Fix reverse shell DOES NOT WORK

[shelld3v]

Currently, the reverse shell option does not work in my test. It still can receive the connection but Tplmap only sends the first character of the command that I entered. So I fixed it

[shelld3v]

Preview: https://github.com/epinna/tplmap/blob/2cd05d06cf3830b50d3bd4151902efb50191a85d/core/tcpserver.py

[shelld3v]

Hi, I have tested this locally, any update? Or any problem?

[epinna]

Many thanks for your contributions.

Unfortunately I don't have time to thoroughly review and adjust PRs, but you can help by running the tests before submitting new PRs. It requires Docker and can be run launching ./tests/tests.sh or running the single test scripts with./tests/run_*_tests.sh. Feel free to adapt the test if you changed some minor functionality.

Thanks

[shelld3v]

Hi, I have already tested this in my machine. I didn't test with a vulnerable server, but tested by running the code in tcpserver.py (replace log.info with print)

[epinna]

Still it shouldn't break the test suite (I quickly run it and it does).

[shelld3v]

The code didn't work as intended? What was happening?

[epinna]

Sorry for the late response, I currently don't have time to work on this. I'm happy to merge your PRs, but please make sure the tests passes (please follow the instructions above). Feel free to adjust the test suite if needed.

[shelld3v]

Hi, I can't:

$ sudo ./tests.sh

## Running ./run_channel_test.sh
Exposed testing APIs:

http://localhost:15001/reflect/mako?inj=*
http://localhost:15001/reflect/jinja2?inj=*
http://localhost:15001/post/mako?inj=*
http://localhost:15001/post/jinja2?inj=*
http://localhost:15001/limit/mako?inj=*
http://localhost:15001/limit/jinja2?inj=*
http://localhost:15001/put/mako?inj=*
http://localhost:15001/put/jinja2?inj=*

Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?

Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?

[epinna]

You need to install Docker, it virtualizes any application with the vulnerable template engine and test tplmap against it. It's also pretty cool as development infrastructure to develop new SSTI techniques.

[shelld3v]

Idk, but I am unable to test this. I installed Docker with sudo apt install docker.io, but is failed =(

[epinna]

Take your time to run Docker in your machine. I'm more than happy to work with you and merge your changes as long as they don't break the test suite.

[shelld3v]

Hi, the fact that I can't install Docker into my Linux subsystem for Windows. Can you test this?

[epinna]

I'm sorry but I've no time for adjusting the test suite for the PRs. Consider using a Linux VM for development.

[shelld3v]

Hi @epinna, can you use Github Actions for this? So we can automatically test every PRs and no one has to do it!

[shelld3v]

I tested:

Ran 13 tests in 45.899s

OK
tplmap-java