Jump to content

reach autoit TCP server from linux shell


Recommended Posts

Hello,

on my desktop PC I use a server with the following code:

TCPStartup() 
Dim $Socket_Data[1]
$Socket_Data[0] = 0
$Listen = TCPListen(@IPAddress1, 666, 500)

Server() 
Func Server()
    While 1
            $msg = TCPRecv($Socket_Data[$x], 1000000)
            If $msg Then
                Call(Remote)
            EndIf
    WEnd
EndFunc   ;==>Server

Func Remote() 
    Select ;If we receive a message
        Case $msg = "start"
            Run("C:\Program Files (x86)\Test\test.exe")
    EndSelect
EndFunc   ;==>Remote

On the laptop PC there's a client for sending commands to the server, that looks like this:

Remote()
Func Remote()
    TCPStartup()
    $ipAddress = "192.168.0.105"
    $portAddress = 666
    $connectedSocket = TCPConnect($ipAddress, $portAddress) 
    While 1
        $msg = GUIGetMsg()
        Select
            Case $msg = $cb_start
                $message = "start"
                TCPSend($connectedSocket, $message)
        EndSelect
    WEnd
    TCPShutdown()
EndFunc   ;==>Remote

Now my goal is to being able to send commands from a linux shell to the autoit server on the desktop PC.

The parameters are: IP, port and text message.

 

I've tried with scapy for example:

p=sr(IP(dst="192.168.0.105")/TCP(dport=666)/"start")

 

But this did not work. The server didn't react as it does to the autoit client command.

 

Can anyone explain to me, why the server doesn't react to the scapy command and what command in a linux shell could make it react propperly?

 

Hope, someone can help.

Edited by Marty
Link to comment
Share on other sites

TCPRecv without the third argument will try to guess at where it is ASCII or binary. When I was trying to do a Telnet server, I got String when I send commands from putty, because it would send "String<CR><LF>", where I got binary from TeraTerm, because it would send "String<CR><NUL>"

 

First step is to see what you're getting from your client.

 

Something like this:

Func Remote() 
  ConsoleWrite("Message received was:"& $msg &@CRLF)
  ;MsgBox(0,"Message received was",$msg) ; Use Msgbox if you prefer
    Select ;If we receive a message
        Case $msg = "start"
            Run("C:\Program Files (x86)\Test\test.exe")
    EndSelect
EndFunc   ;==>Remote

If in your console or Msgbox you're getting a string starting with "0x" you're getting binary data.

 

You might be best to force Binary mode:

TCPStartup()
Dim $Socket_Data[1]
$Socket_Data[0] = 0
$Listen = TCPListen(@IPAddress1, 666, 500)

Server()
Func Server()
    While 1
            $msg = TCPRecv($Socket_Data[$x], 1000000,1) ;Setting flag to 1 gets binary
            If $msg Then
                ;Call(Remote)
                Remote() ;If you know the function name, better to use it directly than with call
            EndIf
    Sleep(50);Small sleep delay keeps While loop from hogging XPU time
    WEnd
EndFunc   ;==>Server

Func Remote()
    Consolewrite("Message recieved binary:"&$msg&@CRLF)
    ;Expected results are:
    ;0x7374617274 - hex representation of "Start"
    ;0x0D0A- CRLF
    ;0x0D-CR
    ;0x0A-LF
    ;0x00-NULL
    $msg=BinaryToString($msg); Converting the binary hex to String
    Consolewrite("Message recieved string:"&$msg&@CRLF)
    ;By doing a StringinStr, if the client is adding leading characters, or trailing charaters
    ;we will still find it
    $startlocation=StringInStr("start",$msg)
    If $startlocation <> 0 Then
        Run("C:\Program Files (x86)\Test\test.exe")
    EndIf
EndFunc   ;==>Remote

 

Link to comment
Share on other sites

Thank you very much for your help. I tried as you suggested, but the message box gives the same string in both cases. So the command from Linux seems to be received by the server well, but still the server doesn't work in the same way, it's supposed to do.

Link to comment
Share on other sites

2 hours ago, TurionAltec said:

Try this at the start of your remote function

$sMsgtoDiskplay=""&StringToBinary($msg); Convert to binary hex
    Consolewrite("Message recieved:"&$sMsgtoDiskplay&@CRLF)
    Msgbox(0,"Message recieved",$sMsgtoDiskplay)

You should see "0x7374617274" There might be additional invisible characters that scapy is adding on. 

It's a normal string so far. I'll try your second suggestion as soon as I'm back at my workplace. 

Thank you verify much! The message box idea in the server script is great! I'll post as soon as I try your last suggestion. 

Link to comment
Share on other sites

3 hours ago, Marty said:

It's a normal string so far. I'll try your second suggestion as soon as I'm back at my workplace. 

Thank you verify much! The message box idea in the server script is great! I'll post as soon as I try your last suggestion. 

It looks, like the linux command adds a line feed "0A". The question now is, how to remove that.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...