I am currently helping my university's cyber security program by creating a simple Capture the Flag style python script to be used for the final exam. I created the script and everything is working great when run natively on Windows. The issue that I am having is that since the course is dealing with ethical hacking, many of the students will be accessing the Windows machine via a reverse shell or meterpreter on their local Kali linux machine. When I try to run the script through the meterpreter or reverse shell, I am having an EOF error as soon as my script asks for input, without waitingfor a user to type.
I tried to recreate a simple script in order to demonstrate the issue:
test.py:
print "This is a test"
answer = raw_input("Type anything")
print answer
When I run the command through the meterpreter or reverse shell, the output is as follows
> test.py
This is a test
Type anythingTraceback (most recent call last):
File "test.py", line 2, in <module>
answer = raw_input("Type anything")
EOFError: EOF when reading a line
I have tried this with both input and raw_input and both have the same EOFError. I've tried searching through similar posts, but none seem to address the issue.
My belief is that the reverse shell or meterpreter are causing the issue, but I can not find any information on how to remotely execute a python script on the target machine while using the meterpreter or reverse shell.
I appreciate any help or insight, as I am honestly quite stumped!
Related
A formely working bash script no longer works after switching computers. I get the following error:
No such file or directory.
Before going on, please excuse any mistakes you may find since english is not my native language.
The script was used in cygwin under Windows XP. I now had to switch to cygwin64 under Windwos 7 (64bit).
The script is used as a checkhandler for the program SMSTools3 to split a file with a specific format into multiple smaller ones, which the program then uses to send SMS to multiple recipients. The script was copied directly from the page of SMSTools3 and uses the package formail.
After looking up the error the most likely problem was that the environmantle path was not set up to look in the right path (/usr/bin). I therefore added it to the path but to no avail.
I then deleted other entries in the enviromental path of windows which contained spaces because that could have been another explanation, but again to no avail.
Following is a minimal example of the code which produces the error.
#!/bin/bash
# Sample script to allow multiple recipients in one message file.
# Define this script as a checkhandler.
echo $PATH
which formail
outgoing="/var/spool/sms/outgoing"
recipients=`formail -zx "To:" < "$1"`
I added the lines the lines echo $Path and which formail to show if the script can find the correct file. Both results look fine, the second command gives me the right output '/usr/bin/formail'
But the line recipients=... throws me the error:
No such file or directory.
I do not have much experience with bash scripting, or cygwin in general. So if someone on this wonderful board could help me solve this problem, I would be really grateful. Thank you all for your help.
EDIT:
First of all thank you all for your comments.
Secondly, I would like to apologize for the late reply. The computer in question is also used for other purposes and my problem is part of a background routine, so I have to wait for "free time" on the pc to test things.
For the things #shellter pruposed: The ls command returned an error: '': No such file or directory.
The which -a formail as well as the echo $(which -a formail) commands that #DougHenderson pruposed returned the 'right' path of /usr/bin/formail. echo \$1 = $1 before the recipent line returned the path to the checkhandler file (/usr/local/bin/smsd_checkhandler.sh), the same command after the recipent line seems to show a empty string ($1 = ). Also, the pruposed change to the recipent line did not change the error.
For the dos2unix conversion that #DennisWilliamson pruposed, I opened the file in notepad++ to use their build in converion, but it showed me that the file is in unix format with Unix style line endings.
I am starting my service running on a Raspberry Pi 2 (Raspbian) using a command in rc.local which looks like this:
python3.4 /home/pi/SwitchService/ServiceStart.py >/home/pi/SwitchService/log &
python3.4 /home/pi/test.py >/home/pi/log2 &
For some reason I don't see any text in the log file of my service although the script prints to stdout.
the two scripts look like this:
test.py
print("Test")
ServiceStart.py
from Server import Server
print("Test")
if __name__ == "__main__":
server = Server()
Because I couldn't get the bash solution to work I tried this other solution whether that works for me. It behaves exactly the same like the bash based method. So my service writes nothing to the log file although the empty file is created.
