Pwncat broken on Parrot OS

[mgeddert]

Bug Description

On Parrot OS any attempt to create a listener fails, regardless if the python interpreter shipped
with the distribution (3.9.2) or a fresh compiled latest version (3.9.7) is used.

pwncat fails to bind to any port with:

connection failed: generic channel failure

...then drops you into your local pwncat shell.

pwncat version

Provide the output of pwncat --version or a commit hash if working from
a development branch.

$ pwncat --version
0.4.3

Sorry I really gotta learn Markdown !

[calebstewart]

From our E-mail conversation, you mentioned that you use the following command:

pwncat -m windows -l 4444

However, this is not exactly correct. The command your looking for is:

# You need to tell pwncat you are specifying a port number
pwncat -m windows -lp 4444
# The equivalent command with long-form options is this
pwncat --platform windows --listen --port 9999

The reason it is failing is that the first positional argument is assumed to be a connection string. The port number is intended to be an argument to the --port option, but in the absence of --port, it is treated as a positional argument instead.

Looking back at the documentation, it appears there's a typo here.

I'll write up a fix for the documentation later this evening. Also, I'll look into making that error message a little more helpful. Thanks for reporting!

Sorry I really gotta learn Markdown !

No problem at all! Thanks for making the effort 😃

[mgeddert]

😲 wow I‘ll get out of bed and test !

…

Am 20.09.2021 um 20:23 schrieb Caleb Stewart ***@***.***>:  From our E-mail conversation, you mentioned that you use the following command: pwncat -m windows -l 4444 However, this is not exactly correct. The command your looking for is: # You need to tell pwncat you are specifying a port number pwncat -m windows -lp 4444 # The equivalent command with long-form options is this pwncat --platform windows --listen --port 9999 The reason it is failing is that the first positional argument is assumed to be a connection string. The port number is intended to be an argument to the --port option, but in the absence of --port, it is treated as a positional argument instead. Looking back at the documentation, it appears there's a typo here. I'll write up a fix for the documentation later this evening. Also, I'll look into making that error message a little more helpful. Thanks for reporting! Sorry I really gotta learn Markdown ! No problem at all! Thanks for making the effort 😃 — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or unsubscribe.

[mgeddert]

Yes ! Yes ! Wonderful ! Good Night for Now, Michael

…

Am 20.09.2021 um 20:23 schrieb Caleb Stewart ***@***.***>:  From our E-mail conversation, you mentioned that you use the following command: pwncat -m windows -l 4444 However, this is not exactly correct. The command your looking for is: # You need to tell pwncat you are specifying a port number pwncat -m windows -lp 4444 # The equivalent command with long-form options is this pwncat --platform windows --listen --port 9999 The reason it is failing is that the first positional argument is assumed to be a connection string. The port number is intended to be an argument to the --port option, but in the absence of --port, it is treated as a positional argument instead. Looking back at the documentation, it appears there's a typo here. I'll write up a fix for the documentation later this evening. Also, I'll look into making that error message a little more helpful. Thanks for reporting! Sorry I really gotta learn Markdown ! No problem at all! Thanks for making the effort 😃 — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or unsubscribe.

[mgeddert]

Thanks a lot ! That really helped ! When I connect with a windows machine I get a windows.enumerate.domain: usr/local/master/lib/python3.9/dist-packages/pwncat/data/PowerSploit/Recon/Get-ComputerDetail.ps1: psmodule not found I guess that is in the C2 Assembly, right ? Also "sessions" gives me a traceback....Hmm I'll keep trying. I'll have to play and roadtest a lot with pwncat. Cheers, Michael Am Di., 21. Sept. 2021 um 07:56 Uhr schrieb Caleb Stewart < ***@***.***>:

…

Closed #201 <#201> via #202 <#202>. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#201 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AVSW4ND2HJYUXDKJLOWE3UDUDANAFANCNFSM5EMQNKTA> .

