Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Windows 10 Reverse Shell Fails to be Established

See original GitHub issue

Bug Description

pwncat terminates with the error connection failed: channel receive timed out: b'' a few seconds after receiving a connection from a Windows 10 reverse shell

pwncat version

$ pwncat --version

Target System (aka “victim”)

The system in question is “Algernon” from Offensive Security Proving Grounds


Steps to Reproduce

  1. 2
  2. Run exploit for RCE vulnerability in SmarterMail:
  3. 1

Expected Behavior

pwncat should establish a fully-interactive (Windows) reverse shell


As shown in the following screenshot, netcat successfully receives the reverse powershell shell.


Issue Analytics

  • State:open
  • Created 2 years ago
  • Reactions:1
  • Comments:5 (1 by maintainers)

github_iconTop GitHub Comments

fsacercommented, Dec 26, 2021

ah cool, well maybe there is no need for that staged C2, I though I could just use pwncat to handle multiple nc sessions, since there isn’t any good tools for that afaik

calebstewartcommented, Dec 26, 2021

Windows support is currently in a… precarious state… pwncat utilized a staged C2 which is currently to disk. Windows Defender has a detection specifically for pwncat and blocks it from executing, which is my initial thought when I see problems like this.

There could also be other issues. For example, many Windows shell implementations do not actually provide full STDIO access for the shell. A lot of them line buffer the IO, which will break pwncat when it tries to spawn the C2 (assuming that the C2 isn’t blocked by Defender).

I need to revisit the Windows implementation within pwncat soon, but haven’t had the time.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Powershell reverse shell fails on Windows 7 / Windows 10 #36
Hello! All windows payloads must run from cmd.exe. The error you mentioned is caused due you are trying to run it from powershell.exe;....
Read more >
Reverse shell breaking instantly after connection has been ...
It's working! You not just provided a working answer (which may I would have found out by myself via try and error), but...
Read more >
Reverse Shell UNDETECTED by Microsoft Defender (hoaxshell) SUPER thankful for PlexTrac for supporting the channel and sponsoring this vide -- try their premiere reporting ...
Read more >
How we were able to bypass Windows Defender on a ... - Elteni
... Windows Defender on a Windows 10 machine to get a reverse shell! ... you sprayed the password and found a machine that...
Read more >
hoaxshell - An unconventional Windows reverse shell ...
The generated payload will work only for the instance it was generated for. Use the -g option to bypass this behavior and re-establish...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found