Saverr/pwncat
1
0
Fork 0
mirror of https://github.com/calebstewart/pwncat.git synced 2024-11-27 19:04:15 +01:00
Code Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/calebstewart/pwncat

Browse Source
This commit is contained in:
John Hammond 2020-05-09 21:42:47 -04:00
commit 010d09d795
2 changed files with 17 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
pwncat/privesc/setuid.py
View File

@ -22,14 +22,23 @@ class SetuidMethod(Method):
def __init__(self, pty: "pwncat.pty.PtyHandler"):
super(SetuidMethod, self).__init__(pty)
self.suid_paths = None
self.users_searched = []
self.suid_paths = {}
def find_suid(self):
current_user = self.pty.whoami()
# Only re-run the search if we haven't searched as this user yet
if current_user in self.users_searched:
return
# Note that we already searched for binaries as this user
self.users_searched.append(current_user)
# Spawn a find command to locate the setuid binaries
delim = self.pty.process("find / -perm -4000 -print 2>/dev/null")
files = []
self.suid_paths = {}
while True:
path = self.pty.recvuntil(b"\n").strip()
@ -48,14 +57,16 @@ class SetuidMethod(Method):
)
if user not in self.suid_paths:
self.suid_paths[user] = []
self.suid_paths[user].append(path)
# Only add new binaries
if path not in self.suid_paths[user]:
self.suid_paths[user].append(path)
def enumerate(self, capability: int = Capability.ALL) -> List[Technique]:
""" Find all techniques known at this time """
if self.suid_paths is None:
self.find_suid()
known_techniques = []
# Update the cache for the current user
self.find_suid()
for user, paths in self.suid_paths.items():
for path in paths:
binary = gtfobins.Binary.find(path)

2
pwncat/privesc/sudo.py
View File

@ -241,8 +241,6 @@ class SudoMethod(Method):
technique.user, sudo_spec, self.pty.shell
)
print(shell_payload)
# Run the commands
self.pty.run(shell_payload + "\n", wait=False)