How to make bindshell environment work after dup2(new_sockfd, 0) ?
jiamo opened this issue · comments
In this bindshell https://github.com/deadbits/shells/blob/master/bindshell.c I try to simple replace /bin/bash
to /bin/oh
got unexpected error
. After a little debug. I change to execl(SHELL, "main", "--interactive");
It still can't work.
after I remove err = process.BecomeForegroundGroup()
I still got inappropriate ioctl for device
I want to ask about the question. Is it possible to use oh
in the bindshell
environment after
dup2(new_sockfd, 2);
dup2(new_sockfd, 1);
dup2(new_sockfd, 0);
It is the same situation for https://github.com/LukeDSchenk/go-backdoors/blob/master/bindshell.go the golang version.
Thanks for your interest in oh
. The short answer may be that no it's not possible to use oh
in the bindshell
environment. If you do happen to get it to work I would be interested to hear your solution.
/*
err = process.BecomeForegroundGroup()
if err != nil {
println(err.Error())
return false
}
// We assume the terminal starts in cooked mode.
cooked, err := liner.TerminalMode()
if err != nil {
println(err.Error())
return false
}
// Restore terminal state when we exit.
defer func() {
err := cooked.ApplyMode()
if err != nil {
println(err.Error())
}
}()
*/
cli := liner.NewLiner()
cli.SetCtrlCAborts(true)
/*
uncooked, err := liner.TerminalMode()
if err != nil {
println(err.Error())
return false
}
err = history.Load(cli.ReadHistory)
if err != nil {
println(err.Error())
}
*/
and remove repl
's cooked, uncooked liner.ModeApplier
.
This make the bind shell got the cli.
But make the normal program in error mode after exit the shell.
I wrote my last reply too quickly. I should have said: the short answer may be that no it's not currently possible to use oh
in the bindshell
environment. The easiest solution may be for you to simply use another shell that already does what you want. I don't currently have the time to work through this issue but you are, of course, free to fork oh
and make whatever changes you need to support your use case. You are also, of course, free to submit those changes back (or not). I would be happy to review a PR that adds support for your use case without overly complicating oh
or breaking existing behavior.