From 05db4bfe8007a4718d8c2be4a1c90f3c8d2302f9 Mon Sep 17 00:00:00 2001 From: Peace-Maker Date: Thu, 30 Jan 2025 11:40:12 +0100 Subject: [PATCH] a --- pwnlib/tubes/ssh.py | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/pwnlib/tubes/ssh.py b/pwnlib/tubes/ssh.py index 6c76746b7..fec43c142 100644 --- a/pwnlib/tubes/ssh.py +++ b/pwnlib/tubes/ssh.py @@ -441,14 +441,32 @@ def __init__(self, parent, host, port, *a, **kw): # keep the parent from being garbage collected in some cases self.parent = parent + # keep reference to tunnel process to avoid garbage collection + self.tunnel = None + self.host = parent.host self.rhost = host self.rport = port + import paramiko.ssh_exception msg = 'Connecting to %s:%d via SSH to %s' % (self.rhost, self.rport, self.host) with self.waitfor(msg) as h: try: self.sock = parent.transport.open_channel('direct-tcpip', (host, port), ('127.0.0.1', 0)) + except paramiko.ssh_exception.ChannelException as e: + # Workaround AllowTcpForwarding no in sshd_config + if e.args != (1, 'Administratively prohibited'): + self.exception(str(e)) + + self.debug('Failed to open channel, trying to connect to remote port manually using netcat.') + if parent.which('nc'): + ncat = 'nc' + elif parent.which('ncat'): + ncat = 'ncat' + else: + self.exception('Could not find ncat or nc on remote. Cannot connect to remote port.') + self.tunnel = parent.process([ncat, host, str(port)]) + self.sock = self.tunnel.sock except Exception as e: self.exception(str(e)) raise @@ -949,6 +967,7 @@ def process(self, argv=None, executable=None, tty=True, cwd=None, env=None, igno self.upload_data(script, tmpfile) return tmpfile + executable = executable or argv[0] if self.isEnabledFor(logging.DEBUG): execve_repr = "execve(%r, %s, %s)" % (executable, argv,