From e939490d93541f4f75924eaa1d4d90b93fe59ef3 Mon Sep 17 00:00:00 2001 From: John Hammond Date: Thu, 7 May 2020 16:29:07 -0400 Subject: [PATCH] Forced reset of PS1 after invoking the PTY. Set dim colors for status and a success message --- .gitignore | 2 ++ dist/pwncat-0.1-py2.7.egg | Bin 0 -> 9357 bytes pwncat/pty.py | 10 ++++++++-- pwncat/util.py | 25 +++++++++++++++++-------- 4 files changed, 27 insertions(+), 10 deletions(-) create mode 100644 dist/pwncat-0.1-py2.7.egg diff --git a/.gitignore b/.gitignore index 083cba0..f541b2d 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,5 @@ env/ **/*.pyc **/__pycache__/ **/*.egg-info/ +build/ +dist/ diff --git a/dist/pwncat-0.1-py2.7.egg b/dist/pwncat-0.1-py2.7.egg new file mode 100644 index 0000000000000000000000000000000000000000..7b3d37441da95a9ca46464d235170f2e025ae752 GIT binary patch literal 9357 zcmZ`<1ymf%w#6NSy9al7cXxO9;O-8A;2t0ZcL?r2xVt;S-JMU~`|sY|{P%0tnVw!V zd)Gd-dQSH`wH2g6!BByKfS`bKYYG%dE_yLa-_LH}1L-|P#l>kQ<;3La6{P?DK{R?8 zrkep#^zI?zA%M*_J#$}3p_K5@^J}y$VNARX?Q7f3;%Fx?jE=&Q_rVkT~+f{r~s>s^2o%? z_w6Z2Jj^?CaC`?^;UAg7mr!5(y=Mdq3%I{yn9DK|DwJvJ^GMK4D;L_k zhl*looR(sec5r-raExY?N}g_9hH`M@Pu=M1L=n*MWRUNH{yV9&oxQ$|sjI2YuXL&Z zC2{jl@b63ZkE_?y(w^4I(9HB7%XC*=pzuBe5Xi5$_ksK#_HMSuhR*c*`j)nq&ieXv z_8y>rWX)C8)NS_u%h2~g`L76Lp@JLO65g1V69}p4%c~Fut zG1Mc_&v{cL8K^ILi6dLcZ5bo2Q!uMAur=^<>u*-am@ReuXwJE z&bs8qqvFM_`(ph06PjnWyZkhNl%Ol2fRmbNNzAr=cT`p`{;r*3RAcBpeH3{N?c8BC zYosWl80Xo~T(Ygz02sD)@sjk=3&gc{o)W8ZtkT#~h>c*v7bA}Z?-~c@3=3q-ck$Nf zW=;&IMAp&OUjb9=fkd?v@aqc$|~!){2lt zZafbhI4#D8r#}#jDCmnC6Oy^&5fv03u9n>-rN-&~)@2!j{A!yT%;OOY-^yror*y_v zt8@j8@PRZmYA)#Kem-uwMM2tzEqF{(>G$}7HenjSEC48C-%c!?Kkn4a<&JK}C-k6VJA8pNjqKKXC z=)|d4=VB>n?=Z387HB&R8^Q1-6oxK0ISHirZao<4^{ zwW=YzmqWL$3tKC(32L9^n(CbGt#2JAywKXWP4P9xrAQLJNgShX7z~n6s^_ZKqtSpS zc|$jD6o~oaLx^}gwKU7|SK`yzjh$_iTc~34p7uQ3oTM8Kktm1=e@ zQtE;_lGp#4Y*A3d%EIl*^t%y*ZTye!62P~ugtdKOEYH|Sq^5O`w(2x*#_bTO$j%+$ z{v_a=7}if)e!LFjWZIPyi2`<{pTrY-y%_-J+;bT%3qB#fE}n6Ex|R6Jnb)to$Hty- z_6=Mwt#-t0g29GozLK72iY$TdS{B#ljdZCZ$&fbE@zRP3IdK$8!B+69<+JTsQ;w*< z=QdoWehRxqLTj;~9d#Ooe-7W8OidfAF_m?g&d~P3wtuap z;YO*7*>3rK3Sla=%c^_1i}+QJ1u8RuzCQ*cN8j7soAf)2?