Comments (7)
I've just tried using a docker CentOS image and the command worked fine.
One thing you can try is to use the !dbg
command after you've logged into the machine. It will show you the currently expected command prompt, which in your example should be "$ ". if it's not, then the next command is likely to freeze.
Also, what OS are you using locally?
from ffm.
Locally, I'm using a debian unstable (buster/sid)
The command !dbg
shows me my prompt ...
from ffm.
I'll try setting up a Debian unstable VM to try it out.
One last thing you can try is launch ffm.py
with the --debug-input
and/or --debug-output
options to try and see if there is a problem with the data sent/received.
from ffm.
This is kind of the same result.
I have no output or input when I launch the !upload
command.
$ ./ffm.py --debug-output --debug-input
███████╗███████╗███╗ ███╗ ██████╗ ██╗ ██╗
██╔════╝██╔════╝████╗ ████║ ██╔══██╗╚██╗ ██╔╝
█████╗ █████╗ ██╔████╔██║ ██████╔╝ ╚████╔╝
██╔══╝ ██╔══╝ ██║╚██╔╝██║ ██╔═══╝ ╚██╔╝
██║ ██║ ██║ ╚═╝ ██║██╗██║ ██║
╚═╝ ╚═╝ ╚═╝ ╚═╝╚═╝╚═╝ ╚═╝
FFM enabled. Type !list to see available commands and exit to quit.
1B 5D 30 3B 6E 62 65 67 75 69 65 72 40 70 61 72 2D 50 46 30 54 31 35 59 4B 3A 20 7E 2F 77 6F 72 6B 73 70 61 63 65 2F 73 65 63 75 72 69 74 79 2F 46 46 4D 07 1B 5B 30 31 3B 33 32 6D 6E 62 65 67 75 69 65 72 40 70 61 72 2D 50 46 30 54 31 35 59 4B 1B 5B 30 30 6D 3A 5B 6D 61 73 74 65 72 5D 1B 5B 30 31 3B 33 34 6D 7E 2F 77 6F 72 6B 73 70 61 63 65 2F 73 65 63 75 72 69 74 79 2F 46 46 4D 1B 5B 30 30 6D 24 20
$ 0D
1B 5D 30 3B 6E 62 65 67 75 69 65 72 40 70 61 72 2D 50 46 30 54 31 35 59 4B 3A 20 7E 2F 77 6F 72 6B 73 70 61 63 65 2F 73 65 63 75 72 69 74 79 2F 46 46 4D 07 1B 5B 30 31 3B 33 32 6D 6E 62 65 67 75 69 65 72 40 70 61 72 2D 50 46 30 54 31 35 59 4B 1B 5B 30 30 6D 3A 5B 6D 61 73 74 65 72 5D 1B 5B 30 31 3B 33 34 6D 7E 2F 77 6F 72 6B 73 70 61 63 65 2F 73 65 63 75 72 69 74 79 2F 46 46 4D 1B 5B 30 30 6D 24 20
$ 0D
1B 5D 30 3B 6E 62 65 67 75 69 65 72 40 70 61 72 2D 50 46 30 54 31 35 59 4B 3A 20 7E 2F 77 6F 72 6B 73 70 61 63 65 2F 73 65 63 75 72 69 74 79 2F 46 46 4D 07 1B 5B 30 31 3B 33 32 6D 6E 62 65 67 75 69 65 72 40 70 61 72 2D 50 46 30 54 31 35 59 4B 1B 5B 30 30 6D 3A 5B 6D 61 73 74 65 72 5D 1B 5B 30 31 3B 33 34 6D 7E 2F 77 6F 72 6B 73 70 61 63 65 2F 73 65 63 75 72 69 74 79 2F 46 46 4D 1B 5B 30 30 6D 24 20
$ 6E n63 c20 31 137 732 22E .31 138 82E .30 02E .32 220 37 737 737 737 720 21 !62 b79 y70 p61 a73 s73 s0D
1B 5D 30 3B 6E 62 65 67 75 69 65 72 40 70 61 72 2D 50 46 30 54 31 35 59 4B 3A 20 7E 2F 77 6F 72 6B 73 70 61 63 65 2F 73 65 63 75 72 69 74 79 2F 46 46 4D 07 1B 5B 30 31 3B 33 32 6D 6E 62 65 67 75 69 65 72 40 70 61 72 2D 50 46 30 54 31 35 59 4B 1B 5B 30 30 6D 3A 5B 6D 61 73 74 65 72 5D 1B 5B 30 31 3B 33 34 6D 7E 2F 77 6F 72 6B 73 70 61 63 65 2F 73 65 63 75 72 69 74 79 2F 46 46 4D 1B 5B 30 30 6D 24 20
$ nc 172.18.0.2 7777 !bypass0D
0D
0D
0D
0D
21 !75 u70 p6C l6F o61 a64 d0D
Usage: !upload [local file] [remote destination]
Received 1 argument(s), expected 3.
$ 0D
0D
0D
0D
21 !75 u70 p6C l6F o61 a64 d20 66 f66 f6D m2E .70 p79 y20 74 t65 e73 s74 t2E .70 p79 y0D
<FREEZE>
from ffm.
Well I'm stumped. What terminal are you using? I'm running terminator
, could that be it? I find it very unusual that your command prompt is a simple dollar sign with a standard Debian distribution.
Let's try displaying exactly what command is passed to the shell on your machine. Can you add this line:
write_str("echo \"%s\" |base64 -d |gunzip >> %s" % (b64.decode("ascii"), self.destination), LogLevel.ERROR)
...between lines 70 and 71 of upload_file.py
? Also try running the same command manually, without the harness and see what happens.
from ffm.
FWIW, the same thing occurs with the !py command in some cases (if the python script takes a few seconds to run it seems - for example, your nojail.py script with no arguments (so it detects IP from SSH env vars)).
from ffm.
The last commits have solved several harness freeze causes. Let me know if it improves the situation for any of you!
from ffm.
Related Issues (12)
- More opsec stuff... HOT 1
- hi,is the function performe normal? HOT 1
- echo -n end_marker being printed to stdout HOT 3
- TypeError: Can't instantiate abstract class RunShScript with abstract method _get_output_cleaner HOT 1
- Terminal hangs after !elf or !elf3 module is run successfully HOT 1
- Better way to pop a TTY HOT 1
- SSH automatically adding "-T" not firing/working. HOT 1
- Feature Request: Client Side Logging HOT 2
- Bug: False Positive/missing check on "username not specified" SSH protection
- Feature Request: Block SSH from sending a default SSH key HOT 1
- Feature Request: !sh / local shell script in-memory on remote HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ffm.