search

calebstewart / pwncat

Fancy reverse and bind shell handler
https://pwncat.readthedocs.io
MIT License
2.59k stars 252 forks source link

Pwncat broken on Parrot OS #201

Closed mgeddert closed 2 years ago

mgeddert commented 2 years ago

Bug Description

On Parrot OS any attempt to create a listener fails, regardless if the python interpreter shipped with the distribution (3.9.2) or a fresh compiled latest version (3.9.7) is used.

pwncat fails to bind to any port with:

connection failed: generic channel failure

...then drops you into your local pwncat shell.

pwncat version

Provide the output of pwncat --version or a commit hash if working from a development branch.

$ pwncat --version
0.4.3

Sorry I really gotta learn Markdown !

calebstewart commented 2 years ago

From our E-mail conversation, you mentioned that you use the following command:

pwncat -m windows -l 4444

However, this is not exactly correct. The command your looking for is:

# You need to tell pwncat you are specifying a port number
pwncat -m windows -lp 4444
# The equivalent command with long-form options is this
pwncat --platform windows --listen --port 9999

The reason it is failing is that the first positional argument is assumed to be a connection string. The port number is intended to be an argument to the --port option, but in the absence of --port, it is treated as a positional argument instead.

Looking back at the documentation, it appears there's a typo here. image

I'll write up a fix for the documentation later this evening. Also, I'll look into making that error message a little more helpful. Thanks for reporting!

Sorry I really gotta learn Markdown !

No problem at all! Thanks for making the effort :smiley:

mgeddert commented 2 years ago

😲 wow I‘ll get out of bed and test !

Am 20.09.2021 um 20:23 schrieb Caleb Stewart @.***>:

 From our E-mail conversation, you mentioned that you use the following command:

pwncat -m windows -l 4444 However, this is not exactly correct. The command your looking for is:

You need to tell pwncat you are specifying a port number

pwncat -m windows -lp 4444

The equivalent command with long-form options is this

pwncat --platform windows --listen --port 9999 The reason it is failing is that the first positional argument is assumed to be a connection string. The port number is intended to be an argument to the --port option, but in the absence of --port, it is treated as a positional argument instead.

Looking back at the documentation, it appears there's a typo here.

I'll write up a fix for the documentation later this evening. Also, I'll look into making that error message a little more helpful. Thanks for reporting!

Sorry I really gotta learn Markdown !

No problem at all! Thanks for making the effort 😃

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or unsubscribe.

mgeddert commented 2 years ago

Yes ! Yes ! Wonderful !

Good Night for Now, Michael

Am 20.09.2021 um 20:23 schrieb Caleb Stewart @.***>:

 From our E-mail conversation, you mentioned that you use the following command:

pwncat -m windows -l 4444 However, this is not exactly correct. The command your looking for is:

You need to tell pwncat you are specifying a port number

pwncat -m windows -lp 4444

The equivalent command with long-form options is this

pwncat --platform windows --listen --port 9999 The reason it is failing is that the first positional argument is assumed to be a connection string. The port number is intended to be an argument to the --port option, but in the absence of --port, it is treated as a positional argument instead.

Looking back at the documentation, it appears there's a typo here.

I'll write up a fix for the documentation later this evening. Also, I'll look into making that error message a little more helpful. Thanks for reporting!

Sorry I really gotta learn Markdown !

No problem at all! Thanks for making the effort 😃

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or unsubscribe.

mgeddert commented 2 years ago

Thanks a lot ! That really helped ! When I connect with a windows machine I get a

windows.enumerate.domain: usr/local/master/lib/python3.9/dist-packages/pwncat/data/PowerSploit/Recon/Get-ComputerDetail.ps1: psmodule not found

I guess that is in the C2 Assembly, right ? Also "sessions" gives me a traceback....Hmm I'll keep trying. I'll have to play and roadtest a lot with pwncat.

Cheers, Michael

Am Di., 21. Sept. 2021 um 07:56 Uhr schrieb Caleb Stewart < @.***>:

Closed #201 https://github.com/calebstewart/pwncat/issues/201 via #202 https://github.com/calebstewart/pwncat/pull/202.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/calebstewart/pwncat/issues/201#event-5332941740, or unsubscribe https://github.com/notifications/unsubscribe-auth/AVSW4ND2HJYUXDKJLOWE3UDUDANAFANCNFSM5EMQNKTA .

mgeddert commented 2 years ago

Hmm this was on a box with Trendmicro, S1 and CB. Let me find a more innocent box and try again.

