09 13:44:33,687 TRACE [MainThread] 4481:send_recv(): Timeout: Receive timed out after 1.403336 sec in 4/5 rounds
2022-08-09 13:44:34,038 TRACE [MainThread] 4481:send_recv(): Timeout: Receive timed out after 1.754300 sec in 5/5 rounds
[PWNCAT CnC] Response:
2022-08-09 13:44:34,038 DEBUG [MainThread] 4827:__set_remote_python_path(): Probing for: which python2.7
2022-08-09 13:44:34,038 DEBUG [MainThread] 1898:send(): Trying to send 28 bytes to 192.168.10.254:5555
2022-08-09 13:44:34,039 TRACE [MainThread] 1904:send(): Trying to send: b'which python2.7 2>/dev/null\n'
2022-08-09 13:44:34,039 DEBUG [MainThread] 1921:send(): Sent 28 bytes to 192.168.10.254:5555 (0 bytes remaining)
2022-08-09 13:44:34,390 TRACE [MainThread] 4481:send_recv(): Timeout: Receive timed out after 0.350504 sec in 1/5 rounds
2022-08-09 13:44:34,741 TRACE [MainThread] 4481:send_recv(): Timeout: Receive timed out after 0.701578 sec in 2/5 rounds
2022-08-09 13:44:35,092 TRACE [MainThread] 4481:send_recv(): Timeout: Receive timed out after 1.052568 sec in 3/5 rounds
2022-08-09 13:44:35,443 TRACE [MainThread] 4481:send_recv(): Timeout: Receive timed out after 1.403498 sec in 4/5 rounds
2022-08-09 13:44:35,794 TRACE [MainThread] 4481:send_recv(): Timeout: Receive timed out after 1.754471 sec in 5/5 rounds
[PWNCAT CnC] Response:
2022-08-09 13:44:35,794 DEBUG [MainThread] 4827:__set_remote_python_path(): Probing for: which python3.5
2022-08-09 13:44:35,794 DEBUG [MainThread] 1898:send(): Trying to send 28 bytes to 192.168.10.254:5555
2022-08-09 13:44:35,795 TRACE [MainThread] 1904:send(): Trying to send: b'which python3.5 2>/dev/null\n'
2022-08-09 13:44:35,795 DEBUG [MainThread] 1921:send(): Sent 28 bytes to 192.168.10.254:5555 (0 bytes remaining)
2022-08-09 13:44:36,145 TRACE [MainThread] 4481:send_recv(): Timeout: Receive timed out after 0.350499 sec in 1/5 rounds
2022-08-09 13:44:36,496 TRACE [MainThread] 4481:send_recv(): Timeout: Receive timed out after 0.701473 sec in 2/5 rounds
2022-08-09 13:44:36,847 TRACE [MainThread] 4481:send_recv(): Timeout: Receive timed out after 1.052447 sec in 3/5 rounds
2022-08-09 13:44:37,198 TRACE [MainThread] 4481:send_recv(): Timeout: Receive timed out after 1.403437 sec in 4/5 rounds
2022-08-09 13:44:37,549 TRACE [MainThread] 4481:send_recv(): Timeout: Receive timed out after 1.754413 sec in 5/5 rounds
[PWNCAT CnC] Response:
2022-08-09 13:44:37,550 DEBUG [MainThread] 4827:__set_remote_python_path(): Probing for: which python3.6
2022-08-09 13:44:37,550 DEBUG [MainThread] 1898:send(): Trying to send 28 bytes to 192.168.10.254:5555
2022-08-09 13:44:37,550 TRACE [MainThread] 1904:send(): Trying to send: b'which python3.6 2>/dev/null\n'
2022-08-09 13:44:37,550 DEBUG [MainThread] 1921:send(): Sent 28 bytes to 192.168.10.254:5555 (0 bytes remaining)
2022-08-09 13:44:37,901 TRACE [MainThread] 4481:send_recv(): Timeout: Receive timed out after 0.350496 sec in 1/5 rounds