#F!Xf%T0W^Eb`;#fA@l z@#Q!OeH8eUyYYc_imLGD?h4Cst;U|*r@kwu@Gjg5lcazYnX^ND7W~s&z_mKzw#9ss zu^cO@N*&L#RF`P(&|GGwbpYSR2(VTY%vl3@k15q{N~+gecZxB2KXf%?KB=&>xYRbB zMl@Tcuf8sSUTW_ZX;Yu!!`f~I^sXBOrV;+NdnL#8m*it=#7PMee-UlPXnclS*a*_& zMDmmRWhNUbx?0r?wkV=QOG%~fd&F;E3>aM1cU=z;s2CP*$!mx5Uaoyk<}yOJxMNSk5^7kJsWM0;c>pYP zym%6#{wstsl>V0DH#e8L@Ec3DLrtWpQ;S8(f=#?4FK(FDW?Noje*E!AvUbo`*~&ar z$8aBmZoMlp6F4U)9>}~Z!MT&2Id*o+59d}!vdwaUg!bpq>0XcrIb}I&31wls*n-`8 z;ja*5c~6v8`x~w(kNSV#;eJ&-WxNj(*@!?uqs%}+??vxFrQ6=wW(`YKj$Z>aLCcsEECzPxR|mgrtaoKWN~yqsPm`GYSrhu;I!~_XmrO$LG6%LVjJ}SMS%K#^wNq znsl@NP)|ZlrHe+0t}5(%sv~$5aG&yfB_QEe2`qs?_XLh{_C{uCD14;q92={gLPe-h zh9y%SJ=u1VEb@j9J>OQ~-TLcTjabQ~q&jvZe7`N|Wxkqieq=G2j~K@!KT8vG2A$3< z!g3M^1SJ>R%&!aAo>A6?H2aRa{clR zo0?zjSiU5G+i~G8fXm*UWuiWhG*E3tSOjm(*MX`3Qj-(PFWEVC4lI_~YTzLKLzpBz zK=O6cUen1m?it#fe8N;Z?$X}eF(SXb)-B6mCvk}L zNQy>Sk=qX+l`DfX>4VE474c!K=!h9c8izXX{Ds|Jfz>u@E~>;?I%negu51m%Y?KBH zw%~3H&}T!t(DT#26mqVA0_QT?uqEr{vVgl2eX0?mNul74`fy01X5eyR=B>@jV_`{= z7J}T0b0XGygd+^9*o^ye_9x29wz?;KO!QyP6 znHy20lWN^vuLs!lhfgCff!4f**=0OH==$%zdb&PmVjN!&Ea~XnAoE->olvA?A_Z%X zrc9klpeFxVsfl~3qu~^pW$E_lam`k^p+FW@iEK^|r}!jJ@^8 z^Dl{j2~0J(pc-?$7X4Zv(ja#LW#!WL@LoaG;b^1=aU#kfOVv!Jgw^ zsQiVcVjC&l){2hyrktU)QE7uKUjUKJj7r-~g>8Uq6ed&Oq_%0Jy=$TE>F~|>a)5I) zxlYA+v?GGVHV+cZxH~Emuoz2A65bKk-Cmc;*WDbUa*XUPYDspfQ|7=uV?-E#3I^dS zC9q?5S{j|}pad3NGXllnq(=dP_~Ja{5bmOkMxUA~`czJ4>trfl?habjj7k_&^qpA6 zajF-Su0r`mfq2`?AK!Umbk_$q$@CJc5Bh5|%@&oMK!8b>w)T1Fbx0eERHrXyjhn8A4jUQ`KC1sP2^|qR%23Sq7dA4|0t+i z>oi51o}A%8F6QLs1*@T&j!P*>zikpAws2wJ0ma00Z9O+rVZwNZhISW}0#?yN!giwH zH9dxXY%|l?u6YY)t$9@@HAydFP>IUaLxWnT%ce$0$&Nfwm{Z)tO2Ur_-7^+Kr9hmo1I<6JTy3z zxc{{n(saSh*9l>&lKO<&44(v5I|KBxchAt_8>lZX8~XHN?4~r=ocbmr*=!=uqZrt4i%D?Nij} zFO)nskFsfz9J9<5uZ;=MV%xFeBMNse5k_H}{rk!iD@fl;UHxlhW|Of6b@XOjEFV>l z?