Merge pull request #220 from calebstewart/fix/216/remove-busybox-bruteforce

Removed busybox and bruteforce commands from docs

CHANGELOG.md

@@ -38,6 +38,7 @@ and simply didn't have the time to go back and retroactively create one.
 - Changed some 'red' warning message color to 'yellow'
 - Leak private keys for all users w/ file-read ability as UID=0 ([#181](https://github.com/calebstewart/pwncat/issues/181))
 - Raise `PermissionError` when underlying processes terminate unsuccessfully for `LinuxReader` and `LinuxWriter`
+- Removed `busybox` and `bruteforce` commands from documentation.
 
 ## [0.4.3] - 2021-06-18
 Patch fix release. Major fixes are the correction of file IO for LinuxWriters and

docs/source/commands/bruteforce.rst

@@ -1,35 +0,0 @@
-Bruteforce
-==========
-
-The ``bruteforce`` command is used to bruteforce authentication of a user locally. It will use the ``su`` command to
-iteratively try every password for a given user. This is very slow, but does technically work. If no wordlist is
-specified, the default location of ``rockyou.txt`` in Kali Linux is chosen. This may or may not exist for your system.
-
-.. warning::
-    This command is very noisy in log files. Each failed authentication is normally logged by any modern
-    linux distribution. Further, if account lockout is enabled, this will almost certainly lockout the
-    targeted account!
-
-Selecting a User
-----------------
-
-Individual users are selected with the ``--user`` argument. This argument can be passed multiple times to test multiple
-users in one go. To use the default dictionary to test the root and bob users, you would issue a command like:
-
-.. code-block:: bash
-
-    bruteforce -u root -u bob
-
-User names are automatically tab-completed at the pwncat prompt for your victim host.
-
-Selecting a Wordlist
---------------------
-
-Word lists are specified with the ``--dictionary`` parameter. This parameter is a path to a file on your attacking
-host which contains a list of passwords to attempt for the selected users. If a correct password is found, it is stored
-in the databaase, and the search is aborted for that user. To select a custom database, you would issue a command like:
-
-.. code-block:: bash
-
-    bruteforce -d /opt/my-favorite-repo/my-favorite-wordlist.txt -u root
-

docs/source/commands/busybox.rst

@@ -1,79 +0,0 @@
-Busybox
-=======
-
-pwncat works by try as much as possible not to depend on specific binaries on the remote system. It does this
-most of the time by selecting an unidentified existing binary from the GTFOBins database in order to perform a
-generic capability (e.g. file read, file write or shell). However, sometimes a critical binary is missing on the
-target host which has been removed (either maliciously or never installed). In these situations, obtaining a stable
-version of all basic binaries is very helpful. To this end, pwncat has the capability to automatically upload a
-copy of the ``busybox`` program to the remote host.
-
-The ``busybox`` command manages the installation, status, and removal of the installed busybox. Installing busybox lets
-pwncat know that it has a list of standard binaries with known good interfaces easily accessible. The ``busybox``
-command also understands how to locate a ``busybox`` binary precompiled for the victim architecture and upload it
-through the existing C2 channel. The new busybox installation will be installed in a temporary directory, and any
-further automated tools within pwncat will use it's implementation of common unix tools.
-
-Installation
-------------
-
-To install busybox on the remote victim, you can use the ``--install`` option to the ``busybox`` command. This will
-first check for an existing, distribution specific, installation on the remote host. If the ``busybox`` command exists,
-it will utilize that vice installing a new copy. If it doesn't, it will begin proxying a connection to the official
-busybox servers to upload a busybox binary specific to the victim architecture.
-
-After installation, pwncat will examine the endpoints provided by busybox, and remove any that are provided SUID by
-the remote system. This prevents pwncat from replacing the real ``su`` binary with ``busybox su`` in it's database.
-
-.. code-block::
-
-    (local) pwncat$ busybox --install
-    uploading busybox for x86_64
-     100.0% [==================================================>] 1066640/1066640 eta [00:00]
-    [+] uploaded busybox to /tmp/busyboxIu1gu
-    [+] pruned 164 setuid entries
-    (local) pwncat$
-
-Status and Applet List
-----------------------
-
-To check if busybox has been installed and is known by pwncat (for example from a previous session), you can use the
-``--status`` option. This is the default action, and can be accessed by passing no parameters to ``busybox``:
-
-.. code-block:: bash
-
-    (local) pwncat$ busybox
-    [+] busybox is installed to: /tmp/busyboxIu1gu
-    [+] busybox provides 232 applets
-    (local) pwncat$
-
-If you would like to see a list of binaries which busybox is currently providing for pwncat, you can use the ``--list``
-option. This is normally a large list (232 lines in this case), but it is provided for completeness sake.
-
-.. code-block:: bash
-
-    (local) pwncat$ busybox --list
-    [+] binaries which the remote busybox provides:
-     * [
-     * [[
-     * acpid
-     * add-shell
-     * addgroup
-     * adduser
-     * adjtimex
-    ... removed for brevity ...
-
-Removing Busybox
-----------------
-
-Busybox is tracked by pwncat as a remote tamper. This means that the ``tamper`` command will show that you have
-installed busybox, and ``busybox`` can be uninstalled using the ``tamper`` command:
-
-.. code-block::
-
-    (local) pwncat$ tamper
-     0 - installed busybox to /tmp/busyboxIu1gu
-    (local) pwncat$ tamper -r -t 0
-    (local) pwncat$ busybox --status
-    [!] busybox hasn't been installed yet
-    (local) pwncat$

docs/source/commands/index.rst

@@ -7,8 +7,6 @@ Command index
     alias.rst
     back.rst
     bind.rst
-    bruteforce.rst
-    busybox.rst
     connect.rst
     download.rst
     escalate.rst