2021-06-15 21:59:33 +02:00
# Changelog
All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog ](https://keepachangelog.com/en/1.0.0/ ),
and this project adheres to [Semantic Versioning ](https://semver.org/spec/v2.0.0.html ).
The Changelog starts with v0.4.1, because we did not keep one before that,
and simply didn't have the time to go back and retroactively create one.
2021-12-26 08:35:16 +01:00
## [Unreleased]
2022-01-09 18:44:17 +01:00
### Changed
- Fixed parsing of `--ssl` argument ([#231](https://github.com/calebstewart/pwncat/issues/231)).
2022-01-01 00:03:49 +01:00
## [0.5.2] - 2021-12-31
Bug fixes for argument parsing and improved SSH key support thanks to
`paramiko-ng` . Moved to a prettier theme for ReadTheDocs documentation.
2021-12-26 08:35:16 +01:00
### Changed
- Fixed parsing of `--ssl` argument in main entrypoint ([#225](https://github.com/calebstewart/pwncat/issues/225))
2021-12-26 09:11:19 +01:00
- Replaced `paramiko` with `paramiko-ng`
- Utilized Paramiko SSHClient which will also utilize the SSHAgent if available by default and supports key types aside from RSA ([#91](https://github.com/calebstewart/pwncat/issues/91))
2021-12-26 09:57:13 +01:00
- Added implant module `list` command to match documentation ([#224](https://github.com/calebstewart/pwncat/issues/224)).
- Update documentation to clarify implant reconnection
2021-12-26 21:29:48 +01:00
- Fixed `--ssl` argument parsing for bind channels.
2021-12-31 23:54:56 +01:00
- Moved documentation theme to [furo ](https://github.com/pradyunsg/furo ).
- Added Extras group for documentation depenedencies and removed `docs/requirements.txt` .
2021-12-26 08:35:16 +01:00
2021-12-07 17:12:11 +01:00
## [0.5.1] - 2021-12-07
2021-12-07 16:48:14 +01:00
Minor bug fixes. Mainly typos from changing the package name.
### Changed
- Fixed `--version` switch.
- Fixed readme typos.
### Added
- Read the Docs Configuration File
2021-11-28 23:47:32 +01:00
2021-12-07 17:12:11 +01:00
## [0.5.0] - 2021-11-28
2021-11-28 23:35:14 +01:00
This is a major release mainly due to the name change, and PyPI package addition.
The package has been renamed to `pwncat-cs` and the default entrypoint has also
been renamed to `pwncat-cs` . These changes were made in an effort to deconflict
with [Cytopia pwncat ](https://pwncat.org/ ). Beyond that, some new features were
added as seen in the release notes below.
I've tried to update all references to the old `pwncat` entrypoint, but may have
missed some throughout the documentation or code. Please open an issue if you
notice any old references to the previous name.
It's worth noting that the internal module name is still `pwncat` , as Cytopia
does not implement an importable package (only a command line entrypoint). I may
change this name in the future, but for now it doesn't cause any issues and would
require a major refactor so I'm going to leave it.
2021-06-20 07:00:23 +02:00
### Changed
- Moved dependency management and building to [Poetry ](https://python-poetry.org ).
- Changed package name to `pwncat-cs` in order to not conflict w/ cytopia/pwncat.
2021-06-19 02:28:57 +02:00
### Added
- Added `ssl-bind` and `ssl-connect` channel protocols for encrypted shells
- Added `ncat` -style ssl arguments to entrypoint and `connect` command
- Added query-string arguments to connection strings for both the entrypoint
and the `connect` command.
2021-06-19 04:04:12 +02:00
- Added Enumeration States to allow session-bound enumerations
2021-06-20 07:00:23 +02:00
- Added PyPi publishing to GitHub `publish` workflow.
2021-06-22 05:17:58 +02:00
- Added licensing for pwncat (MIT)
2021-06-20 01:58:44 +02:00
- Added background listener API and commands ([#43](https://github.com/calebstewart/pwncat/issues/43))
2021-06-19 06:50:31 +02:00
- Added Windows privilege escalation via BadPotato plugin ([#106](https://github.com/calebstewart/pwncat/issues/106))
2021-06-22 05:17:58 +02:00
### Removed
- Removed `setup.py` and `requirements.txt`
2021-06-19 02:21:25 +02:00
2021-11-28 22:33:34 +01:00
## [0.4.4] - 2021-11-28
2021-07-17 23:07:49 +02:00
### Fixed
- Possible exception due to _pre-registering_ of `session` with `manager`
2021-08-11 00:30:11 +02:00
- Covered edge case in sudo rule parsing for wildcards ([#183](https://github.com/calebstewart/pwncat/issue/183))
- Added fallthrough cases for PTY methods in case of misbehaving binaries (looking at you: `screen` )
2021-07-18 19:54:09 +02:00
- Fixed handling of `socket.getpeername` when `Socket` channel uses IPv6 ([#159](https://github.com/calebstewart/pwncat/issues/159)).
2021-08-12 07:41:46 +02:00
- Fixed verbose logging handler to be __unique__ for every `channel`
- Fixed docstrings in `Command` modules
2021-08-31 23:35:26 +02:00
- Changed docker base image to `python3.9-alpine` to fix python version issues.
2021-09-19 08:50:19 +02:00
- Added logic for calling correct paramiko method when reloading an encrypted SSH privat ekey ([#185](https://github.com/calebstewart/pwncat/issues/185)).
- Forced `Stream.RAW` for all GTFOBins interaction ([#195](https://github.com/calebstewart/pwncat/issues/195)).
- Added custom `which` implementation for linux when `which` is not available ([#193](https://github.com/calebstewart/pwncat/issues/193)).
