Caleb Stewart
dfc86464fc
Fixed init system check
...
Tested with the Lame machine on HtB, and it is working.
Thanks to @CodeXTF2 for the heads up on this edge case.
Fixes #22 .
2020-06-29 21:55:58 -04:00
Caleb Stewart
f815ae315e
Added warning for SELinux mode
...
Should fix #20 . PAM persistence now shows warning for SELinux Permissive
mode and will not install for SELinux Enforcing mode.
2020-06-29 21:10:33 -04:00
Caleb Stewart
c6c194d1d3
More changed logging
2020-06-29 20:43:44 -04:00
Caleb Stewart
f1affd82c1
Removed old logging code in privesc command. Slow and steady. D:
2020-06-17 19:46:05 -04:00
Caleb Stewart
96e4688dae
Fixed privesc.Finder.escalate for new logging
...
Currently, this will break Finder.read_file and Finder.write_file.
Still need to finish removing old logging functions before merging
to master. `util.log` and `util.erase_progress` current are NOPs
and just return None.
2020-06-11 23:11:13 -04:00
Caleb Stewart
fbe93c0f4d
Fixed screen-version enumeration
...
Also, added a `victim.chdir` method which returns the
old cwd as well as changes working directories in one
command.
2020-06-11 01:56:20 -04:00
Caleb Stewart
fb6b7ad67a
Fixed enumerated-private-key privesc
...
No longer attempts to use passphrase-protected private keys.
2020-06-09 21:11:04 -04:00
Caleb Stewart
4874dbf8bc
Fixed typo in flush_output
2020-06-09 20:37:15 -04:00
Caleb Stewart
d5aa25f695
Added exclude option to privesc
...
Also added more formatting updates for the rich module.
2020-06-09 15:43:16 -04:00
Caleb Stewart
128b30f607
Started replacing util.log with python rich
...
Replaced loading messages w/ Python `rich` logging.
Will be replacing all other logging slowly with rich
as well.
2020-06-09 00:05:49 -04:00
Caleb Stewart
4c877f3a08
Shortened line in enumerate. Nothing big...
2020-06-06 00:00:37 -04:00
Caleb Stewart
3678e9fa66
Added the rich module
...
rich provides better progress bars and log output and exception tracebacks.
2020-06-05 21:32:24 -04:00
Caleb Stewart
cf5d809eda
Fixed system.service enumeration
...
Shell globbing was causing faulty enumeration data for system.service.
2020-06-04 20:12:50 -04:00
Caleb Stewart
bbf49e4c72
Updated password enumeration
2020-06-04 19:35:57 -04:00
Caleb Stewart
528088be77
Fixed password config and enumeration
2020-06-04 03:34:21 -04:00
Caleb Stewart
d3ac61c0f8
updated dirtycow to new API, but left disabled. DirtyCOW is expensive (time-wise) and unstable (cuases kernel panics). This is not a good candidate for automated exploitation.
2020-06-03 15:38:34 -04:00
Caleb Stewart
1a5825fd4a
Updated readme
2020-06-02 22:49:53 -04:00
Caleb Stewart
7e04faa06a
Removed dead code from uploader/downloader directories. Pruned unused references to legacy 'pty' interface from a few places. Added note on BSD to readme
2020-06-02 22:48:59 -04:00
Caleb Stewart
a2552b5439
Added status output while loading privesc methods
2020-06-02 22:26:34 -04:00
Caleb Stewart
74f7c11344
Correctly catch errors while probing init system. Should fix #16
2020-06-02 21:27:17 -04:00
Caleb Stewart
67e3744d5e
Minor refactor in sudo
2020-06-02 21:25:39 -04:00
Caleb Stewart
e3583607ba
Rewrote pam persistence and screen privesc to use new compile interface. Added screen enumeration module as well.
