Saverr/pwncat
1
0
Fork 0
mirror of https://github.com/calebstewart/pwncat.git synced 2024-11-23 17:15:38 +01:00
Code Projects Releases Wiki Activity
270 Commits 9 Branches 11 Tags 6.9 MiB
8fed7c9829
Commit Graph

270 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Caleb Stewart
8fed7c9829 Organized and converted enumeration modules 
Also found fix for delayed arrow key input (once merged,
this should fix #53)
 2020-09-11 16:05:53 -04:00
Caleb Stewart
f176e5d9bd Added platform specifier for host object and platform filtering to modules 2020-09-08 20:04:19 -04:00
Caleb Stewart
fdac13d275 Added progress argument and improved auto escalate 
`progress` argument is needed for recursive module invocation.
Also, improved the algorithm for finding escalation through
SSH private key leaking/authorized keys writing.
 2020-09-03 17:23:58 -04:00
Caleb Stewart
fa8cf9dd06
Merge pull request #52 from WesVleuten/modules-sudocve 
Added sudo CVE-2019-14287 escalation
 2020-09-03 16:40:24 -04:00
Wes van der Vleuten
c6b084b50f Added sudo CVE-2019-14287 escalation 2020-09-03 00:11:43 +02:00
Caleb Stewart
1cc6d4ad27 Fixed naming-clash in GTFOTechnique 2020-09-02 17:37:54 -04:00
Caleb Stewart
2abbe29ada Fixed flickering progress bar! 2020-09-02 13:15:01 -04:00
Caleb Stewart
86d57d3e04 Fixed enumeration markers and added base module exception 2020-09-02 13:14:33 -04:00
Caleb Stewart
6f975fff51 Strip spaces from user/groups in sudoers 
Fixes #24
 2020-09-01 22:29:28 -04:00
Caleb Stewart
098c8a523d Fixed a fat-finger mistake 
Had the wrong argument for spec since I expanded sudoers to enumerate
multi-command rules. Fixed here.
 2020-09-01 22:23:55 -04:00
Caleb Stewart
8d5e91a6a7 Added comma-separated commmand support to sudo 
The sudo enumeration now returns a list of commands, per the sudoers
spec. Also updated the escalate module to handle the array of commands.
 #25 asks about this, and once merged this should fix the issue
 described there.
 2020-09-01 22:20:04 -04:00
Caleb Stewart
def3b59039 Changed rule.runas_user to rule.command for spec 2020-09-01 21:30:57 -04:00
Caleb Stewart
b58c2c9ee9
Merge pull request #51 from WesVleuten/modules-sudo 
Modules rewrite: sudo escalation
 2020-09-01 21:13:09 -04:00
Caleb Stewart
7d36fbfecb
Update __init__.py 
Adding `user=` keyword argument to all `method.build` calls in the GTFOTechnique. This is needed for any file write or file read methods using sudo. It shouldn't hurt any other methods as this parameter is simply ignored for invocations that don't use a sudo spec (see [gtfobins.py](https://github.com/calebstewart/pwncat/blob/modules/pwncat/gtfobins.py#L144-L155) ).
 2020-09-01 21:08:40 -04:00
Wes van der Vleuten
d615dc81ef Finished sudo escalation 2020-09-01 23:49:18 +02:00
Caleb Stewart
4ecbca9543 Initial partially functioning auto escalation 
Also renamed some enumeration types and added type-globbing
for the `types` parameter of enumerations (e.g. run enumerate.gather types=system.*)
 2020-09-01 15:30:47 -04:00
John Hammond
1706213920 Migrated some enumeration code into the new module framework 2020-08-31 22:05:49 -04:00
Wes van der Vleuten
8c4494e7e4 [WIP] Added sudo escalation 
Currently does not working using `run`, but it does work using
`privesc`.
 2020-09-01 00:21:12 +02:00
Wes van der Vleuten
a747a8b118 Added sudoers enumeration in new module framework 2020-09-01 00:20:46 +02:00
Caleb Stewart
9a855c409f Added initial setuid escalate module 
Initial tests are positive. Haven't implemented auto logic yet
and more testing needs to be done with the layout/architecture
of the escalation modules. *however*, it is working.
 2020-08-31 00:23:46 -04:00
Caleb Stewart
0167c5194a Added persistence and escalate module types 2020-08-30 18:05:04 -04:00
Caleb Stewart
b89d3441ab Fixed tab-completion oddities 
Previously, tab-completion of positional parameters
directly following the command didn't work. It only
initially completed "option" arguments. This is fixed.
Also, word completion (e.g. Complete.CHOICES) for
arguments has been fixed.
