1
votes

Consider this python script:

import subprocess

nc = subprocess.Popen(["/bin/bash"], stdin=subprocess.PIPE, text=True)
nc.stdin.write("nc localhost 2222\n")
nc.stdin.write("pwd\n")

When I listen with netcat as nc -lnvp 2222 I successfully connect and send the string pwd nothing more happens of course.

Now I get a non stable php reverse shell(Completely new event) and I connect through netcat successfully. I execute this script to upgrade shell and print current directory. By the way that listener is another Popen instance.

import subprocess

nc = subprocess.Popen(["/bin/bash"], stdin=subprocess.PIPE, text=True)
nc.stdin.write("nc localhost 2222\n")
nc.stdin.write('python3 -c "import pty;pty.spawn(\'/bin/bash\')"\n')
nc.stdin.write('pwd\n')

Now when I execute that python script, I expected the input will go through netcat, get executed in that new bash tty and spawn a stable shell and pass pwd to return current directory. But this script only works upto spawing stable shell and then stdin input doesn't go through nc or something else happens that I'm not aware of. What's happening here?

Edit: I need to be able to run multiple commands. Using subprocess.communicate(input=<command>) causes deadlock and can't accept stdin.

I would advise using the process.communicate() rather than writing in the stdin using .write, here's a reference as to why.Novus Edge
The docs clearly state that: txt Use communicate() rather than .stdin.write, .stdout.read or .stderr.read to avoid deadlocks due to any of the other OS pipe buffers filling up and blocking the child process. Novus Edge
Sorry, I forgot to state I need a persistent process where I can input more than one command. Apparently, the subprocess.communicate() terminates the process with something called deadlock.SingularitY