=fYNgvZhO9OBJGw{sH`XtDaPEYgilU*I|{7izF&MN+u5*mS)+qv_wAB1DC*1#C;& zdRd64!xfC{Yd@K^P%D+!BBE-4%-6c+=_W@q0(Hp%U;!vZ65WjQlik4qGG079mAj+J zu6Ge)-uC2IRfV@xQ&J%qeU{k0*j=>UZQI8AK6>IH{ljAkCPYl<5ysYGJ>u;FR1+bf zbrI>U_{N|Ec$(*}xW-u_DgzUYeaF@Sq#iPNgVERdZ64zZ-WcG} z;YK~ow)wA81wV`zHX43*A2pF5E@17;nvRsOPAAKalY+3Su*hcd*+UesoY3W~;Gdg; zrVS$dh_fdF?2R~j3}8N!AoZvT5ECxSSsn8g%h2IUy?8D1+=2`L5YuOeh$&*kG}r*p zKb2m#*x@gTvDhq13>B(lkMtu>Lb*g1GEd2NYricwDW*3JzoMD?fnLRrwqjbpFU6M2kQ*4oswK5cE+KjS zs71EiS*2fS5jEMoBxPz8%@gCt%J&?L#I3 zTuY{!4sS{%eKr5FhSj9UtjgkQ8Sa|kQ7WhpA~)TNh=2y#dZ5uVmmQ-N3hmXeH`9R7kBW*$Sz=omwK{}agCV}6lY)j zu*U3QZmc2UXq*c5$|wm~G>K!|xJ)PuadoOjWM{NGHZ~@*PQ@LFAWf1uBD8Q-u0Y8~ za~>z8q1R2@r$xaNyM9(b)Nu5Gor(Ll{{G^)?I1jEo?ZfJNa!4_^h@Q*u5UZAA4!b| zFgh3?YtM7h$NI|J zw-B6Y!dk^s%R&96J#@>F({JGmD6`0#`Q!9JZ_vy2spDif&+SbgFgB24aNFs3Eb1Rm?_HZ&^g!$~?qs+&v`D>MA zEz?eIi47tO6JWS>7Tt!XH<0QFlbKuw0?XxIRgC9zmr+D0d^SLZUGx3(1-+mkWf*-t zS5R}}9>|kiuuw zLEqTdS8;=ViO*HqAor>HF=epK|AY=%f=VHRL%ct%2o`?G`Z;C*2CR0(-0|V_fw4MC zkq6PLa{u`)CxF$2AC4YNVXtw^j=`cjzv$W_eJzY1+xF+dW4IG-iFlDPTWtdcwhGUr zKRrNcQD=!&;*o+(bJFJ3*)3qu5vk2NH|&NT;#Ew4?aBK}`ugH>_~dL4qXD!qifw6A zebSlf^5dMukJQNFfK%RlqGU{4!oZ1Ml2Qk8U`L`kS9ixQ43Z!mMZJ<7}W^(VvWIFyKCg(ftHLbAboJ56}h^FZTo} z(M<9gQ3?b|pt7d3Lc0$X93!rLM9r^p2i>v3j+4W}*Vj?>BMM$ukEYDZ)?YV-v()8L z9;FxVLsQe=(7h<(T(f$9@{;u*;KJ=j3|~&JkKPUa>Lo0~>6oO4no-C(uU;0tKohg) z=)E-fsMpFmCB_rp55(ScsM&wlNW;0t;tJxlOk35qTmh%nLsSAqY8lZbw=l=DhT#5< zxh-7K5GbA&#wEpY!>q3k+mUWs^Nq_$pjftSur?`!-(7yE7Z&BPLjmEH;Gew=(WLwI zp7)mb;d>t);qP9Ci?gN8do!a~L*Hq+5y@}9P$1P(n5@=j-SqK$@lutG<5sb;F0C#z zdwnQq+;>1Ihz3x#+)YzfTMH0We0;`EHgl4>3G#yOan?GW>&@frf!N@*XqP;eAIYp- zCD>b4igXp3r#hOqWP}T89$Ag7YIUj(ddAS|4GGyttz>6KCh69x=0j>Sg0wPDx?&>& z^O~%)g$_2EgP25f(gen?y5j8GGO0ZM)YHo`v1k%Dqh?|n?e@)L^c)pddC`123rja; zMHtEX+O<~X_?wj)JxMX)XsA?()wRzwff8g%+kJS1N!7&GpAW`5c9RA z(Pm5A@>T3d8|4TGY%nKEs3H>&h0c}ZtP14)Qzu;};)!~dnDRp#0-0NmZHib=_Y9l^ z`xCM!w+85}Kw9oATbAb_p_VFjyR|+fZsB{u_ZEP}oP`mxWhkz5H{TZBX@*-bDumhPxv51|#O*yc8yfyn zf}-rpQaw;sc*F%SJAfoMl8{&>uJzE94{a9V0I-#1sK-fN--zsnv4fOeQRek^m~{i%u$Ev1AI6&cy9sszTz0z9gYLw2BuZG0n1Do)AU3d3 zvQQIpuw%Bmg68sYANA$fpDa3sH876BdkEx%p;u2 zpr2%CbJY4hg@;!+D9DluutymgH;BIwYe*qxhwU5%woLTzJRgVM?UX;58+Q6iYvvD{ zaPK56@ zekPl(fSQk4B?)N_vp`%k?HLDgZ^xa8=jUcdz$%-IxdY`BzfsZdxP|PTS|1VuMZBvs z%r^>?f$!mKyISThI$d>v%$-061dAgy$9Bq)#oH#-4QMQMA0~Ezmvl)Np3|~H6bp#Q zB4kmwN;A4hs!90UG#w?Z>G>7`8=x@gf#}Ed6k!

