Skip to content

fix(ssh): preserve ANSI escape codes in interactive mode (closes #2703)#2747

Open
Gustavo-Blois wants to merge 3 commits into
Gallopsled:devfrom
Gustavo-Blois:fix/ssh-interactive-ansi
Open

fix(ssh): preserve ANSI escape codes in interactive mode (closes #2703)#2747
Gustavo-Blois wants to merge 3 commits into
Gallopsled:devfrom
Gustavo-Blois:fix/ssh-interactive-ansi

Conversation

@Gustavo-Blois

Copy link
Copy Markdown

When using ssh.interactive(), ANSI escape codes are displayed literally
(e.g., \x1b[31m) instead of being interpreted as colors.

In ssh_channel.interactive(), the condition to use the binary stdout buffer
was inverted:

  • When term_mode=True (terminal mode), it uses sys.stdout
  • When term_mode=False, it uses sys.stdout.buffer

sys.stdout escapes ANSI escape codes, preventing the terminal from
interpreting them correctly. This change always uses sys.stdout.buffer
to preserve the escape sequences.

Fixes #2703

@peace-maker

Copy link
Copy Markdown
Member

I think this is correct. Do you remember why you added the term.term_mode condition @Arusekk?

@Arusekk

Arusekk commented Jun 28, 2026

Copy link
Copy Markdown
Member

This is done so that in interactive setting you can see the raw bytes and nothing can hide (ike crazy escapes with invalid or malicious payloads). In the non-interactive setting, you want original bytes preserved always.

So I can see where this if comes from.

If you want raw, you can pipe the exploit to cat, or set PWNLIB_NOTERM=1 in environment or run python exploit.py NOTERM

@peace-maker

Copy link
Copy Markdown
Member

Hmhm, but this is different to the interactive() prompt in other tubes like local processes or raw sockets. We just evaluate the escape codes there by default.

How is the ssh setting different here?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

ssh.interactive() doesn't interpret ansi escape codes in output

3 participants