Caleb Stewart
b58c2c9ee9
Merge pull request #51 from WesVleuten/modules-sudo
...
Modules rewrite: sudo escalation
2020-09-01 21:13:09 -04:00
Caleb Stewart
7d36fbfecb
Update __init__.py
...
Adding `user=` keyword argument to all `method.build` calls in the GTFOTechnique. This is needed for any file write or file read methods using sudo. It shouldn't hurt any other methods as this parameter is simply ignored for invocations that don't use a sudo spec (see [gtfobins.py](https://github.com/calebstewart/pwncat/blob/modules/pwncat/gtfobins.py#L144-L155 ) ).
2020-09-01 21:08:40 -04:00
Wes van der Vleuten
d615dc81ef
Finished sudo escalation
2020-09-01 23:49:18 +02:00
Caleb Stewart
4ecbca9543
Initial partially functioning auto escalation
...
Also renamed some enumeration types and added type-globbing
for the `types` parameter of enumerations (e.g. run enumerate.gather types=system.*)
2020-09-01 15:30:47 -04:00
John Hammond
1706213920
Migrated some enumeration code into the new module framework
2020-08-31 22:05:49 -04:00
Wes van der Vleuten
8c4494e7e4
[WIP] Added sudo escalation
...
Currently does not working using `run`, but it does work using
`privesc`.
2020-09-01 00:21:12 +02:00
Wes van der Vleuten
a747a8b118
Added sudoers enumeration in new module framework
2020-09-01 00:20:46 +02:00
Caleb Stewart
9a855c409f
Added initial setuid escalate module
...
Initial tests are positive. Haven't implemented auto logic yet
and more testing needs to be done with the layout/architecture
of the escalation modules. *however*, it is working.
2020-08-31 00:23:46 -04:00
Caleb Stewart
0167c5194a
Added persistence and escalate module types
2020-08-30 18:05:04 -04:00
Caleb Stewart
b89d3441ab
Fixed tab-completion oddities
...
Previously, tab-completion of positional parameters
directly following the command didn't work. It only
initially completed "option" arguments. This is fixed.
Also, word completion (e.g. Complete.CHOICES) for
arguments has been fixed.
2020-08-28 23:15:43 -04:00
Caleb Stewart
e2d851ecd3
Added search and info commands for modules
2020-08-28 21:38:56 -04:00
Caleb Stewart
570a653bee
Created module structure and enumeration base
...
I plan to eventually momve all persistence, escalation
and enumeration modules into the new `/pwncat/modules`
structure. This allows individual modules to be used
alone and allows complex modules custom arguments.
2020-08-28 18:03:06 -04:00
Caleb Stewart
30e084ab6e
Added check for /bin/sh and set appropriate prompt
...
/bin/sh doesn't support colored/dynamic prompts.
Set prompt to basic when connecting to a host running
/bin/sh.
2020-08-25 13:18:14 -04:00
Caleb Stewart
5f12a12968
Merge branch 'master' of github.com:calebstewart/pwncat into master
2020-08-25 13:08:56 -04:00
Caleb Stewart
6a7af17055
Removed non-blocking flag from stdio
...
This caused BlockingIOError exceptions on some OSs, and
doesn't appear to provide anything. Tested privesc and
enumeration w/out blocking flag, and everything appears
to be functioning properly.
2020-08-25 13:07:53 -04:00
Caleb Stewart
c5ab324648
Update issue templates
2020-07-20 16:07:17 -04:00
Caleb Stewart
e2e9c326f6
Update issue templates
2020-07-20 16:04:20 -04:00
Caleb Stewart
a9268b6f25
Fixed requirements
...
git requiremens accidentally stripped by `pip freeze`
2020-07-19 21:19:44 -04:00
Caleb Stewart
efa0ee8ba8
Updated requirements with versions
2020-07-19 21:16:30 -04:00
Caleb Stewart
ae47f85d67
Added chdir in privesc to prevent weird permission denied erros during privilege escalation
2020-07-19 14:51:13 -04:00
Caleb Stewart
f6a94254bb
Referenced presentation in README
2020-07-18 19:30:00 -04:00
Caleb Stewart
bd55c50c9b
Merge pull request #33 from cytopia-forked/docker
...
