Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Windows 10 Reverse Shell Fails to be Established

See original GitHub issue

Bug Description

pwncat terminates with the error connection failed: channel receive timed out: b'' a few seconds after receiving a connection from a Windows 10 reverse shell

pwncat version

$ pwncat --version
0.4.3

Target System (aka “victim”)

The system in question is “Algernon” from Offensive Security Proving Grounds

Steps to Reproduce

Run exploit for RCE vulnerability in SmarterMail: https://www.exploit-db.com/exploits/49216

Expected Behavior

pwncat should establish a fully-interactive (Windows) reverse shell

Screenshots

As shown in the following screenshot, netcat successfully receives the reverse powershell shell.

Issue Analytics

State:
Created 2 years ago
Reactions:1
Comments:5 (1 by maintainers)

Top GitHub Comments

1reaction

fsacercommented, Dec 26, 2021

ah cool, well maybe there is no need for that staged C2, I though I could just use pwncat to handle multiple nc sessions, since there isn’t any good tools for that afaik

1reaction

calebstewartcommented, Dec 26, 2021

Windows support is currently in a… precarious state… pwncat utilized a staged C2 which is currently to disk. Windows Defender has a detection specifically for pwncat and blocks it from executing, which is my initial thought when I see problems like this.

There could also be other issues. For example, many Windows shell implementations do not actually provide full STDIO access for the shell. A lot of them line buffer the IO, which will break pwncat when it tries to spawn the C2 (assuming that the C2 isn’t blocked by Defender).

I need to revisit the Windows implementation within pwncat soon, but haven’t had the time.