pwncat
pwncat copied to clipboard
Windows 10 Reverse Shell Fails to be Established
Bug Description
pwncat terminates with the error connection failed: channel receive timed out: b''
a few seconds after receiving a connection from a Windows 10 reverse shell
pwncat version
$ pwncat --version
0.4.3
Target System (aka "victim")
The system in question is "Algernon" from Offensive Security Proving Grounds
Steps to Reproduce
-
- Run exploit for RCE vulnerability in SmarterMail: https://www.exploit-db.com/exploits/49216
-
Expected Behavior
pwncat should establish a fully-interactive (Windows) reverse shell
Screenshots
As shown in the following screenshot, netcat successfully receives the reverse powershell shell.
I'm getting the same issue with powershell one-liner
Windows support is currently in a... precarious state... pwncat
utilized a staged C2 which is currently to disk. Windows Defender has a detection specifically for pwncat
and blocks it from executing, which is my initial thought when I see problems like this.
There could also be other issues. For example, many Windows shell implementations do not actually provide full STDIO access for the shell. A lot of them line buffer the IO, which will break pwncat
when it tries to spawn the C2 (assuming that the C2 isn't blocked by Defender).
I need to revisit the Windows implementation within pwncat soon, but haven't had the time.
ah cool, well maybe there is no need for that staged C2, I though I could just use pwncat to handle multiple nc sessions, since there isn't any good tools for that afaik
I am having the same issue. Any chance of solving this issue soon?
In some situation, certain payload from revshells.com
won't work, but payload from msfvenom
will work.
Therefore, I suggest you to try generate payload using msfvenom
(you can use hta-psh
to get base64 powershell payload).