 2020-08-28 23:15:43 -04:00
Caleb Stewart
e2d851ecd3 Added search and info commands for modules 2020-08-28 21:38:56 -04:00
Caleb Stewart
570a653bee Created module structure and enumeration base 
I plan to eventually momve all persistence, escalation
and enumeration modules into the new `/pwncat/modules`
structure. This allows individual modules to be used
alone and allows complex modules custom arguments.
 2020-08-28 18:03:06 -04:00
Caleb Stewart
30e084ab6e Added check for /bin/sh and set appropriate prompt 
/bin/sh doesn't support colored/dynamic prompts.
Set prompt to basic when connecting to a host running
/bin/sh.
 2020-08-25 13:18:14 -04:00
Caleb Stewart
5f12a12968 Merge branch 'master' of github.com:calebstewart/pwncat into master 2020-08-25 13:08:56 -04:00
Caleb Stewart
6a7af17055 Removed non-blocking flag from stdio 
This caused BlockingIOError exceptions on some OSs, and
doesn't appear to provide anything. Tested privesc and
enumeration w/out blocking flag, and everything appears
to be functioning properly.
 2020-08-25 13:07:53 -04:00
Caleb Stewart
c5ab324648 Update issue templates 2020-07-20 16:07:17 -04:00
Caleb Stewart
e2e9c326f6 Update issue templates 2020-07-20 16:04:20 -04:00
Caleb Stewart
a9268b6f25 Fixed requirements 
git requiremens accidentally stripped by `pip freeze`
 2020-07-19 21:19:44 -04:00
Caleb Stewart
efa0ee8ba8 Updated requirements with versions 2020-07-19 21:16:30 -04:00
Caleb Stewart
ae47f85d67 Added chdir in privesc to prevent weird permission denied erros during privilege escalation 2020-07-19 14:51:13 -04:00
Caleb Stewart
f6a94254bb Referenced presentation in README 2020-07-18 19:30:00 -04:00
Caleb Stewart
bd55c50c9b
Merge pull request #33 from cytopia-forked/docker 
Use multi-stage build for the docker image to reduce size
 2020-07-18 15:36:52 -04:00
Caleb Stewart
dd6695171f Bumped version number 2020-07-18 14:28:04 -04:00
Caleb Stewart
c81d5fdbed Fixed remaining colorama based output 2020-07-18 14:27:13 -04:00
cytopia
6cb6292c06
Use multi-stage build for the docker image to reduce size 2020-07-18 15:52:36 +02:00
Caleb Stewart
95877fa160 Added Dockerfile and updated euid_fix 
Updated README to reflect new Dockerfile.
 2020-07-17 02:48:29 -04:00
Caleb Stewart
93e39b9a47 Finished implementing new logging with python-rich 2020-07-06 22:40:14 -04:00
Caleb Stewart
40bfd7cb20 Merge branch 'master' into new-logging 2020-07-02 09:49:42 -04:00
Caleb Stewart
bdb5b5db56 Fixed pam persistence removal 
Locating the pam directory was done differently in install and removal
routines, which caused discrepencies after installation. Should fix #21
 2020-07-02 08:48:41 -04:00
Caleb Stewart
dfc86464fc Fixed init system check 
Tested with the Lame machine on HtB, and it is working.
Thanks to @CodeXTF2 for the heads up on this edge case.
Fixes #22.
 2020-06-29 21:55:58 -04:00
Caleb Stewart
f815ae315e Added warning for SELinux mode 
Should fix #20. PAM persistence now shows warning for SELinux Permissive
mode and will not install for SELinux Enforcing mode.
 2020-06-29 21:10:33 -04:00
Caleb Stewart
c6c194d1d3 More changed logging 2020-06-29 20:43:44 -04:00
Caleb Stewart
f1affd82c1 Removed old logging code in privesc command. Slow and steady. D: 2020-06-17 19:46:05 -04:00
Caleb Stewart
96e4688dae Fixed privesc.Finder.escalate for new logging 
Currently, this will break Finder.read_file and Finder.write_file.
Still need to finish removing old logging functions before merging
to master. `util.log` and `util.erase_progress` current are NOPs
and just return None.
 2020-06-11 23:11:13 -04:00
Caleb Stewart
fbe93c0f4d Fixed screen-version enumeration 
Also, added a `victim.chdir` method which returns the
old cwd as well as changes working directories in one
command.
 2020-06-11 01:56:20 -04:00
Caleb Stewart
fb6b7ad67a Fixed enumerated-private-key privesc 
No longer attempts to use passphrase-protected private keys.
 2020-06-09 21:11:04 -04:00
Caleb Stewart
4874dbf8bc Fixed typo in flush_output 2020-06-09 20:37:15 -04:00
Caleb Stewart
d5aa25f695 Added exclude option to privesc 
Also added more formatting updates for the rich module.
 2020-06-09 15:43:16 -04:00