Watched some youtube clips on this and though I'd try this software
I got an error soon after installing - the error was because `shlex.join` is being used:
5f12a12968/pwncat/__main__.py (L29)
Turns out this requires Python 3.8:
https://docs.python.org/3/library/shlex.html#shlex.join
I propose to explicitly require this at install time so a more appropriate error is thrown to the user.
Thoughts?
Mainly worked on authorized_keys and pam persistence modules. Also added
the `load` command allowing users to load custom modules from different
directories. Lastly, added the optional inclusion of a
`$XDG_CONFIG_HOME/pwncat/pwncatrc` configuration allowing you to specify
configuration for all invocations of pwncat (like a custom module directory).
`progress` argument is needed for recursive module invocation.
Also, improved the algorithm for finding escalation through
SSH private key leaking/authorized keys writing.
The sudo enumeration now returns a list of commands, per the sudoers
spec. Also updated the escalate module to handle the array of commands.
#25 asks about this, and once merged this should fix the issue
described there.
Adding `user=` keyword argument to all `method.build` calls in the GTFOTechnique. This is needed for any file write or file read methods using sudo. It shouldn't hurt any other methods as this parameter is simply ignored for invocations that don't use a sudo spec (see [gtfobins.py](https://github.com/calebstewart/pwncat/blob/modules/pwncat/gtfobins.py#L144-L155) ).
Initial tests are positive. Haven't implemented auto logic yet
and more testing needs to be done with the layout/architecture
of the escalation modules. *however*, it is working.
Previously, tab-completion of positional parameters
directly following the command didn't work. It only
initially completed "option" arguments. This is fixed.
Also, word completion (e.g. Complete.CHOICES) for
arguments has been fixed.
I plan to eventually momve all persistence, escalation
and enumeration modules into the new `/pwncat/modules`
structure. This allows individual modules to be used
alone and allows complex modules custom arguments.
This caused BlockingIOError exceptions on some OSs, and
doesn't appear to provide anything. Tested privesc and
enumeration w/out blocking flag, and everything appears
to be functioning properly.