Saverr/pwncat
1
0
Fork 0
mirror of https://github.com/calebstewart/pwncat.git synced 2024-11-24 01:25:37 +01:00
Code Projects Releases Wiki Activity

Merge pull request #196 from calebstewart/gtfobins-restrict-streams

Browse Source 
Forced Stream.RAW for gtfobins interactions
This commit is contained in:
Caleb Stewart 2021-09-19 02:24:19 -04:00 committed by GitHub
commit 676abe04d7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 16 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -18,6 +18,7 @@ and simply didn't have the time to go back and retroactively create one.
- Fixed docstrings in `Command` modules
- Changed docker base image to `python3.9-alpine` to fix python version issues.
- Added logic for calling correct paramiko method when reloading an encrypted SSH privat ekey ([#185](https://github.com/calebstewart/issues/185)).
- Forced `Stream.RAW` for all GTFOBins interaction ([#195](https://github.com/calebstewart/issues/195)).
### Added
- Added alternatives to `bash` to be used during _shell upgrade_ for a _better shell_
- Added a warning message when a `KeyboardInterrupt` is caught

5
pwncat/modules/linux/enumerate/file/suid.py
View File

@ -5,6 +5,7 @@ import rich.markup
import pwncat
from pwncat.db import Fact
from pwncat.gtfobins import Stream
from pwncat.facts.ability import build_gtfo_ability
from pwncat.platform.linux import Linux
from pwncat.modules.enumerate import Schedule, EnumerateModule
@ -70,7 +71,9 @@ class Module(EnumerateModule):
build_gtfo_ability(
self.name, uid, method, source_uid=None, suid=True
)
for method in session.platform.gtfo.iter_binary(path)
for method in session.platform.gtfo.iter_binary(
path, stream=Stream.RAW
)
)
finally:
proc.wait()

4
pwncat/modules/linux/enumerate/software/sudo/cve_2019_14287.py
View File

@ -3,7 +3,7 @@ from packaging import version
import pwncat
from pwncat.facts import build_gtfo_ability
from pwncat.gtfobins import Capability
from pwncat.gtfobins import Stream, Capability
from pwncat.platform.linux import Linux
from pwncat.modules.enumerate import Schedule, EnumerateModule
@ -64,7 +64,7 @@ class Module(EnumerateModule):
if "ALL" in userlist and "!root" in userlist:
for command in rule.commands:
for method in session.platform.gtfo.iter_sudo(
command, caps=Capability.ALL
command, caps=Capability.ALL, stream=Stream.RAW
):
# Build a generic GTFObins capability
yield build_gtfo_ability(

9
pwncat/modules/linux/enumerate/software/sudo/rules.py
View File

@ -6,6 +6,7 @@ import rich.markup
from pwncat.db import Fact
from pwncat.facts import build_gtfo_ability
from pwncat.gtfobins import Stream
from pwncat.platform.linux import Linux
from pwncat.modules.enumerate import Schedule, EnumerateModule
@ -238,7 +239,9 @@ class Module(EnumerateModule):
source_uid=user.id,
user=runas_user.name,
)
for method in session.platform.gtfo.iter_sudo(spec)
for method in session.platform.gtfo.iter_sudo(
spec, stream=Stream.RAW
)
)
return
@ -304,5 +307,7 @@ class Module(EnumerateModule):
user=user.name,
source_uid=current_user.id,
)
for method in session.platform.gtfo.iter_sudo(spec)
for method in session.platform.gtfo.iter_sudo(
spec, stream=Stream.RAW
)
)

4
pwncat/platform/linux.py
View File

@ -1274,7 +1274,7 @@ class Linux(Platform):
if "w" in mode:
for method in self.gtfo.iter_methods(
caps=Capability.WRITE, stream=Stream.PRINT | Stream.RAW
caps=Capability.WRITE, stream=Stream.RAW
):
try:
payload, input_data, exit_cmd = method.build(
@ -1303,7 +1303,7 @@ class Linux(Platform):
)
else:
for method in self.gtfo.iter_methods(
caps=Capability.READ, stream=Stream.PRINT | Stream.RAW
caps=Capability.READ, stream=Stream.RAW
):
try:
payload, input_data, exit_cmd = method.build(