pwncat icon indicating copy to clipboard operation
pwncat copied to clipboard

Published 20 hours ago verified publisher icon calebstewart

Feature: Ability to connect to existing session from another terminal window

Open Ari-Weinberg opened this issue 4 years ago • 2 comments

Feature Description

Currently, all open sessions have to be managed in the terminal windows in which they were created. It would be amazing if the user would be able to start pwncat in another terminal window, and interact with all the current sessions from the first window. For example: a user uses pwncat to get a reverse shell in terminal window A. They then find a SSH key on the victim and use the same instance of pwncat to connect to the host using SSH. Instead of having to switch back and forth between sessions within the same terminal window, the user would then start pwncat in another terminal window and "attach" to the existing instance of pwncat that's already running in order to upload/download/run modules/interact with current sessions, etc.

Thanks so much for an already great program!

Ari-Weinberg avatar Jul 08 '21 22:07 Ari-Weinberg

Can we somehow make use of AF_UNIX socket address family? And use file locks when one instance is interacting with the session. We can create socket files for our listener, e.g.

import fcntl
import os
import socket
import tempfile

# create a socket using AF_UNIX address family
sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)

# create a named temp file to be used as a socket file
sock_file = tempfile.mkstemp(prefix='pwncat-bind')

# bind to the file
sock.bind(sock_file)

# start listening for a connection
sock.listen()

# accept the connection
client, addr = sock.accept()

# turn the socket to non-blocking mode
client.setblocking(False)
fcntl.fcntl(client, fcntl.F_SETFL, os.O_NONBLOCK)

client.send(b"knock knock, get root")

We can then detach the client socket. Is this plausible?

Or we can use parent/child analogy to run a pwncat daemon to control all connections.

Mitul16 avatar Jul 18 '21 13:07 Mitul16

So, fundamentally, yes. You're describing tmux or screen. But, frankly, I don't see this as being a goal for this project at the moment. It would be a lot of work, and a huge overhaul in how the underlying application works.

One could implement this by writing a separate server application which uses the existing API to construct a manager, then opens a UDS and listens for commands over the socket. But that would require it's own API and then a new package to define the Python (or other language) bindings for that API.

calebstewart avatar Jul 18 '21 16:07 calebstewart