2021-09-21 07:51:58 +02:00
- Correctly handle `--listen` argument ([#201](https://github.com/calebstewart/pwncat/issues/201))
2021-09-21 08:33:33 +02:00
- Added handler for `OSError` when attempting to detect the running shell ([#179](https://github.com/calebstewart/pwncat/issues/179))
2021-11-28 21:06:11 +01:00
- Added additional check for stat time of file birth field (#208)
- Removed shell compare with ["nologin", "false", "sync", "git-shell"] (#210)
- Added shell compare with not in ["bash", "zsh", "ksh", "fish"] (#210)
2021-07-17 23:07:49 +02:00
### Added
- Added alternatives to `bash` to be used during _shell upgrade_ for a _better shell_
- Added a warning message when a `KeyboardInterrupt` is caught
2021-08-12 07:41:46 +02:00
- Added `--verbose/-V` for argument parser
- Added `OSError` for `bind` protocol to show appropriate error messages
2021-09-23 00:48:26 +02:00
- Contributing guidelines for GitHub maintainers
2021-09-23 01:02:46 +02:00
- Installation instructions for BlackArch
2021-11-28 21:52:07 +01:00
- Added `lpwd` and `lcd` commands to interact with the local working directory ([#218](https://github.com/calebstewart/pwncat/issues/218))
2021-07-17 23:07:49 +02:00
### Changed
2021-09-21 08:33:33 +02:00
- Removed handling of `shell` argument to `Popen` to prevent `euid` problems ([#179](https://github.com/calebstewart/pwncat/issues/179))
2021-07-17 23:07:49 +02:00
- Changed some 'red' warning message color to 'yellow'
2021-08-10 23:09:11 +02:00
- Leak private keys for all users w/ file-read ability as UID=0 ([#181](https://github.com/calebstewart/pwncat/issues/181))
- Raise `PermissionError` when underlying processes terminate unsuccessfully for `LinuxReader` and `LinuxWriter`
2021-11-28 21:59:46 +01:00
- Removed `busybox` and `bruteforce` commands from documentation.
2021-07-17 23:07:49 +02:00
2021-06-19 02:21:25 +02:00
## [0.4.3] - 2021-06-18
Patch fix release. Major fixes are the correction of file IO for LinuxWriters and
improved stability with better exception handling.
2021-06-16 23:24:40 +02:00
### Fixed
- Pinned container base image to alpine 3.13.5 and installed to virtualenv ([#134](https://github.com/calebstewart/pwncat/issues/134))
2021-06-16 23:31:54 +02:00
- Fixed syntax for f-strings in escalation command
2021-06-19 00:33:21 +02:00
- Re-added `readline` import for windows platform after being accidentally removed
2021-07-20 22:30:00 +02:00
- Corrected processing of password in connection string
2021-06-16 21:57:47 +02:00
### Changed
- Changed session tracking so session IDs aren't reused
- Changed zsh prompt to match CWD of other shell prompts
2021-06-19 00:44:23 +02:00
- Improved exception handling throughout framework ([#133](https://github.com/calebstewart/pwncat/issues/133))
2021-06-17 23:47:07 +02:00
- Added explicit permission checks when opening files
2021-06-18 20:12:47 +02:00
- Changed LinuxWriter close routine again to account for needed EOF signals ([#140](https://github.com/calebstewart/pwncat/issues/140))
2021-06-19 02:28:57 +02:00
### Added
2021-06-18 20:12:47 +02:00
- Added better file io test cases
2021-06-17 04:44:29 +02:00
2021-06-16 03:24:13 +02:00
## [0.4.2] - 2021-06-15
Quick patch release due to corrected bug in `ChannelFile` which caused command
output to be empty in some situations.
### Fixed
2021-06-15 21:59:33 +02:00
- Fixed `linux.enumerate.system.network` to work with old and new style `ip` .
2021-06-16 03:17:08 +02:00
- Fixed `ChannelFile.recvinto` which will no longer raise `BlockingIOError` ([#126](https://github.com/calebstewart/pwncat/issues/126), [#131 ](https://github.com/calebstewart/pwncat/issues/131 ))
- Fixed sessions command with invalid session ID ([#130](https://github.com/calebstewart/pwncat/issues/130))
- Fixed zsh shell prompt color syntax ([#130](https://github.com/calebstewart/pwncat/issues/130))
2021-06-16 03:24:13 +02:00
### Added
2021-06-15 22:37:44 +02:00
- Added Pull Request template
- Added CONTRIBUTING.md
2021-06-16 03:17:08 +02:00
- Added `--version` option to entrypoint to retrieve pwncat version
- Added `latest` tag to documented install command to prevent dev installs
2021-06-15 21:59:33 +02:00
## [0.4.1] - 2021-06-14
### Added
2021-06-16 03:17:08 +02:00
- Differentiate prompt syntax for standard bash, zsh and sh ([#126](https://github.com/calebstewart/pwncat/issues/126))
2021-06-15 21:59:33 +02:00
- Added `-c=never` to `ip` command in `linux.enumerate.system.network`
2021-06-16 03:17:08 +02:00
([#126](https://github.com/calebstewart/pwncat/issues/126))
- Updated Dockerfile to properly build post-v0.4.0 releases ([#125](https://github.com/calebstewart/pwncat/issues/125))
2021-06-15 21:59:33 +02:00
- Added check for `nologin` shell to stop pwncat from accidentally
2021-06-16 03:17:08 +02:00
closing the session ([#116](https://github.com/calebstewart/pwncat/issues/116))
- Resolved all flake8 errors ([#123](https://github.com/calebstewart/pwncat/issues/123))
- Improved EOF handling for Linux file-writes ([#117](https://github.com/calebstewart/pwncat/issues/117))