Y&$`iijvH}%e)>`Q!D+{Jwe(Xnv*#6v*VUXq49%4irsVGe(XB5Ws zl+kSS4*{+- zT=snn(2RpbDi-hp)VT_t_lRdxMWjf}pv675@f_>5pkKmY*Zbz>zlCl35LNJ{+5)j` zADcrnqgmH|%#<9z4d%EP>tFINyVEe`9yvv3&sbTg=|5@v#MPsuG8^5d0y1>yp=gW?@} zEA8JWYpgFWm!!+}$!_i9dE8^=?Q24w^m>+$PjD`G9|W6ALz4(E{Exj~(GG6EmDDjZ zlJppU`m)Cj<4ULz*BdivKu&yM&;QJIekg@uJ&s}ZP z^gU+$)yCi;Yu`xLU_#K2(}v(fcfQX^&l)=iln=MoXxnznm!+*0j{K@e9R{1Y?!GA_xK;*mO;4cCH&1>){)t^>_ zzo`a)r~1=)@F&fmc7nfYXx?|||5Eh3x!_NVKg|PwQw01@@eeD(pB%q0%r6hYe@0$F z`|lk8aTNRx|8ItZzv1Wa@c(Ns_#OYtfb*xl;BP$fyBXyF;*EbN_-{slzX_UtC-}=2 z@F)JyZMDDgrBHtf`1dB;pU^*_V*iG^y<1TJSNs1y(<(@VL;U(4?)`=IF3gPR*V+F7 DXOX*> literal 0 HcmV?d00001 diff --git a/pwncat/pty.py b/pwncat/pty.py index beedca0..02b2954 100644 --- a/pwncat/pty.py +++ b/pwncat/pty.py @@ -29,8 +29,8 @@ class PtyHandler: on the local end """ OPEN_METHODS = { - "script": "exec {} -qc /bin/sh /dev/null", - "python": "exec {} -c \"import pty; pty.spawn('/bin/sh')\"", + "script": "exec {} -qc /bin/bash /dev/null", + "python": "exec {} -c \"import pty; pty.spawn('/bin/bash')\"", } INTERESTING_BINARIES = [ @@ -115,9 +115,15 @@ class PtyHandler: raise RuntimeError("no available methods to spawn a pty!") # Open the PTY + util.info(f"opening pseudoterminal via {method}", overlay=True) client.sendall(method_cmd.encode("utf-8") + b"\n") + util.info("setting terminal prompt", overlay=True) + client.sendall(b'export PS1="(remote) \\u@\\h\\$ "\r') + self.recvuntil(b"\r\n") + self.recvuntil(b"\r\n") + # Make sure HISTFILE is unset in this PTY (it resets when a pty is # opened) self.run("unset HISTFILE") diff --git a/pwncat/util.py b/pwncat/util.py index 8b06288..edc12e8 100644 --- a/pwncat/util.py +++ b/pwncat/util.py @@ -3,7 +3,7 @@ from typing import Tuple, BinaryIO, Callable from http.server import BaseHTTPRequestHandler, HTTPServer from socketserver