Use multi-stage build for the docker image to reduce size
2020-07-18 15:36:52 -04:00
Caleb Stewart
dd6695171f
Bumped version number
2020-07-18 14:28:04 -04:00
Caleb Stewart
c81d5fdbed
Fixed remaining colorama based output
2020-07-18 14:27:13 -04:00
cytopia
6cb6292c06
Use multi-stage build for the docker image to reduce size
2020-07-18 15:52:36 +02:00
Caleb Stewart
95877fa160
Added Dockerfile and updated euid_fix
...
Updated README to reflect new Dockerfile.
2020-07-17 02:48:29 -04:00
Caleb Stewart
93e39b9a47
Finished implementing new logging with python-rich
2020-07-06 22:40:14 -04:00
Caleb Stewart
40bfd7cb20
Merge branch 'master' into new-logging
2020-07-02 09:49:42 -04:00
Caleb Stewart
bdb5b5db56
Fixed pam persistence removal
...
Locating the pam directory was done differently in install and removal
routines, which caused discrepencies after installation. Should fix #21
2020-07-02 08:48:41 -04:00
Caleb Stewart
dfc86464fc
Fixed init system check
...
Tested with the Lame machine on HtB, and it is working.
Thanks to @CodeXTF2 for the heads up on this edge case.
Fixes #22 .
2020-06-29 21:55:58 -04:00
Caleb Stewart
f815ae315e
Added warning for SELinux mode
...
Should fix #20 . PAM persistence now shows warning for SELinux Permissive
mode and will not install for SELinux Enforcing mode.
2020-06-29 21:10:33 -04:00
Caleb Stewart
c6c194d1d3
More changed logging
2020-06-29 20:43:44 -04:00
Caleb Stewart
f1affd82c1
Removed old logging code in privesc command. Slow and steady. D:
2020-06-17 19:46:05 -04:00
Caleb Stewart
96e4688dae
Fixed privesc.Finder.escalate for new logging
...
Currently, this will break Finder.read_file and Finder.write_file.
Still need to finish removing old logging functions before merging
to master. `util.log` and `util.erase_progress` current are NOPs
and just return None.
2020-06-11 23:11:13 -04:00
Caleb Stewart
fbe93c0f4d
Fixed screen-version enumeration
...
Also, added a `victim.chdir` method which returns the
old cwd as well as changes working directories in one
command.
2020-06-11 01:56:20 -04:00
Caleb Stewart
fb6b7ad67a
Fixed enumerated-private-key privesc
...
No longer attempts to use passphrase-protected private keys.
2020-06-09 21:11:04 -04:00
Caleb Stewart
4874dbf8bc
Fixed typo in flush_output
2020-06-09 20:37:15 -04:00
Caleb Stewart
d5aa25f695
Added exclude option to privesc
...
Also added more formatting updates for the rich module.
2020-06-09 15:43:16 -04:00
Caleb Stewart
128b30f607
Started replacing util.log with python rich
...
Replaced loading messages w/ Python `rich` logging.
Will be replacing all other logging slowly with rich
as well.
2020-06-09 00:05:49 -04:00
Caleb Stewart
4c877f3a08
Shortened line in enumerate. Nothing big...
2020-06-06 00:00:37 -04:00
Caleb Stewart
3678e9fa66
Added the rich module
...
rich provides better progress bars and log output and exception tracebacks.
2020-06-05 21:32:24 -04:00
Caleb Stewart
cf5d809eda
Fixed system.service enumeration
...
Shell globbing was causing faulty enumeration data for system.service.
2020-06-04 20:12:50 -04:00
Caleb Stewart
bbf49e4c72
Updated password enumeration
2020-06-04 19:35:57 -04:00
Caleb Stewart
528088be77
Fixed password config and enumeration
2020-06-04 03:34:21 -04:00
Caleb Stewart
d3ac61c0f8
updated dirtycow to new API, but left disabled. DirtyCOW is expensive (time-wise) and unstable (cuases kernel panics). This is not a good candidate for automated exploitation.
2020-06-03 15:38:34 -04:00
Caleb Stewart
1a5825fd4a
Updated readme
2020-06-02 22:49:53 -04:00
Caleb Stewart
7e04faa06a
Removed dead code from uploader/downloader directories. Pruned unused references to legacy 'pty' interface from a few places. Added note on BSD to readme
2020-06-02 22:48:59 -04:00
Caleb Stewart
a2552b5439
Added status output while loading privesc methods
2020-06-02 22:26:34 -04:00
Caleb Stewart
74f7c11344
Correctly catch errors while probing init system. Should fix #16
2020-06-02 21:27:17 -04:00
Caleb Stewart
67e3744d5e
Minor refactor in sudo
2020-06-02 21:25:39 -04:00