2022-08-09 13:44:38,252 TRACE [MainThread] 4481:send_recv(): Timeout: Receive timed out after 0.701492 sec in 2/5 rounds
2022-08-09 13:44:38,603 TRACE [MainThread] 4481:send_recv(): Timeout: Receive timed out after 1.052461 sec in 3/5 rounds
2022-08-09 13:44:38,954 TRACE [MainThread] 4481:send_recv(): Timeout: Receive timed out after 1.403419 sec in 4/5 rounds
2022-08-09 13:44:39,305 TRACE [MainThread] 4481:send_recv(): Timeout: Receive timed out after 1.754393 sec in 5/5 rounds
[PWNCAT CnC] Response:
2022-08-09 13:44:39,306 DEBUG [MainThread] 4827:__set_remote_python_path(): Probing for: which python3.7
2022-08-09 13:44:39,306 DEBUG [MainThread] 1898:send(): Trying to send 28 bytes to 192.168.10.254:5555
2022-08-09 13:44:39,306 TRACE [MainThread] 1904:send(): Trying to send: b'which python3.7 2>/dev/null\n'
2022-08-09 13:44:39,306 DEBUG [MainThread] 1921:send(): Sent 28 bytes to 192.168.10.254:5555 (0 bytes remaining)
2022-08-09 13:44:39,657 TRACE [MainThread] 4481:send_recv(): Timeout: Receive timed out after 0.350509 sec in 1/5 rounds
2022-08-09 13:44:40,008 TRACE [MainThread] 4481:send_recv(): Timeout: Receive timed out after 0.701510 sec in 2/5 rounds
2022-08-09 13:44:40,359 TRACE [MainThread] 4481:send_recv(): Timeout: Receive timed out after 1.052515 sec in 3/5 rounds
2022-08-09 13:44:40,710 TRACE [MainThread] 4481:send_recv(): Timeout: Receive timed out after 1.403461 sec in 4/5 rounds
2022-08-09 13:44:41,061 TRACE [MainThread] 4481:send_recv(): Timeout: Receive timed out after 1.754383 sec in 5/5 rounds
[PWNCAT CnC] Response:
2022-08-09 13:44:41,061 DEBUG [MainThread] 4827:__set_remote_python_path(): Probing for: which python3.8
2022-08-09 13:44:41,061 DEBUG [MainThread] 1898:send(): Trying to send 28 bytes to 192.168.10.254:5555
2022-08-09 13:44:41,062 TRACE [MainThread] 1904:send(): Trying to send: b'which python3.8 2>/dev/null\n'
2022-08-09 13:44:41,062 DEBUG [MainThread] 1921:send(): Sent 28 bytes to 192.168.10.254:5555 (0 bytes remaining)
2022-08-09 13:44:41,413 TRACE [MainThread] 4481:send_recv(): Timeout: Receive timed out after 0.350526 sec in 1/5 rounds
2022-08-09 13:44:41,764 TRACE [MainThread] 4481:send_recv(): Timeout: Receive timed out after 0.701422 sec in 2/5 rounds
2022-08-09 13:44:42,115 TRACE [MainThread] 4481:send_recv(): Timeout: Receive timed out after 1.052393 sec in 3/5 rounds
2022-08-09 13:44:42,465 TRACE [MainThread] 4481:send_recv(): Timeout: Receive timed out after 1.403347 sec in 4/5 rounds
2022-08-09 13:44:42,816 TRACE [MainThread] 4481:send_recv(): Timeout: Receive timed out after 1.754319 sec in 5/5 rounds
[PWNCAT CnC] Response:
[PWNCAT CnC] Probing for: /usr/bin/python3
2022-08-09 13:44:42,817 DEBUG [MainThread] 1898:send(): Trying to send 58 bytes to 192.168.10.254:5555
2022-08-09 13:44:42,818 TRACE [MainThread] 1904:send(): Trying to send: b'test -f /usr/bin/python3 && echo /usr/bin/python3 || echo\n'
