Comments (8)
I'm not exactly clear what you mean. What happens at the beginning is that it starts a pty and grabs few bits of information to identify the remote system. If it's slow, it's because your connection to the remote machine is slow. TryHackMe is notorious for having ungodly slow machines (understandably since they're running thousands of them, presumably). pwncat
is basically just grabbing the hostname, the mac address of network cards that are available, and the current shell. Then it identifies which method to use for spawning a pty. Normally, that's script
or python
, but it checks which one exists first. You need a pty for pwncat to work properly. The only part that isn't strictly necessary is the hostname and mac address part, but without that you have no way to uniquely identify that host. There's only one C2 channel so there's no way to "background" those actions. As with everything that happens in pwncat, it has to wait for them to complete to continue.
from pwncat.
I might be able to speed it up by compiling multiple of those into one command (essentially an in-memory script) and feeding it to the remote shell, then reading the data back instead of running each individually, but there's not a way to background anything.
from pwncat.
No, here is my idea: a new binary, pwncatd, already has all the scripts loaded and it created a victim. When a new request comes to a unix domain socket, it forks and runs as if it was normal pwncat. Main process keeps listening. This is much faster than doing everything when the user actually requests it (or at least, ot starts quicker)
from pwncat.
it takes a long time to run Victim()
locally. I checked. That is what i want to optimize. I propably wasn't clear about it.
from pwncat.
I've done some digging, and a large factor was gtfobins.json
. The file was (is) huge. We may be able to move to a better file format for this data at some point. Adding to this was the fact that when creating the file format and testing the gtfobins
module, we wanted comments in the JSON to allow us to document what was going on. This lead us to the commentjson
python module. This module is incredibly slow. I removed all the comments and minified the JSON file, but still was seeing about 2
seconds loading time with a return directly after Victim()
in __main__.py
(down from 2.7
to be fair).
With that in mind, I took a look at some different python JSON modules. The builtin module clocked in at about 0.98
seconds. orjson
isn't compatible with the standard JSON interface so would require some more modification of the gtfobins
module to make it work. I tried rapidjson
and it clocked in at about 0.8
seconds.
I've settled on rapidjson
. I've added it to the requirements.txt
and setup.py
scripts, and pushed an update. This shaves off about 1.7
-2.0
seconds off the startup time (an about 60% speed up for starting up). Hopefully this will help. Any further optimization for the GTFObins data seems unnecessary. I commented out the entire loading process for gtfobins.json
and saw little to no increase in performance (at best, on one run I saw 0.77 vice 0.80 seconds).
from pwncat.
Also, for what it's worth, just starting pwncat
and returning just before creating the Victim
object now takes about 0.70
while returning just after creating the Victim
object takes about 0.80
seconds. So, creating the Victim
object now only takes on average about 0.1
seconds. Nothing really happens before that so the rest of the loading time is basically just python loading modules, which python is notoriously bad at.
from pwncat.
While I don't think the proper solution is creating a pwncat
daemon, I appreciate you bringing this up because it forced me to do some digging and find this bug. I understand python can be annoying with it's loading times, and I'll do everything I can to reduce it, but with a lot of imports python is just really slow at starting up.
from pwncat.
I haven't heard back in more than 2 weeks. I'm going to close this issue. Feel free to reach out if you have any more issues or comments. Thanks!
from pwncat.
Related Issues (20)
- sudo no path HOT 2
- no attribute 'load_private_key' HOT 4
- escalate list > ValueError("expected a command string or list of arguments")
- Use tmux for managing multiple connections
- error when listen netcat connection from windows HOT 1
- 'authorized_keys' implant should check perms on the .ssh dir (and maybe chmod them)
- Network enumeration broken on docker containers that return non-0 return codes HOT 1
- Can we get rich bumped to the latest version?
- CryptographyDepricationWarning: Blowfish has been deprecated 'class' : algorithms.Blowfish HOT 1
- paramiko ssh
- Windows Reverse Shell help HOT 2
- Hi Caleb : Please would you rename the project because it is misleading with the other pwncat project ?
- connection failed: channel unexpectedly closed HOT 3
- module 'paramiko.pkey' has no attribute 'load_private_key_file' HOT 2
- SSH Private Keys not in Privesc path
- SU User with NO PASSWD
- Ctrl + D outputs the following HOT 1
- history
- pwncat-cs stuck at "registered new host w/ db"
- details in PS1 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pwncat.