Merge pull request #196 from calebstewart/gtfobins-restrict-streams

Forced Stream.RAW for gtfobins interactions
2024-11-24 01:25:37 +01:00 · 2021-09-19 02:24:19 -04:00 · 2021-09-19 02:24:19 -04:00 · 676abe04d7
commit 676abe04d7
parent faec8be275 61999054c3
5 changed files with 16 additions and 7 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -18,6 +18,7 @@ and simply didn't have the time to go back and retroactively create one.
 - Fixed docstrings in `Command` modules
 - Changed docker base image to `python3.9-alpine` to fix python version issues.
 - Added logic for calling correct paramiko method when reloading an encrypted SSH privat ekey ([#185](https://github.com/calebstewart/issues/185)).
 - Forced `Stream.RAW` for all GTFOBins interaction ([#195](https://github.com/calebstewart/issues/195)).
 ### Added
 - Added alternatives to `bash` to be used during _shell upgrade_ for a _better shell_
 - Added a warning message when a `KeyboardInterrupt` is caught
--- a/pwncat/modules/linux/enumerate/file/suid.py
+++ b/pwncat/modules/linux/enumerate/file/suid.py
@ -5,6 +5,7 @@ import rich.markup
 import pwncat
 from pwncat.db import Fact
 from pwncat.gtfobins import Stream
 from pwncat.facts.ability import build_gtfo_ability
 from pwncat.platform.linux import Linux
 from pwncat.modules.enumerate import Schedule, EnumerateModule
@ -70,7 +71,9 @@ class Module(EnumerateModule):
                        build_gtfo_ability(
                            self.name, uid, method, source_uid=None, suid=True
                        )
-                        for method in session.platform.gtfo.iter_binary(path)
+                        for method in session.platform.gtfo.iter_binary(
                            path, stream=Stream.RAW
                        )
                    )
        finally:
            proc.wait()
--- a/pwncat/modules/linux/enumerate/software/sudo/cve_2019_14287.py
+++ b/pwncat/modules/linux/enumerate/software/sudo/cve_2019_14287.py
@ -3,7 +3,7 @@ from packaging import version
 import pwncat
 from pwncat.facts import build_gtfo_ability
-from pwncat.gtfobins import Capability
+from pwncat.gtfobins import Stream, Capability
 from pwncat.platform.linux import Linux
 from pwncat.modules.enumerate import Schedule, EnumerateModule
@ -64,7 +64,7 @@ class Module(EnumerateModule):
            if "ALL" in userlist and "!root" in userlist:
                for command in rule.commands:
                    for method in session.platform.gtfo.iter_sudo(
-                        command, caps=Capability.ALL
+                        command, caps=Capability.ALL, stream=Stream.RAW
                    ):
                        # Build a generic GTFObins capability
                        yield build_gtfo_ability(
--- a/pwncat/modules/linux/enumerate/software/sudo/rules.py
+++ b/pwncat/modules/linux/enumerate/software/sudo/rules.py
@ -6,6 +6,7 @@ import rich.markup
 from pwncat.db import Fact
 from pwncat.facts import build_gtfo_ability
 from pwncat.gtfobins import Stream
 from pwncat.platform.linux import Linux
 from pwncat.modules.enumerate import Schedule, EnumerateModule
@ -238,7 +239,9 @@ class Module(EnumerateModule):
                                source_uid=user.id,
                                user=runas_user.name,
                            )
-                            for method in session.platform.gtfo.iter_sudo(spec)
+                            for method in session.platform.gtfo.iter_sudo(
                                spec, stream=Stream.RAW
                            )
                        )
                return
@ -304,5 +307,7 @@ class Module(EnumerateModule):
                        user=user.name,
                        source_uid=current_user.id,
                    )
-                    for method in session.platform.gtfo.iter_sudo(spec)
+                    for method in session.platform.gtfo.iter_sudo(
                        spec, stream=Stream.RAW
                    )
                )
--- a/pwncat/platform/linux.py
+++ b/pwncat/platform/linux.py
@ -1274,7 +1274,7 @@ class Linux(Platform):
        if "w" in mode:
            for method in self.gtfo.iter_methods(
-                caps=Capability.WRITE, stream=Stream.PRINT | Stream.RAW
+                caps=Capability.WRITE, stream=Stream.RAW
            ):
                try:
                    payload, input_data, exit_cmd = method.build(
@ -1303,7 +1303,7 @@ class Linux(Platform):
            )
        else:
            for method in self.gtfo.iter_methods(
-                caps=Capability.READ, stream=Stream.PRINT | Stream.RAW
+                caps=Capability.READ, stream=Stream.RAW
            ):
                try:
                    payload, input_data, exit_cmd = method.build(