2022-08-09 13:44:42,818 DEBUG [MainThread] 1921:send(): Sent 58 bytes to 192.168.10.254:5555 (0 bytes remaining)
2022-08-09 13:44:43,169 TRACE [MainThread] 4481:send_recv(): Timeout: Receive timed out after 0.350547 sec in 1/5 rounds
2022-08-09 13:44:43,520 TRACE [MainThread] 4481:send_recv(): Timeout: Receive timed out after 0.701487 sec in 2/5 rounds
2022-08-09 13:44:43,871 TRACE [MainThread] 4481:send_recv(): Timeout: Receive timed out after 1.052430 sec in 3/5 rounds
2022-08-09 13:44:44,222 TRACE [MainThread] 4481:send_recv(): Timeout: Receive timed out after 1.403409 sec in 4/5 rounds
2022-08-09 13:44:44,573 TRACE [MainThread] 4481:send_recv(): Timeout: Receive timed out after 1.754423 sec in 5/5 rounds
[...]
[PWNCAT CnC] Probing for: /opt/python3.8/bin/python3.8
2022-08-09 13:49:21,820 DEBUG [MainThread] 1898:send(): Trying to send 82 bytes to 192.168.10.254:5555
2022-08-09 13:49:21,820 TRACE [MainThread] 1904:send(): Trying to send: b'test -f /opt/python3.8/bin/python3.8 && echo /opt/python3.8/bin/python3.8 || echo\n'
2022-08-09 13:49:21,820 DEBUG [MainThread] 1921:send(): Sent 82 bytes to 192.168.10.254:5555 (0 bytes remaining)
2022-08-09 13:49:22,171 TRACE [MainThread] 4481:send_recv(): Timeout: Receive timed out after 0.350498 sec in 1/5 rounds
2022-08-09 13:49:22,522 TRACE [MainThread] 4481:send_recv(): Timeout: Receive timed out after 0.701218 sec in 2/5 rounds
2022-08-09 13:49:22,872 TRACE [MainThread] 4481:send_recv(): Timeout: Receive timed out after 1.051955 sec in 3/5 rounds
2022-08-09 13:49:23,223 TRACE [MainThread] 4481:send_recv(): Timeout: Receive timed out after 1.402681 sec in 4/5 rounds
2022-08-09 13:49:23,574 TRACE [MainThread] 4481:send_recv(): Timeout: Receive timed out after 1.753400 sec in 5/5 rounds
[PWNCAT CnC] No Python has been found. Aborting and handing over to current shell.
2022-08-09 13:49:23,575 TRACE [RECV] 4014:run_action(): [RECV] Producer Start
2022-08-09 13:49:23,575 TRACE [STDIN] 4014:run_action(): [STDIN] Producer Start
2022-08-09 13:51:35,682 DEBUG [RECV] 2032:receive(): Received 19 bytes from 192.168.10.254:5555
2022-08-09 13:51:35,682 TRACE [RECV] 2038:receive(): Received: b'string from client\n'
2022-08-09 13:51:35,682 TRACE [RECV] 4016:run_action(): [RECV] Producer received: b'string from client\n'
string from client
STRING FROM SERVER
2022-08-09 13:51:49,136 DEBUG [STDIN] 3435:producer(): Received 19 bytes from STDIN
2022-08-09 13:51:49,136 TRACE [STDIN] 3436:producer(): Received: b'STRING FROM SERVER\n'
2022-08-09 13:51:49,136 TRACE [STDIN] 4016:run_action(): [STDIN] Producer received: b'STRING FROM SERVER\n'
2022-08-09 13:51:49,136 DEBUG [STDIN] 1898:send(): Trying to send 19 bytes to 192.168.10.254:5555
2022-08-09 13:51:49,136 TRACE [STDIN] 1904:send(): Trying to send: b'STRING FROM SERVER\n'
2022-08-09 13:51:49,136 DEBUG [STDIN] 1921:send(): Sent 19 bytes to 192.168.10.254:5555 (0 bytes remaining)

