From 50714896cbdb92c9e26d792cb32c71d56f85ae30 Mon Sep 17 00:00:00 2001
From: K Lange <klange@dakko.us>
Date: Mon, 27 Sep 2021 21:18:59 +0900
Subject: [PATCH] netty: Fixup the reverse shell host for socket connections

---
 apps/{petty.c => netty.c} | 65 +++++++++++++++++++++++++++++++--------
 1 file changed, 53 insertions(+), 12 deletions(-)
 rename apps/{petty.c => netty.c} (55%)

diff --git a/apps/petty.c b/apps/netty.c
similarity index 55%
rename from apps/petty.c
rename to apps/netty.c
index 5f849dac..7531c623 100644
--- a/apps/petty.c
+++ b/apps/netty.c
@@ -1,24 +1,29 @@
-/* vim: tabstop=4 shiftwidth=4 noexpandtab
+/**
+ * @brief Provides a PTY over a reverse network socket.
+ *
+ * Pipes data into and out of a PTY from a TCP socket connected to a remote
+ * server.
+ *
+ * @copyright
  * This file is part of ToaruOS and is released under the terms
  * of the NCSA / University of Illinois License - see LICENSE.md
- * Copyright (C) 2018 K. Lange
- *
- * petty - Manage a TTY.
- *
- * Wraps a serial port (or other dumb connection) with a pty
- * and manages a login for it.
+ * Copyright (C) 2018-2021 K. Lange
  */
 #include <stdio.h>
 #include <stdlib.h>
+#include <string.h>
 #include <unistd.h>
 #include <fcntl.h>
 #include <pty.h>
 #include <sys/wait.h>
 #include <sys/fswait.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <netdb.h>
+#include <arpa/inet.h>
 
 int main(int argc, char * argv[]) {
 	int fd_master, fd_slave, fd_serial;
-	char * file = "/dev/ttyS0";
 	char * user = NULL;
 
 	if (getuid() != 0) {
@@ -35,12 +40,48 @@ int main(int argc, char * argv[]) {
 		}
 	}
 
-	if (optind < argc) {
-		file = argv[optind];
+	if (optind == argc) {
+		fprintf(stderr, "usage: %s remote:port\n", argv[0]);
+		return 1;
 	}
 
+	char * remotehost = argv[optind];
+	char * colon = strstr(remotehost, ":");
+	if (!colon) {
+		fprintf(stderr, "usage: %s remote:port\n", argv[0]);
+		return 1;
+	}
+
+	*colon = '\0'; colon++;
+	int remoteport = atoi(colon);
+
 	openpty(&fd_master, &fd_slave, NULL, NULL, NULL);
-	fd_serial = open(file, O_RDWR);
+
+	int sock = socket(AF_INET, SOCK_STREAM, 0);
+	if (sock < 0) {
+		perror("socket");
+		return 1;
+	}
+
+	struct hostent * remote = gethostbyname(remotehost);
+
+	if (!remote) {
+		perror("gethostbyname");
+		return 1;
+	}
+
+	struct sockaddr_in addr;
+	addr.sin_family = AF_INET;
+	memcpy(&addr.sin_addr.s_addr, remote->h_addr, remote->h_length);
+	addr.sin_port = htons(remoteport);
+
+	if (connect(sock, (struct sockaddr*)&addr, sizeof(struct sockaddr_in)) < 0) {
+		perror("connect");
+		return 1;
+	}
+
+
+	fd_serial = sock; //open(file, O_RDWR);
 
 	pid_t child = fork();
 
@@ -52,7 +93,7 @@ int main(int argc, char * argv[]) {
 
 		system("ttysize -q");
 
-		char * tokens[] = {"/bin/login",NULL,NULL,NULL};
+		char * tokens[] = {"/bin/login-loop",NULL,NULL,NULL};
 
 		if (user) {
 			tokens[1] = "-f";