Added some improved setuid stuff

pwncat/privesc/setuid.py

@@ -86,14 +86,23 @@ class SetuidMethod(Method):
     def __init__(self, pty: "pwncat.pty.PtyHandler"):
         super(SetuidMethod, self).__init__(pty)
 
-        self.suid_paths = None
+        self.users_searched = []
+        self.suid_paths = {}
 
     def find_suid(self):
 
+        current_user = self.pty.whoami()
+
+        # Only re-run the search if we haven't searched as this user yet
+        if current_user in self.users_searched:
+            return
+
+        # Note that we already searched for binaries as this user
+        self.users_searched.append(current_user)
+
         # Spawn a find command to locate the setuid binaries
         delim = self.pty.process("find / -perm -4000 -print 2>/dev/null")
         files = []
-        self.suid_paths = {}
 
         while True:
             path = self.pty.recvuntil(b"\n").strip()
@@ -112,12 +121,14 @@ class SetuidMethod(Method):
             )
             if user not in self.suid_paths:
                 self.suid_paths[user] = []
+            # Only add new binaries
+            if path not in self.suid_paths[user]:
                 self.suid_paths[user].append(path)
 
     def enumerate(self) -> List[Technique]:
         """ Find all techniques known at this time """
 
-        if self.suid_paths is None:
+        # Update the cache for the current user
         self.find_suid()
 
         for user, paths in self.suid_paths.items():

pwncat/privesc/sudo.py

@@ -234,8 +234,6 @@ class SudoMethod(Method):
             technique.user, sudo_spec, self.pty.shell
         )
 
-        print(shell_payload)
-
         # Run the commands
         self.pty.run(shell_payload + "\n", wait=False)