First, make sure that your script is actually running. Many schedulers and startup routines don't have PATH set, so it may not be finding python3.4. Try modifying the command to include the full path (e.g. /full/path/python3.4).
Secondly, it's not recommended to include long running scripts in rc.local without running them in the background (the documentation even states this). The Raspberry Pi waits for the commands to finish before continuing to boot, so if it runs forever, your Raspberry Pi may never finish booting.
Lastly, assuming the previous two issues have been taken care of, make sure that your program isn't buffering output too aggressively. You can try flushing stdout to see if that helps.
I'm running exercise 14 of Learn Ruby the Hard Way. If I run the script in cmd it works fine, but I've been using Cygwin because it's nicer. When I run it in cygwin using this command:
ruby ex14.rb Devon
I get the following output
test
one
two
Hi Devon, I'm the ex14.rb script.
I'd like to ask you a few questions.
Do you like me Devon?
> Where do you live Devon?
> What kind of computer do you have?
> Alright, so you said test about liking me.
You live in one. Not sure where that is.
And you have a two computer. Nice.
That is to say, the program starts and immediately runs the three STDIN.gets.chomp() commands, and once it gets through those it puts and prints everything at once.
Is there a way to fix this behaviour? I would obviously want to have the lines run in the order they are written. I was unsure what to google for this type of error - combinations of "cygwin", "ruby", "puts output delayed" and "gets out of order" returned nothing relevant. Those search terms seem to vague anyway.
What exactly is going on, and is there a solution?
I think it is all to do with the CR LF differences between dos and unix.
try this...
set -o igncr
before running your script.
There are a lot of tips (and warnings) on here for obfuscating various items within scripts.
I'm not trying to hide a password, I'm just wondering if I can obfuscate an actuall command within the script to defeat the casual user/grepper.
Background: We have a piece of software that helps manage machines within the environment. These machines are owned by the enterprise. The users sometimes get it in their heads that this computer is theirs and they don't want "The Man" looking over their shoulders.
I've developed a little something that will check to see if a certain process is running, and if not, clone it up and replace.
Again, the purpose of this is not to defeat anyone other than the casual user.
It was suggested that one could echo an octal value (the 'obfuscated' command) and use it as a variable within the script. e.g.:
strongBad=`echo "\0150\0157\0163\0164\0156\0141\0155\0145"`
I could then use $strongBad within the shell script to slyly call the commands that I wanted to call with arguments?
/bin/$strongBad -doThatThingYouDo -DoEEET
Is there any truth to this? So far it's worked via command line directly into shell (using the -e flag with echo) but not so much within the script. I'm getting unexpected output, perhaps the way I'm using it?
As a test, try this in the command line:
strongBad=`echo -e "\0167\0150\0157"`
And then
$strongBad
You should get the same output as "who".
EDIT
Upon further review, the addition of the path to the echo command in the variable is breaking it. Perhaps that's the source of my issue.
You can do a rotate 13 on any command you want hidden beforehand, then just have the the obfuscated command in the shell script.
This little bash script:
#!/bin/bash
function rot13 {
echo "$#" | tr '[a-m][n-z][A-M][N-Z]' '[n-z][a-m][N-Z][A-M]'
}
rot13 echo hello, world!
`rot13 rpub uryyb, jbeyq!`
Produces:
rpub uryyb, jbeyq!
hello, world!
The headline should pretty much say it all. I'm using windows 7, installed cygwin, set it up, created a .rb-File which looks like this:
print "Test"
(Impressive stuff, eh?)
Now, using Cygwin, I want to execute it, I tried
chmod +x ruby.rb
afterwards
./ruby.rb
The following message comes up:
Unable to initialize device PRN
Any ideas?
Thanks!
You forgot the "she-bang" line. Without it it will be interpreted as a bash script, not a ruby script.
The print command that bash finds is Window's print.exe, which wants to print to a physical priner, rather than print to the screen.
Add "#!/usr/bin/env ruby" as the first line of the file.