pwncat icon indicating copy to clipboard operation
pwncat copied to clipboard

Published 20 hours ago verified publisher icon cytopia

UDP mode not working in background on GNU/Linux

Open talau opened this issue 3 years ago • 8 comments

Hi there,

When running the pwncat with option -u (for UDP mode) it does not work in background on GNU/Linux.

Example:

$ ./bin/pwncat -u -l 127.0.0.1 9999 & [1]+ Stopped ./bin/pwncat -u -l 127.0.0.1 9999

A few seconds after starting it stops listening on the specified UDP port.

Best Regards, mt

talau avatar Nov 01 '22 18:11 talau

It does work on my machine. Can you try to do the same in foreground and see if it somehow quits?

cytopia avatar Nov 01 '22 18:11 cytopia

Hmm. In foreground it works. I tried it with Python versions 2.7.18, 3.9.2, and 3.10.8, and it does not work in background.

More info: I tried on Debian Stable (bullseye) and with Debian Unstable. Running it with nohup (nohup ./bin/pwncat -u -l 127.0.0.1 9999) it shows these exceptions: ------------------------------------>8------------------------------------

Exception in thread STDIN:
Traceback (most recent call last):
  File "/usr/lib/python3.10/threading.py", line 1016, in _bootstrap_inner
    self.run()
  File "/usr/lib/python3.10/threading.py", line 953, in run
    self._target(*self._args, **self._kwargs)
  File "/git/waiting/pwncat/pwncat/./bin/pwncat", line 4015, in run_action
    for data in producer.function(*producer.args, **producer.kwargs):
  File "/git/waiting/pwncat/pwncat/./bin/pwncat", line 3423, in producer
    data = self.__read_stdin()
  File "/git/waiting/pwncat/pwncat/./bin/pwncat", line 3539, in __read_stdin
    return sys.stdin.buffer.readline()
OSError: [Errno 9] Bad file descriptor
/git/waiting/pwncat/pwncat/./bin/pwncat:4210: DeprecationWarning: getName() is deprecated, get the name attribute instead
  self.__threads[key].getName(),
/git/waiting/pwncat/pwncat/./bin/pwncat:4216: DeprecationWarning: getName() is deprecated, get the name attribute instead
  "Joining %s", self.__threads[key].getName()
/git/waiting/pwncat/pwncat/./bin/pwncat:4222: DeprecationWarning: getName() is deprecated, get the name attribute instead
  "Joined %s", self.__threads[key].getName()
Exception in thread RECV:
Traceback (most recent call last):
  File "/git/waiting/pwncat/pwncat/./bin/pwncat", line 2841, in producer
    yield self.__net.receive()
  File "/git/waiting/pwncat/pwncat/./bin/pwncat", line 1967, in receive
    raise socket.timeout("timed out")  # type: ignore
TimeoutError: timed out

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3.10/threading.py", line 1016, in _bootstrap_inner
    self.run()
  File "/usr/lib/python3.10/threading.py", line 953, in run
    self._target(*self._args, **self._kwargs)
  File "/git/waiting/pwncat/pwncat/./bin/pwncat", line 4015, in run_action
    for data in producer.function(*producer.args, **producer.kwargs):
  File "/git/waiting/pwncat/pwncat/./bin/pwncat", line 2849, in producer
    self.__net.send_eof()
  File "/git/waiting/pwncat/pwncat/./bin/pwncat", line 1860, in send_eof
    self.__sock.shutdown_send(self.__active["conn"], "conn")
KeyError: 'conn'

------------------------------------8<------------------------------------

Just to let you know, I'm working on Debian packaging [1] of pwncat, and I discovered this issue during the creation of CI tests. [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015173

talau avatar Nov 01 '22 20:11 talau

Thanks for the details :+1:, I will look into this

cytopia avatar Nov 01 '22 23:11 cytopia

@talau

The issue seems to be the stdin file descriptor, when it is not attached to a terminal anymore:

  File "/git/waiting/pwncat/pwncat/./bin/pwncat", line 3539, in __read_stdin
    return sys.stdin.buffer.readline()
OSError: [Errno 9] Bad file descriptor

This happens both in TCP and also UDP mode as it is not connected to any mode. It is trying to read from stdin, but stdin does not exist.

It can therefore (atm) not put into background mode. I will need to do a little digging if this is possible somehow.

cytopia avatar Nov 02 '22 18:11 cytopia

I can reproduce it with a very simple script:

test.py:

import sys

print(sys.stdin.readline())

And then run it with nohup:

$ nohup python test.py

$ cat nohup.out
Traceback (most recent call last):
  File "test.py", line 3, in <module>
    print(sys.stdin.readline())
IOError: [Errno 9] Bad file descriptor

cytopia avatar Nov 02 '22 18:11 cytopia

What you can do for now is the following command for a server:

TCP

nohup ./pwncat  -l --no-shutdown 127.0.0.1 9998  > log.log 2>&1

UDP

nohup ./pwncat  -l --no-shutdown -u 127.0.0.1 9998  > log.log 2>&1

cytopia avatar Nov 02 '22 18:11 cytopia

@talau

The issue seems to be the stdin file descriptor, when it is not attached to a terminal anymore:

  File "/git/waiting/pwncat/pwncat/./bin/pwncat", line 3539, in __read_stdin
    return sys.stdin.buffer.readline()
OSError: [Errno 9] Bad file descriptor

This happens both in TCP and also UDP mode as it is not connected to any mode. It is trying to read from stdin, but stdin does not exist.

It can therefore (atm) not put into background mode. I will need to do a little digging if this is possible somehow.

@cytopia For me, the problem occurs only in UDP mode, TCP runs OK in background mode. i.e: python3 ./bin/pwncat -l 127.0.0.1 9999 & (works fine)

talau avatar Nov 02 '22 20:11 talau

@cytopia Hi there! Any news about this issue?

talau avatar Dec 13 '22 14:12 talau