0

I need some help on C program - it is a reverse shell (https://github.com/arturgontijo/remoteShell/blob/master/reverseShell.c) I made few changes, like put that all in a loop and some sleep pattern + put some argument to pass directly IP and PORT now that thing works very good it's stable (problem that cannot autocomplete stuff with TAB I don't really care) BUT what I really care is that this thing will break if on target machine I press CTRL+C the program just exits itself. Now I used this example to block CTRL+C calls:

/* Signal Handler for SIGINT */
void sigintHandler(int sig_num) 
{ 
    /* Reset handler to catch SIGINT next time. 
       Refer http://en.cppreference.com/w/c/program/signal */
    signal(SIGINT, sigintHandler); 
    printf("\n Cannot be terminated using Ctrl+C \n"); 
    fflush(stdout); 
} 

signal(SIGINT, sigintHandler);

I got this example online and put it on my loop as well, but still from client pressing ctrl+C breaks program. I wonder dup2() is responsible for that or something because on simple C program this actually worked fine.

Miroslav Glamuzina
  • 4,472
  • 2
  • 19
  • 33
BufferInterflow
  • 1
  • 2
  • 1
    That portion of code looks OK. Can you provide a complete example? – brunorey Jan 24 '19 at 18:00
  • 1
    ^ Hi - code looks like this: https://imgur.com/a/oKf5aP4 – BufferInterflow Jan 24 '19 at 18:08
  • 1
    You can not make arbitrary function calls from within a signal handler. [Footnote 188 of the C Standard](https://port70.net/~nsz/c/c11/n1570.html#note188) even states "Thus, a signal handler cannot, in general, call standard library functions." [POSIX allows for the calling of only async-signal-safe functions](http://pubs.opengroup.org/onlinepubs/9699919799/functions/V2_chap02.html#tag_15_04_03). Note that `printf()` and `fflush()` are **not** async-signal-safe. Your online source where you got that code is a bad source. – Andrew Henle Jan 24 '19 at 18:48
  • adding to andrew's comment, `write` is async-signal-safe and if the file descriptor written to is line buffered or unbuffered there is no need for a flush: `char m[] = "hi\n"; write(stdout, m, sizeof(m));` – Andreas Jan 24 '19 at 19:01

1 Answers1

1

You can use the sigetops family of functions to manipulate the signals sent into your application.

So for your example you could use:

#include <signal.h>
#include <unistd.h>

int main(int argc, char **argv)
{
    sigset_t block_set;

    sigemptyset(&block_set);

    sigaddset(&block_set, SIGINT);

    sigprocmask(SIG_BLOCK, &block_set, NULL);

    while(1) {
        sleep(1);
    }
}

Running Example: https://repl.it/repls/RelevantImaginarySearchservice

You can unblock the signal at a later time by calling

sigprocmask(SIG_UNBLOCK, &block_set, NULL);
Chris Frank
  • 4,124
  • 4
  • 30
  • 42