Client:

./pwncat --source-port 5555 --source-addr 192.168.10.254 192.168.10.184 9999 -vvvvv
2022-08-09 13:44:25,266 DEBUG [MainThread] 3396:__init__(): STDOUT isatty: True
2022-08-09 13:44:25,266 DEBUG [MainThread] 3397:__init__(): STDIN  isatty: True
2022-08-09 13:44:25,266 DEBUG [MainThread] 3398:__init__(): STDIN  posix:  False (posix)
2022-08-09 13:44:25,266 DEBUG [MainThread] 1465:create_socket(): Creating (family 10/IPv6, TCP) socket
2022-08-09 13:44:25,266 DEBUG [MainThread] 1485:create_socket(): Disabling IPv4 support on IPv6 socket
2022-08-09 13:44:25,266 DEBUG [MainThread] 1465:create_socket(): Creating (family 2/IPv4, TCP) socket
2022-08-09 13:44:25,267 DEBUG [MainThread] 1414:gethostbyname(): Resolving IPv4 name not required, changing to IPv6: ::ffff:192.168.10.184
2022-08-09 13:44:25,267 DEBUG [MainThread] 1418:gethostbyname(): Resolving IPv4 host not required, already an IP: 192.168.10.184
2022-08-09 13:44:25,267 DEBUG [MainThread] 1636:connect(): Binding specifically to 192.168.10.254:5555
2022-08-09 13:44:25,267 DEBUG [MainThread] 1517:bind(): Binding (family 10/IPv6, TCP) socket to 192.168.10.254:5555
2022-08-09 13:44:25,267 DEBUG [MainThread] 1636:connect(): Binding specifically to 192.168.10.254:5555
2022-08-09 13:44:25,267 DEBUG [MainThread] 1517:bind(): Binding (family 2/IPv4, TCP) socket to 192.168.10.254:5555
2022-08-09 13:44:25,267 DEBUG [MainThread] 1641:connect(): Connecting to 192.168.10.184:9999 (family 2/IPv4, TCP)
2022-08-09 13:44:25,268 DEBUG [MainThread] 1690:connect(): Connected from 192.168.10.254:5555
2022-08-09 13:44:25,269 INFO [MainThread] 1695:connect(): Connected to 192.168.10.184:9999 (family 2/IPv4, TCP)
2022-08-09 13:44:25,269 TRACE [RECV] 4014:run_action(): [RECV] Producer Start
2022-08-09 13:44:25,269 TRACE [STDIN] 4014:run_action(): [STDIN] Producer Start
2022-08-09 13:44:27,023 DEBUG [RECV] 2032:receive(): Received 15 bytes from 192.168.10.184:9999
2022-08-09 13:44:27,023 TRACE [RECV] 2038:receive(): Received: b'echo "__pwn__"\n'
2022-08-09 13:44:27,023 TRACE [RECV] 4016:run_action(): [RECV] Producer received: b'echo "__pwn__"\n'
echo "__pwn__"
2022-08-09 13:44:28,777 DEBUG [RECV] 2032:receive(): Received 26 bytes from 192.168.10.184:9999
2022-08-09 13:44:28,777 TRACE [RECV] 2038:receive(): Received: b'which python3 2>/dev/null\n'
2022-08-09 13:44:28,777 TRACE [RECV] 4016:run_action(): [RECV] Producer received: b'which python3 2>/dev/null\n'
which python3 2>/dev/null
2022-08-09 13:44:30,532 DEBUG [RECV] 2032:receive(): Received 25 bytes from 192.168.10.184:9999
2022-08-09 13:44:30,532 TRACE [RECV] 2038:receive(): Received: b'which python 2>/dev/null\n'
2022-08-09 13:44:30,532 TRACE [RECV] 4016:run_action(): [RECV] Producer received: b'which python 2>/dev/null\n'
which python 2>/dev/null
2022-08-09 13:44:32,288 DEBUG [RECV] 2032:receive(): Received 26 bytes from 192.168.10.184:9999
2022-08-09 13:44:32,288 TRACE [RECV] 2038:receive(): Received: b'which python2 2>/dev/null\n'
2022-08-09 13:44:32,289 TRACE [RECV] 4016:run_action(): [RECV] Producer received: b'which python2 2>/dev/null\n'
which python2 2>/dev/null
2022-08-09 13:44:34,044 DEBUG [RECV] 2032:receive(): Received 28 bytes from 192.168.10.184:9999
2022-08-09 13:44:34,044 TRACE [RECV] 2038:receive(): Received: b'which python2.7 2>/dev/null\n'
2022-08-09 13:44:34,044 TRACE [RECV] 4016:run_action(): [RECV] Producer received: b'which python2.7 2>/dev/null\n'
which python2.7 2>/dev/null
2022-08-09 13:44:35,800 DEBUG [RECV] 2032:receive(): Received 28 bytes from 192.168.10.184:9999
2022-08-09 13:44:35,800 TRACE [RECV] 2038:receive(): Received: b'which python3.5 2>/dev/null\n'
2022-08-09 13:44:35,800 TRACE [RECV] 4016:run_action(): [RECV] Producer received: b'which python3.5 2>/dev/null\n'
which python3.5 2>/dev/null
2022-08-09 13:44:37,556 DEBUG [RECV] 2032:receive(): Received 28 bytes from 192.168.10.184:9999
2022-08-09 13:44:37,556 TRACE [RECV] 2038:receive(): Received: b'which python3.6 2>/dev/null\n'