Michael Geddert @.***> schrieb am Di. 21. Sept. 2021 um 11:10:

Thanks a lot ! That really helped ! When I connect with a windows machine I get a

windows.enumerate.domain: usr/local/master/lib/python3.9/dist-packages/pwncat/data/PowerSploit/Recon/Get-ComputerDetail.ps1: psmodule not found

I guess that is in the C2 Assembly, right ? Also "sessions" gives me a traceback....Hmm I'll keep trying. I'll have to play and roadtest a lot with pwncat.

Cheers, Michael

Am Di., 21. Sept. 2021 um 07:56 Uhr schrieb Caleb Stewart < @.***>:

Closed #201 https://github.com/calebstewart/pwncat/issues/201 via #202 https://github.com/calebstewart/pwncat/pull/202.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/calebstewart/pwncat/issues/201#event-5332941740, or unsubscribe https://github.com/notifications/unsubscribe-auth/AVSW4ND2HJYUXDKJLOWE3UDUDANAFANCNFSM5EMQNKTA .

Mitul16 commented 2 years ago

@mgeddert

removed suggestion (incorrect) > windows.enumerate.domain: usr/local/master/lib/python3.9/dist-packages/pwncat/data/PowerSploit/Recon/Get-ComputerDetail.ps1: psmodule not found You can `Pre-download all Windows builtin plugins` using `pwncat --download-plugins`

I guess that is in the C2 Assembly, right ? Also "sessions" gives me a traceback....Hmm I'll keep trying. I'll have to play and roadtest a lot with pwncat.

Could you please elaborate on this? What kind of Error did you receive?

mgeddert commented 2 years ago

I have downloaded the plugins several times.

I‘ll test tomorrow with a fresh box….

Am 21.09.2021 um 23:00 schrieb Mitul Varshney @.***>:

 @mgeddert

windows.enumerate.domain: usr/local/master/lib/python3.9/dist-packages/pwncat/data/PowerSploit/Recon/Get-ComputerDetail.ps1: psmodule not found

You can Pre-download all Windows builtin plugins using pwncat --download-plugins

I guess that is in the C2 Assembly, right ? Also "sessions" gives me a traceback....Hmm I'll keep trying. I'll have to play and roadtest a lot with pwncat.

Could you please elaborate on this? What kind of Error did you receive?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or unsubscribe.

mgeddert commented 2 years ago

Right after the victim connects, when the listener screen should change and give me a list of sessions i get a traceback. Right before that it prints the msg about the missing module. I‘ll have a traceback and maybe even a screen capture for you tomorrow.

Transcribed from the Nether

Am 21.09.2021 um 23:54 schrieb Michael Geddert @.***>:

I have downloaded the plugins several times.

I‘ll test tomorrow with a fresh box….

Am 21.09.2021 um 23:00 schrieb Mitul Varshney @.***>:

 @mgeddert

windows.enumerate.domain: usr/local/master/lib/python3.9/dist-packages/pwncat/data/PowerSploit/Recon/Get-ComputerDetail.ps1: psmodule not found

You can Pre-download all Windows builtin plugins using pwncat --download-plugins

I guess that is in the C2 Assembly, right ? Also "sessions" gives me a traceback....Hmm I'll keep trying. I'll have to play and roadtest a lot with pwncat.

Could you please elaborate on this? What kind of Error did you receive?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or unsubscribe.

calebstewart commented 2 years ago

That error isn't from the plugins. PowerSploit should be included in the installed Python module. I don't know why it wouldn't have been installed with pwncat. I can't really help diagnose without a copy of the output including the traceback, which you mentioned you'll have tomorrow.

To be clear, the plugins are .dll files which are loaded differently. PowerShell files are not "plugins," but can be side loaded directly, and those scripts specifically should be bundled with the installation of pwncat.

mgeddert commented 2 years ago

I was rerouted to install new switches onsite, no pwncat playtime today. Tomorrow for sure.

Regards

Am 21.09.2021 um 11:10 schrieb Michael Geddert @.***>:

 Thanks a lot ! That really helped ! When I connect with a windows machine I get a

windows.enumerate.domain: usr/local/master/lib/python3.9/dist-packages/pwncat/data/PowerSploit/Recon/Get-ComputerDetail.ps1: psmodule not found

I guess that is in the C2 Assembly, right ? Also "sessions" gives me a traceback....Hmm I'll keep trying. I'll have to play and roadtest a lot with pwncat.

Cheers, Michael

Am Di., 21. Sept. 2021 um 07:56 Uhr schrieb Caleb Stewart @.***>: Closed #201 via #202.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or unsubscribe.