search

calebstewart / pwncat

Fancy reverse and bind shell handler
https://pwncat.readthedocs.io
MIT License
2.58k stars 250 forks source link

Network enumeration broken on docker containers that return non-0 return codes #264

Open AnubisSec opened 1 year ago

AnubisSec commented 1 year ago

Bug Description

When enumerating network interfaces, if it's on a docker container, the "ip" command will return a non 0 return code, which will cause no output.

Suggested fix is to remove the check=True from the ip addr command (and also recommend adding an ifconfig option as well :) ), so that the module continues without checking the error code

pwncat version

pwncat-cs --version
0.5.4

Target System (aka "victim")

Ubuntu docker image: 

amd64/ubuntu:20.04

Steps to Reproduce

Steps to reproduce the behavior:

  1. Run docker run --network host -it --rm amd64/ubuntu:20.04 bash
  2. set up pwncat listener: pwncat-cs -lp 4444
  3. catch reverse shell from docker container
  4. try and run run enumerate.system.network in pwncat
  5. on docker container: 5.1. run ip addr 5.2 run echo $? to see non zero return code

Expected Behavior

Expect networking info to be printed

Screenshots

image image
calebstewart commented 1 year ago

There is actually an error in the execution of the ip addr command. It appears there is some weird edge case for the interface where ip can't get the address information for eth0@if12. It's possible the ip -json output could still be readable in that case, but I'm not sure if that switch is widely available across ip versions. We can't reliably parse the output of ip if there's an error, though.

I can't reproduce this on a local instance of amd64/ubuntu:20.04 though. It looks like you have some odd network configuration. Can you post the output of ip -json addr to see if there is usable output with that switch enabled.