How to make bindshell environment work after dup2(new_sockfd, 0) ?

Question

How to make bindshell environment work after dup2(new_sockfd, 0) ?

jiamo opened this issue a year ago · comments

In this bindshell https://github.com/deadbits/shells/blob/master/bindshell.c I try to simple replace /bin/bash to /bin/oh
got unexpected error. After a little debug. I change to execl(SHELL, "main", "--interactive");
It still can't work.

after I remove err = process.BecomeForegroundGroup()
I still got inappropriate ioctl for device
I want to ask about the question. Is it possible to use oh in the bindshell environment after

        dup2(new_sockfd, 2);
        dup2(new_sockfd, 1);
        dup2(new_sockfd, 0);

Jiamo · Answer 1 · Fri Dec 30 2022 10:53:29 GMT+0800 (China Standard Time)

It is the same situation for https://github.com/LukeDSchenk/go-backdoors/blob/master/bindshell.go the golang version.

Michael MacInnis · Answer 2 · Fri Dec 30 2022 12:21:12 GMT+0800 (China Standard Time)

Thanks for your interest in oh. The short answer may be that no it's not possible to use oh in the bindshell environment. If you do happen to get it to work I would be interested to hear your solution.

Jiamo · Answer 3 · Sat Dec 31 2022 16:35:17 GMT+0800 (China Standard Time)

/*
        err = process.BecomeForegroundGroup()
        if err != nil {
                println(err.Error())

                return false
        }
        // We assume the terminal starts in cooked mode.
        cooked, err := liner.TerminalMode()
        if err != nil {
                println(err.Error())

                return false
        }
        // Restore terminal state when we exit.
        defer func() {
                err := cooked.ApplyMode()
                if err != nil {
                        println(err.Error())
                }
        }()
*/
        cli := liner.NewLiner()

        cli.SetCtrlCAborts(true)
/*
        uncooked, err := liner.TerminalMode()
        if err != nil {
                println(err.Error())

                return false
        }

        err = history.Load(cli.ReadHistory)
        if err != nil {
                println(err.Error())
        }
*/

and remove repl 's cooked, uncooked liner.ModeApplier.

This make the bind shell got the cli.
But make the normal program in error mode after exit the shell.

Michael MacInnis · Answer 4 · Sun Jan 01 2023 00:20:14 GMT+0800 (China Standard Time)

I wrote my last reply too quickly. I should have said: the short answer may be that no it's not currently possible to use oh in the bindshell environment. The easiest solution may be for you to simply use another shell that already does what you want. I don't currently have the time to work through this issue but you are, of course, free to fork oh and make whatever changes you need to support your use case. You are also, of course, free to submit those changes back (or not). I would be happy to review a PR that adds support for your use case without overly complicating oh or breaking existing behavior.