import TCPServer, BaseRequestHandler from functools import partial -from colorama import Fore +from colorama import Fore, Style from io import TextIOWrapper import socket import threading @@ -121,7 +121,8 @@ def enter_raw_mode(): returns: the old state of the terminal """ - info("setting terminal to raw mode and disabling echo") + info("setting terminal to raw mode and disabling echo", overlay=True) + success("pwncat is ready\n", overlay=True) # Ensure we don't have any weird buffering issues sys.stdout.flush() @@ -162,7 +163,7 @@ def enter_raw_mode(): def restore_terminal(state): """ restore the stdio state from the result of "enter_raw_mode" """ termios.tcsetattr(sys.stdin.fileno(), termios.TCSADRAIN, state[0]) - tty.setcbreak(sys.stdin) + # tty.setcbreak(sys.stdin) fcntl.fcntl(sys.stdin, fcntl.F_SETFL, state[1]) sys.stdout.write("\n") info("local terminal restored") @@ -268,10 +269,11 @@ def log(level, message, overlay=False): global LAST_PROG_ANIM prefix = { - "info": f"[{Fore.BLUE}+{Fore.RESET}] ", - "warn": f"[{Fore.YELLOW}?{Fore.RESET}] ", - "error": f"[{Fore.RED}!{Fore.RESET}] ", - "prog": f"[{Fore.CYAN}+{Fore.RESET}] ", + "info": f"[{Fore.BLUE}+{Fore.RESET}]", + "success": f"[{Fore.GREEN}+{Fore.RESET}]", + "warn": f"[{Fore.YELLOW}?{Fore.RESET}]", + "error": f"[{Fore.RED}!{Fore.RESET}]", + "prog": f"[{Fore.CYAN}+{Fore.RESET}]", } if overlay: @@ -283,7 +285,10 @@ def log(level, message, overlay=False): LAST_PROG_ANIM = (LAST_PROG_ANIM + 1) % len(PROG_ANIMATION) prefix["prog"] = prefix["prog"].replace("+", PROG_ANIMATION[LAST_PROG_ANIM]) - LAST_LOG_MESSAGE = (f"{prefix[level]} {message}", overlay) + LAST_LOG_MESSAGE = ( + f"{prefix[level]} {Style.DIM}{message}{Style.RESET_ALL}", + overlay, + ) sys.stdout.write(LAST_LOG_MESSAGE[0]) if not overlay: @@ -304,5 +309,9 @@ def error(message, overlay=False): log("error", message, overlay) +def success(message, overlay=False): + log("success", message, overlay) + + # def progress(message, overlay=False): # log("prog", message, overlay)