2020-06-02 21:09:11 -04:00
Caleb Stewart
ffa1059a43
Added documentation for new compile method
2020-06-02 19:03:05 -04:00
Caleb Stewart
668eadbaef
Added generic pwncat.victim.compile method for compiling code to remote host
2020-06-02 17:35:11 -04:00
Caleb Stewart
ae2c28670c
Stripped unneeded information out of ps output.
2020-06-01 21:10:12 -04:00
Caleb Stewart
124f90e16c
Added sudo, fstab, and process enumerations
2020-06-01 20:53:32 -04:00
Caleb Stewart
5089fc2cc9
Added aslr, container, and selinux enumeration
2020-05-31 00:40:54 -04:00
Caleb Stewart
bb1a48d7ab
Added sudoers enumeration module. Modified sudo privesc to utilize enumeration data. Added sudo method to pwncat.victim
2020-05-30 21:06:48 -04:00
Caleb Stewart
bb60c04560
Merge branch 'master' of github.com:calebstewart/pwncat
2020-05-30 03:06:25 -04:00
Caleb Stewart
19afdd7d8f
Added crontab enumeration and a listdir method for pwncat.victim
2020-05-30 03:06:21 -04:00
John Hammond
81d43896ac
GTFOBins are... theoretically... done???
2020-05-30 02:32:15 -04:00
Caleb Stewart
725f47f387
Added ability to attempt enumerated passwords during privesc
2020-05-29 22:33:04 -04:00
Caleb Stewart
1f278bb5cc
Added initial implementention of configuration searching for passwords. Also, sped up pwncat.victim.su using the timeout command.
2020-05-29 19:17:34 -04:00
Caleb Stewart
b46ec274a2
Moved gtfobins.json to the right location.
2020-05-29 04:32:31 -04:00
Caleb Stewart
140bf19935
Merge branch 'master' of github.com:calebstewart/pwncat
2020-05-29 04:28:30 -04:00
Caleb Stewart
c2da0f1106
Added extra check for weird bash behavior
2020-05-29 04:28:28 -04:00
John Hammond
9f21985e1b
Added yum into gtfobins.json. THM machine Daily Bugle seemingly does not find it in sudo
2020-05-28 22:33:34 -04:00
Caleb Stewart
ff10fdaa1e
Merge branch 'master' of github.com:calebstewart/pwncat
2020-05-28 21:33:32 -04:00
John Hammond
385251b70e
Corrected getpeername() to just get zero-index, retrieve only IP address
2020-05-28 21:33:26 -04:00
Caleb Stewart
88330bc504
Added basic enum docs
2020-05-28 21:30:41 -04:00
Caleb Stewart
456a1505f4
Fixed dumb ssh argument handling. Sorry Trevor.
2020-05-28 20:18:24 -04:00
Caleb Stewart
980d015b16
Merge branch 'master' of github.com:calebstewart/pwncat
2020-05-28 19:10:31 -04:00
Caleb Stewart
80225ca7e0
Removed custom prompt_toolkit and fixed init enumerator bug
2020-05-28 19:10:27 -04:00
Caleb Stewart
591a1d1385
Added enumerator for writable entries in PATH
2020-05-28 17:57:30 -04:00
Caleb Stewart
3c381f5f1f
Fixed requirements and setup.py for missing package
2020-05-28 01:26:45 -04:00
Caleb Stewart
9b0067a4ed
Added gtfobins.json to the package data in setup.py as referenced in #14
2020-05-28 01:21:08 -04:00
Caleb Stewart
8461de7182
Organized the report from enum better. It's not more readable.
2020-05-28 00:09:53 -04:00
Caleb Stewart
da591f9a22
Added enumerators for capabilities, kernel exploits, and package managers
2020-05-27 17:15:52 -04:00
Caleb Stewart
8dea0b61e8
Added prompt command to fix your prompt in the event of a simple shell like dash
2020-05-27 01:20:19 -04:00
Caleb Stewart
d0e0179fda
Added systemd enumeration, and privesc methods to utilize enumerated keys and passwords
2020-05-27 00:35:17 -04:00