1
0
mirror of https://github.com/calebstewart/pwncat.git synced 2024-11-27 19:04:15 +01:00

Added id properties carver

This commit is contained in:
John Hammond 2020-05-10 00:37:50 -04:00
parent ec2711a086
commit 72ba1b093b

View File

@ -24,6 +24,7 @@ import enum
import shlex import shlex
import sys import sys
import os import os
import re
from pwncat import util from pwncat import util
from pwncat import downloader, uploader, privesc from pwncat import downloader, uploader, privesc
@ -790,6 +791,7 @@ class PtyHandler:
""" Reset the remote terminal (calls sync, reset, and sets PS1) """ """ Reset the remote terminal (calls sync, reset, and sets PS1) """
self.reset() self.reset()
self.do_sync([]) self.do_sync([])
print(self.id())
def run(self, cmd, wait=True, input: bytes = b"") -> bytes: def run(self, cmd, wait=True, input: bytes = b"") -> bytes:
""" Run a command in the context of the remote host and return the """ Run a command in the context of the remote host and return the
@ -891,6 +893,7 @@ class PtyHandler:
# Enter raw mode w/ no echo on the remote terminal # Enter raw mode w/ no echo on the remote terminal
# DANGER # DANGER
self.raw(echo=False) self.raw(echo=False)
self.run("echo") # restabilize the shell to get output
self.client.sendall(command + b"\n") self.client.sendall(command + b"\n")
self.recvuntil(sdelim) self.recvuntil(sdelim)
@ -979,6 +982,37 @@ class PtyHandler:
result = self.run("whoami") result = self.run("whoami")
return result.strip().decode("utf-8") return result.strip().decode("utf-8")
@property
def id(self):
id_output = self.run("id")
pieces = id_output.split(" ").decode("utf-8")
props = {}
for p in pieces:
segments = p.split("=")
props[segments[0]] = segments[1]
id_properties = {}
for key, value in props.items():
if key == "groups":
groups = []
for group in value.split(","):
p = group.split("(")
groups.append({"id": int(p[0]), "name": p[1].split(")")[0]})
id_properties["groups"] = groups
else:
p = value.split("(")
id_properties[key] = {"id": int(p[0]), "name": p[1].split(")")[0]}
if "euid" not in id_properties:
id_properties["euid"] = id_properties["uid"]
if "egid" not in id_properties:
id_properties["egid"] = id_properties["gid"]
return id_properties
def reload_users(self): def reload_users(self):
""" Clear user cache and reload it """ """ Clear user cache and reload it """
self.known_users = None self.known_users = None