shell seems broken

[r00tkillah]

shell commands appears to not work:

dnscat2> windows
0 :: main [active]
  crypto-debug :: Debug window for crypto stuff [*]
  dns1 :: DNS Driver running on 0.0.0.0:53 domains = REDACTED [*]
  1 :: command (r00tkillah-desktop) [encrypted and verified] [*]
dnscat2> window -i 1
New window created: 1
history_size (session) => 1000
Session 1 Security: ENCRYPTED AND VERIFIED!
(the security depends on the strength of your pre-shared secret!)
This is a command session!

That means you can enter a dnscat2 command such as
'ping'! For a full list of clients, try 'help'.

command (r00tkillah-desktop) 1> ping
Ping!
command (r00tkillah-desktop) 1> Pong!
shell
Sent request to execute a shell
command (r00tkillah-desktop) 1> New window created: 2
Shell session created!
window -i 2
New window created: 2
history_size (session) => 1000
Session 2 Security: ENCRYPTED AND VERIFIED!
(the security depends on the strength of your pre-shared secret!)
This is a console session!

That means that anything you type will be sent as-is to the
client, and anything they type will be displayed as-is on the
screen! If the client is executing a command and you don't
see a prompt, try typing 'pwd' or something!

To go back, type ctrl-z.

sh (r00tkillah-desktop) 2> id
sh (r00tkillah-desktop) 2> pwd
sh (r00tkillah-desktop) 2> 

Nothing seems to come back.

Version:

$ git show --oneline HEAD
9dc5f19 Merge pull request #88 from mdp/docker

[asmc]

me too, same result:(, get net packet by wireshark everything is right,and /bin/sh also start at the client side

[asmc]

and have same two line code in the driver_exec.c (line 131,132)

[iagox86]

That's really weird! I'm out of town and really busy at work, but this is high up on my TODO list and I'll check things out.

A pcap, and the output of the client running with --packet-trace and -d and the server running with --packet-trace and --firehose would be helpful. There'll be a lot of output, but it'll help me immensely!

On Tue, Feb 23, 2016 at 12:19 AM, asmc notifications@github.com wrote:

and have same two line code in the driver_exec.c (line 131,132)

— Reply to this email directly or view it on GitHub https://github.com/iagox86/dnscat2/issues/89#issuecomment-187598199.

[r00tkillah]

Logs attached logs.zip

[r00tkillah]

I don't know if this is related, but perusing the code, I see that 9c405f3d added an attribute reader in DriverConsole for the stopped attribute, but there is no other reference in the class to it. Could this be related?

[r00tkillah]

git bisect leads me to think that 91299717acf03441af914ee94312eecbc60fcbd4 broke it

[iagox86]

Sweet, thanks for doing research! I return home on Wednesday, and am going to try and work through the open bugs on the weekend. Thanks for your patience. :)

On Mon, Feb 29, 2016 at 7:05 AM, Hacker, J.R. notifications@github.com wrote:

git bisect leads me to think that 9129971 https://github.com/iagox86/dnscat2/commit/91299717acf03441af914ee94312eecbc60fcbd4 broke it

— Reply to this email directly or view it on GitHub https://github.com/iagox86/dnscat2/issues/89#issuecomment-190249735.

[iagox86]

Sorry for the delay, and thanks for your patience!

You're absolutely right, I can repro no problem. The issue seems to be, as you determined with git bissect, in the changes to select_group.c. In driver_exec.c, the "data just came in from the process!" callback is never happening, and it should be handled by select_group.c code.

I'll figure this out! :)

[iagox86]

This check is the problem in select_group.c:

483     if(SG_IS_ACTIVE(group, i))
484     {
485       if(SG_IS_READY(group, i))
486         FD_SET(SG_SOCKET(group, i), &read_set);
487       else
488         FD_SET(SG_SOCKET(group, i), &write_set);
489
490       FD_SET(SG_SOCKET(group, i), &error_set);
491     }

SG_IS_READY() is never getting set for the socket, because there's no "connect" happening (it becomes READY after a connect).

Now I just have to figure out the best way to fix that. :)