[mgeddert]

Hmm this was on a box with Trendmicro, S1 and CB. Let me find a more innocent box and try again. Michael Geddert ***@***.***> schrieb am Di. 21. Sept. 2021 um 11:10:

…

Thanks a lot ! That really helped ! When I connect with a windows machine I get a windows.enumerate.domain: usr/local/master/lib/python3.9/dist-packages/pwncat/data/PowerSploit/Recon/Get-ComputerDetail.ps1: psmodule not found I guess that is in the C2 Assembly, right ? Also "sessions" gives me a traceback....Hmm I'll keep trying. I'll have to play and roadtest a lot with pwncat. Cheers, Michael Am Di., 21. Sept. 2021 um 07:56 Uhr schrieb Caleb Stewart < ***@***.***>: > Closed #201 <#201> via #202 > <#202>. > > — > You are receiving this because you authored the thread. > Reply to this email directly, view it on GitHub > <#201 (comment)>, or > unsubscribe > <https://github.com/notifications/unsubscribe-auth/AVSW4ND2HJYUXDKJLOWE3UDUDANAFANCNFSM5EMQNKTA> > . >

[Mitul16]

@mgeddert

removed suggestion (incorrect)

windows.enumerate.domain:
usr/local/master/lib/python3.9/dist-packages/pwncat/data/PowerSploit/Recon/Get-ComputerDetail.ps1:
psmodule not found

You can Pre-download all Windows builtin plugins using pwncat --download-plugins

---

I guess that is in the C2 Assembly, right ? Also "sessions" gives me a
traceback....Hmm I'll keep trying.
I'll have to play and roadtest a lot with pwncat.

Could you please elaborate on this?
What kind of Error did you receive?

[mgeddert]

I have downloaded the plugins several times. I‘ll test tomorrow with a fresh box….

…

Am 21.09.2021 um 23:00 schrieb Mitul Varshney ***@***.***>:  @mgeddert windows.enumerate.domain: usr/local/master/lib/python3.9/dist-packages/pwncat/data/PowerSploit/Recon/Get-ComputerDetail.ps1: psmodule not found You can Pre-download all Windows builtin plugins using pwncat --download-plugins I guess that is in the C2 Assembly, right ? Also "sessions" gives me a traceback....Hmm I'll keep trying. I'll have to play and roadtest a lot with pwncat. Could you please elaborate on this? What kind of Error did you receive? — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or unsubscribe.

[mgeddert]

Right after the victim connects, when the listener screen should change and give me a list of sessions i get a traceback. Right before that it prints the msg about the missing module. I‘ll have a traceback and maybe even a screen capture for you tomorrow. Transcribed from the Nether

…

Am 21.09.2021 um 23:54 schrieb Michael Geddert ***@***.***>: I have downloaded the plugins several times. I‘ll test tomorrow with a fresh box…. >> Am 21.09.2021 um 23:00 schrieb Mitul Varshney ***@***.***>: >> >  > @mgeddert > > windows.enumerate.domain: > usr/local/master/lib/python3.9/dist-packages/pwncat/data/PowerSploit/Recon/Get-ComputerDetail.ps1: > psmodule not found > > You can Pre-download all Windows builtin plugins using pwncat --download-plugins > > I guess that is in the C2 Assembly, right ? Also "sessions" gives me a > traceback....Hmm I'll keep trying. > I'll have to play and roadtest a lot with pwncat. > > Could you please elaborate on this? > What kind of Error did you receive? > > — > You are receiving this because you were mentioned. > Reply to this email directly, view it on GitHub, or unsubscribe.

[calebstewart]

That error isn't from the plugins. PowerSploit should be included in the installed Python module. I don't know why it wouldn't have been installed with pwncat. I can't really help diagnose without a copy of the output including the traceback, which you mentioned you'll have tomorrow.

To be clear, the plugins are .dll files which are loaded differently. PowerShell files are not "plugins," but can be side loaded directly, and those scripts specifically should be bundled with the installation of pwncat.

[mgeddert]

I was rerouted to install new switches onsite, no pwncat playtime today. Tomorrow for sure. Regards

…

Am 21.09.2021 um 11:10 schrieb Michael Geddert ***@***.***>:  Thanks a lot ! That really helped ! When I connect with a windows machine I get a windows.enumerate.domain: usr/local/master/lib/python3.9/dist-packages/pwncat/data/PowerSploit/Recon/Get-ComputerDetail.ps1: psmodule not found I guess that is in the C2 Assembly, right ? Also "sessions" gives me a traceback....Hmm I'll keep trying. I'll have to play and roadtest a lot with pwncat. Cheers, Michael > Am Di., 21. Sept. 2021 um 07:56 Uhr schrieb Caleb Stewart ***@***.***>: > Closed #201 via #202. > > — > You are receiving this because you authored the thread. > Reply to this email directly, view it on GitHub, or unsubscribe.