2022-08-09 13:44:37,556 TRACE [RECV] 4016:run_action(): [RECV] Producer received: b'which python3.6 2>/dev/null\n'
which python3.6 2>/dev/null
2022-08-09 13:44:39,311 DEBUG [RECV] 2032:receive(): Received 28 bytes from 192.168.10.184:9999
2022-08-09 13:44:39,312 TRACE [RECV] 2038:receive(): Received: b'which python3.7 2>/dev/null\n'
2022-08-09 13:44:39,312 TRACE [RECV] 4016:run_action(): [RECV] Producer received: b'which python3.7 2>/dev/null\n'
which python3.7 2>/dev/null
2022-08-09 13:44:41,067 DEBUG [RECV] 2032:receive(): Received 28 bytes from 192.168.10.184:9999
2022-08-09 13:44:41,067 TRACE [RECV] 2038:receive(): Received: b'which python3.8 2>/dev/null\n'
2022-08-09 13:44:41,068 TRACE [RECV] 4016:run_action(): [RECV] Producer received: b'which python3.8 2>/dev/null\n'
which python3.8 2>/dev/null
2022-08-09 13:44:42,823 DEBUG [RECV] 2032:receive(): Received 58 bytes from 192.168.10.184:9999
2022-08-09 13:44:42,823 TRACE [RECV] 2038:receive(): Received: b'test -f /usr/bin/python3 && echo /usr/bin/python3 || echo\n'
2022-08-09 13:44:42,823 TRACE [RECV] 4016:run_action(): [RECV] Producer received: b'test -f /usr/bin/python3 && echo /usr/bin/python3 || echo\n'
test -f /usr/bin/python3 && echo /usr/bin/python3 || echo
2022-08-09 13:44:44,579 DEBUG [RECV] 2032:receive(): Received 56 bytes from 192.168.10.184:9999
2022-08-09 13:44:44,579 TRACE [RECV] 2038:receive(): Received: b'test -f /usr/bin/python && echo /usr/bin/python || echo\n'
2022-08-09 13:44:44,579 TRACE [RECV] 4016:run_action(): [RECV] Producer received: b'test -f /usr/bin/python && echo /usr/bin/python || echo\n'
[...]
2022-08-09 13:49:21,826 DEBUG [RECV] 2032:receive(): Received 82 bytes from 192.168.10.184:9999
2022-08-09 13:49:21,826 TRACE [RECV] 2038:receive(): Received: b'test -f /opt/python3.8/bin/python3.8 && echo /opt/python3.8/bin/python3.8 || echo\n'
2022-08-09 13:49:21,826 TRACE [RECV] 4016:run_action(): [RECV] Producer received: b'test -f /opt/python3.8/bin/python3.8 && echo /opt/python3.8/bin/python3.8 || echo\n'
test -f /opt/python3.8/bin/python3.8 && echo /opt/python3.8/bin/python3.8 || echo
string from client
2022-08-09 13:51:35,685 DEBUG [STDIN] 3435:producer(): Received 19 bytes from STDIN
2022-08-09 13:51:35,685 TRACE [STDIN] 3436:producer(): Received: b'string from client\n'
2022-08-09 13:51:35,686 TRACE [STDIN] 4016:run_action(): [STDIN] Producer received: b'string from client\n'
2022-08-09 13:51:35,686 DEBUG [STDIN] 1898:send(): Trying to send 19 bytes to 192.168.10.184:9999
2022-08-09 13:51:35,686 TRACE [STDIN] 1904:send(): Trying to send: b'string from client\n'
2022-08-09 13:51:35,686 DEBUG [STDIN] 1921:send(): Sent 19 bytes to 192.168.10.184:9999 (0 bytes remaining)
2022-08-09 13:51:49,141 DEBUG [RECV] 2032:receive(): Received 19 bytes from 192.168.10.184:9999
2022-08-09 13:51:49,142 TRACE [RECV] 2038:receive(): Received: b'STRING FROM SERVER\n'
2022-08-09 13:51:49,142 TRACE [RECV] 4016:run_action(): [RECV] Producer received: b'STRING FROM SERVER\n'
STRING FROM SERVER

After iterating through all combinations, pwncat dumps to existing shell (which still echoes content back and forth) because it cannot find python; however, python is definitely installed and this bug persists across linux distros. I'm pretty sure there's something wrong with the client returning remote_command output because the only packets from client to server had null payloads.
@KFDCompiled KFDCompiled added the bug Something isn't working label Aug 9, 2022
@cytopia
Copy link
Owner

cytopia commented Aug 10, 2022

Do you know the version and also the full path of the python version on the remote host?

@KFDCompiled
Copy link
Author

Server:

which python3 && $(which python3) --version
/usr/bin/python3
Python 3.10.5

Client:

which python3 && $(which python3) --version
/usr/bin/python3
Python 3.10.6

@KFDCompiled
Copy link
Author

I'd love to use this, is there anything I can do to help?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cytopia @KFDCompiled