Saverr/pwncat
1
0
Fork 0
mirror of https://github.com/calebstewart/pwncat.git synced 2024-11-27 19:04:15 +01:00
Code Projects Releases Wiki Activity

Added support for domain users for ssh connections

Browse Source
This commit is contained in:
Caleb Stewart 2021-02-06 14:20:30 -05:00
parent 82207c9405
commit c5e5be8e97
2 changed files with 14 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pwncat/commands/connect.py
View File

@ -84,7 +84,7 @@ class Command(CommandDefinition):
} }
LOCAL = True LOCAL = True
CONNECTION_PATTERN = re.compile( CONNECTION_PATTERN = re.compile(
r"""^(?P<protocol>[-a-zA-Z0-9_]*://)?((?P<user>[^:@]*)?(?P<password>:(\\@|[^@])*)?@)?(?P<host>[^:]*)?(?P<port>:[0-9]*)?$""" r"""^(?P<protocol>[-a-zA-Z0-9_]*://)?((?P<user>[^:]*)?(?P<password>:(\\@|[^@])*)?@)?(?P<host>[^:]*)?(?P<port>:[0-9]*)?$"""
) )
def run(self, args): def run(self, args):

22
pwncat/remote/victim.py
View File

@ -48,7 +48,7 @@ def remove_busybox_tamper():
class Victim: class Victim:
""" Abstracts interaction with the remote victim host. """ Abstracts interaction with the remote victim host.
:param config: the machine configuration object :param config: the machine configuration object
:type config: pwncat.config.Config :type config: pwncat.config.Config
:param state: the current interpreter state :param state: the current interpreter state
@ -167,7 +167,7 @@ class Victim:
the ``host`` table in the database directly. This hash uniquely identifies a host the ``host`` table in the database directly. This hash uniquely identifies a host
even if it's IP changes from your perspective. It is constructed from host-specific even if it's IP changes from your perspective. It is constructed from host-specific
information probed from the last time ``pwncat`` connected to it. information probed from the last time ``pwncat`` connected to it.
:param hostid: the unique host hash generated from the last pwncat session :param hostid: the unique host hash generated from the last pwncat session
:param requested_method: the persistence method to utilize for reconnection, if not specified, :param requested_method: the persistence method to utilize for reconnection, if not specified,
all methods will be tried in order until one works. all methods will be tried in order until one works.
@ -229,7 +229,7 @@ class Victim:
of a shell. The remote host will be interrogated to figure out the remote shell of a shell. The remote host will be interrogated to figure out the remote shell
type, system type, etc. It will then cross-reference the database to identify type, system type, etc. It will then cross-reference the database to identify
if we have seen this host before, and load relevant data for this host. if we have seen this host before, and load relevant data for this host.
:param client: the client socket connection :param client: the client socket connection
:type client: socket.SocketType :type client: socket.SocketType
:return: None :return: None
@ -432,12 +432,12 @@ class Victim:
""" Utilize the architecture we grabbed from `uname -m` to download a """ Utilize the architecture we grabbed from `uname -m` to download a
precompiled busybox binary and upload it to the remote machine. This precompiled busybox binary and upload it to the remote machine. This
makes uploading/downloading and dependency tracking easier. It also makes uploading/downloading and dependency tracking easier. It also
makes file upload/download safer, since we have a known good set of makes file upload/download safer, since we have a known good set of
commands we can run (rather than relying on GTFObins) commands we can run (rather than relying on GTFObins)
After installation, busybox version of all non-SUID binaries will be After installation, busybox version of all non-SUID binaries will be
returned from ``victim.which`` vice local versions. returned from ``victim.which`` vice local versions.
:param url: a base url for compiled versions of busybox :param url: a base url for compiled versions of busybox
""" """
@ -2017,11 +2017,15 @@ class Victim:
for _ in range(5): for _ in range(5):
try: try:
id_output = self.run("id").decode("utf-8") id_output = self.run("id").decode("utf-8")
pieces = id_output.split(" ") pieces = id_output.split(") ")
props = {} props = {}
for p in pieces: for p in pieces:
segments = p.split("=") segments = p.split("=")
props[segments[0]] = segments[1] try:
props[segments[0]] = segments[1] + ")"
except IndexError:
console.log(segments)
continue
id_properties = {} id_properties = {}
for key, value in props.items(): for key, value in props.items():
@ -2210,7 +2214,7 @@ class Victim:
Retrieve the database User object for the current user. This will Retrieve the database User object for the current user. This will
call ``victim.whoami()`` to retrieve the current user and cross-reference call ``victim.whoami()`` to retrieve the current user and cross-reference
with the local user database. with the local user database.
:return: pwncat.db.User :return: pwncat.db.User
""" """
name = self.whoami() name = self.whoami()