UDP mode not working in background on GNU/Linux

[talau]

Hi there,

When running the pwncat with option -u (for UDP mode) it does not work in background on GNU/Linux.

Example:

$ ./bin/pwncat -u -l 127.0.0.1 9999 &
[1]+ Stopped ./bin/pwncat -u -l 127.0.0.1 9999

A few seconds after starting it stops listening on the specified UDP port.

Best Regards,
mt

[cytopia]

It does work on my machine. Can you try to do the same in foreground and see if it somehow quits?

[talau]

Hmm. In foreground it works. I tried it with Python versions 2.7.18, 3.9.2, and 3.10.8, and it does not work in background.

More info: I tried on Debian Stable (bullseye) and with Debian Unstable.
Running it with nohup (nohup ./bin/pwncat -u -l 127.0.0.1 9999) it shows these exceptions:
------------------------------------>8------------------------------------

Exception in thread STDIN:
Traceback (most recent call last):
  File "/usr/lib/python3.10/threading.py", line 1016, in _bootstrap_inner
    self.run()
  File "/usr/lib/python3.10/threading.py", line 953, in run
    self._target(*self._args, **self._kwargs)
  File "/git/waiting/pwncat/pwncat/./bin/pwncat", line 4015, in run_action
    for data in producer.function(*producer.args, **producer.kwargs):
  File "/git/waiting/pwncat/pwncat/./bin/pwncat", line 3423, in producer
    data = self.__read_stdin()
  File "/git/waiting/pwncat/pwncat/./bin/pwncat", line 3539, in __read_stdin
    return sys.stdin.buffer.readline()
OSError: [Errno 9] Bad file descriptor
/git/waiting/pwncat/pwncat/./bin/pwncat:4210: DeprecationWarning: getName() is deprecated, get the name attribute instead
  self.__threads[key].getName(),
/git/waiting/pwncat/pwncat/./bin/pwncat:4216: DeprecationWarning: getName() is deprecated, get the name attribute instead
  "Joining %s", self.__threads[key].getName()
/git/waiting/pwncat/pwncat/./bin/pwncat:4222: DeprecationWarning: getName() is deprecated, get the name attribute instead
  "Joined %s", self.__threads[key].getName()
Exception in thread RECV:
Traceback (most recent call last):
  File "/git/waiting/pwncat/pwncat/./bin/pwncat", line 2841, in producer
    yield self.__net.receive()
  File "/git/waiting/pwncat/pwncat/./bin/pwncat", line 1967, in receive
    raise socket.timeout("timed out")  # type: ignore
TimeoutError: timed out

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3.10/threading.py", line 1016, in _bootstrap_inner
    self.run()
  File "/usr/lib/python3.10/threading.py", line 953, in run
    self._target(*self._args, **self._kwargs)
  File "/git/waiting/pwncat/pwncat/./bin/pwncat", line 4015, in run_action
    for data in producer.function(*producer.args, **producer.kwargs):
  File "/git/waiting/pwncat/pwncat/./bin/pwncat", line 2849, in producer
    self.__net.send_eof()
  File "/git/waiting/pwncat/pwncat/./bin/pwncat", line 1860, in send_eof
    self.__sock.shutdown_send(self.__active["conn"], "conn")
KeyError: 'conn'

------------------------------------8<------------------------------------

Just to let you know, I'm working on Debian packaging [1] of pwncat, and I
discovered this issue during the creation of CI tests.
[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015173

[cytopia]

Thanks for the details 👍, I will look into this

[cytopia]

@talau

The issue seems to be the stdin file descriptor, when it is not attached to a terminal anymore:

  File "/git/waiting/pwncat/pwncat/./bin/pwncat", line 3539, in __read_stdin
    return sys.stdin.buffer.readline()
OSError: [Errno 9] Bad file descriptor

This happens both in TCP and also UDP mode as it is not connected to any mode. It is trying to read from stdin, but stdin does not exist.

It can therefore (atm) not put into background mode. I will need to do a little digging if this is possible somehow.

[cytopia]

I can reproduce it with a very simple script:

test.py:

import sys

print(sys.stdin.readline())

And then run it with nohup:

$ nohup python test.py

$ cat nohup.out
Traceback (most recent call last):
  File "test.py", line 3, in <module>
    print(sys.stdin.readline())
IOError: [Errno 9] Bad file descriptor

[cytopia]

What you can do for now is the following command for a server:

TCP

nohup ./pwncat  -l --no-shutdown 127.0.0.1 9998  > log.log 2>&1

UDP

nohup ./pwncat  -l --no-shutdown -u 127.0.0.1 9998  > log.log 2>&1

[talau]

@talau

The issue seems to be the stdin file descriptor, when it is not attached to a terminal anymore:

  File "/git/waiting/pwncat/pwncat/./bin/pwncat", line 3539, in __read_stdin
    return sys.stdin.buffer.readline()
OSError: [Errno 9] Bad file descriptor

This happens both in TCP and also UDP mode as it is not connected to any mode. It is trying to read from stdin, but stdin does not exist.

It can therefore (atm) not put into background mode. I will need to do a little digging if this is possible somehow.

@cytopia For me, the problem occurs only in UDP mode, TCP runs OK in background mode.
i.e: python3 ./bin/pwncat -l 127.0.0.1 9999 &
(works fine)

[talau]

@cytopia Hi there! Any news about this issue?