From 61999054c3a75d23a2c6c9a10636e81dfa15bdaf Mon Sep 17 00:00:00 2001 From: Caleb Stewart Date: Sun, 19 Sep 2021 02:21:42 -0400 Subject: [PATCH] Forced Stream.RAW for gtfobins interactions --- CHANGELOG.md | 1 + pwncat/modules/linux/enumerate/file/suid.py | 5 ++++- .../linux/enumerate/software/sudo/cve_2019_14287.py | 4 ++-- pwncat/modules/linux/enumerate/software/sudo/rules.py | 9 +++++++-- pwncat/platform/linux.py | 4 ++-- 5 files changed, 16 insertions(+), 7 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5004cbe..0916400 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -18,6 +18,7 @@ and simply didn't have the time to go back and retroactively create one. - Fixed docstrings in `Command` modules - Changed docker base image to `python3.9-alpine` to fix python version issues. - Added logic for calling correct paramiko method when reloading an encrypted SSH privat ekey ([#185](https://github.com/calebstewart/issues/185)). +- Forced `Stream.RAW` for all GTFOBins interaction ([#195](https://github.com/calebstewart/issues/195)). ### Added - Added alternatives to `bash` to be used during _shell upgrade_ for a _better shell_ - Added a warning message when a `KeyboardInterrupt` is caught diff --git a/pwncat/modules/linux/enumerate/file/suid.py b/pwncat/modules/linux/enumerate/file/suid.py index 431e4fc..3b3d4ac 100644 --- a/pwncat/modules/linux/enumerate/file/suid.py +++ b/pwncat/modules/linux/enumerate/file/suid.py @@ -5,6 +5,7 @@ import rich.markup import pwncat from pwncat.db import Fact +from pwncat.gtfobins import Stream from pwncat.facts.ability import build_gtfo_ability from pwncat.platform.linux import Linux from pwncat.modules.enumerate import Schedule, EnumerateModule @@ -70,7 +71,9 @@ class Module(EnumerateModule): build_gtfo_ability( self.name, uid, method, source_uid=None, suid=True ) - for method in session.platform.gtfo.iter_binary(path) + for method in session.platform.gtfo.iter_binary( + path, stream=Stream.RAW + ) ) finally: proc.wait() diff --git a/pwncat/modules/linux/enumerate/software/sudo/cve_2019_14287.py b/pwncat/modules/linux/enumerate/software/sudo/cve_2019_14287.py index 74c344c..700e227 100644 --- a/pwncat/modules/linux/enumerate/software/sudo/cve_2019_14287.py +++ b/pwncat/modules/linux/enumerate/software/sudo/cve_2019_14287.py @@ -3,7 +3,7 @@ from packaging import version import pwncat from pwncat.facts import build_gtfo_ability -from pwncat.gtfobins import Capability +from pwncat.gtfobins import Stream, Capability from pwncat.platform.linux import Linux from pwncat.modules.enumerate import Schedule, EnumerateModule @@ -64,7 +64,7 @@ class Module(EnumerateModule): if "ALL" in userlist and "!root" in userlist: for command in rule.commands: for method in session.platform.gtfo.iter_sudo( - command, caps=Capability.ALL + command, caps=Capability.ALL, stream=Stream.RAW ): # Build a generic GTFObins capability yield build_gtfo_ability( diff --git a/pwncat/modules/linux/enumerate/software/sudo/rules.py b/pwncat/modules/linux/enumerate/software/sudo/rules.py index 7774dc8..8337397 100644 --- a/pwncat/modules/linux/enumerate/software/sudo/rules.py +++ b/pwncat/modules/linux/enumerate/software/sudo/rules.py @@ -6,6 +6,7 @@ import rich.markup from pwncat.db import Fact from pwncat.facts import build_gtfo_ability +from pwncat.gtfobins import Stream from pwncat.platform.linux import Linux from pwncat.modules.enumerate import Schedule, EnumerateModule @@ -238,7 +239,9 @@ class Module(EnumerateModule): source_uid=user.id, user=runas_user.name, ) - for method in session.platform.gtfo.iter_sudo(spec) + for method in session.platform.gtfo.iter_sudo( + spec, stream=Stream.RAW + ) ) return @@ -304,5 +307,7 @@ class Module(EnumerateModule): user=user.name, source_uid=current_user.id, ) - for method in session.platform.gtfo.iter_sudo(spec) + for method in session.platform.gtfo.iter_sudo( + spec, stream=Stream.RAW + ) ) diff --git a/pwncat/platform/linux.py b/pwncat/platform/linux.py index 79af492..8ed1daf 100644 --- a/pwncat/platform/linux.py +++ b/pwncat/platform/linux.py @@ -1274,7 +1274,7 @@ class Linux(Platform): if "w" in mode: for method in self.gtfo.iter_methods( - caps=Capability.WRITE, stream=Stream.PRINT | Stream.RAW + caps=Capability.WRITE, stream=Stream.RAW ): try: payload, input_data, exit_cmd = method.build( @@ -1303,7 +1303,7 @@ class Linux(Platform): ) else: for method in self.gtfo.iter_methods( - caps=Capability.READ, stream=Stream.PRINT | Stream.RAW + caps=Capability.READ, stream=Stream.RAW ): try: payload, input_data, exit_cmd = method.build(