1
0
mirror of https://github.com/calebstewart/pwncat.git synced 2024-11-27 19:04:15 +01:00
Commit Graph

507 Commits

Author SHA1 Message Date
Caleb Stewart
7d36fbfecb
Update __init__.py
Adding `user=` keyword argument to all `method.build` calls in the GTFOTechnique. This is needed for any file write or file read methods using sudo. It shouldn't hurt any other methods as this parameter is simply ignored for invocations that don't use a sudo spec (see [gtfobins.py](https://github.com/calebstewart/pwncat/blob/modules/pwncat/gtfobins.py#L144-L155) ).
2020-09-01 21:08:40 -04:00
Wes van der Vleuten
d615dc81ef Finished sudo escalation 2020-09-01 23:49:18 +02:00
Caleb Stewart
4ecbca9543 Initial partially functioning auto escalation
Also renamed some enumeration types and added type-globbing
for the `types` parameter of enumerations (e.g. run enumerate.gather types=system.*)
2020-09-01 15:30:47 -04:00
John Hammond
1706213920 Migrated some enumeration code into the new module framework 2020-08-31 22:05:49 -04:00
Wes van der Vleuten
8c4494e7e4 [WIP] Added sudo escalation
Currently does not working using `run`, but it does work using
`privesc`.
2020-09-01 00:21:12 +02:00
Wes van der Vleuten
a747a8b118 Added sudoers enumeration in new module framework 2020-09-01 00:20:46 +02:00
Caleb Stewart
9a855c409f Added initial setuid escalate module
Initial tests are positive. Haven't implemented auto logic yet
and more testing needs to be done with the layout/architecture
of the escalation modules. *however*, it is working.
2020-08-31 00:23:46 -04:00
Caleb Stewart
0167c5194a Added persistence and escalate module types 2020-08-30 18:05:04 -04:00
Caleb Stewart
b89d3441ab Fixed tab-completion oddities
Previously, tab-completion of positional parameters
directly following the command didn't work. It only
initially completed "option" arguments. This is fixed.
Also, word completion (e.g. Complete.CHOICES) for
arguments has been fixed.
2020-08-28 23:15:43 -04:00
Caleb Stewart
e2d851ecd3 Added search and info commands for modules 2020-08-28 21:38:56 -04:00
Caleb Stewart
570a653bee Created module structure and enumeration base
I plan to eventually momve all persistence, escalation
and enumeration modules into the new `/pwncat/modules`
structure. This allows individual modules to be used
alone and allows complex modules custom arguments.
2020-08-28 18:03:06 -04:00
Caleb Stewart
30e084ab6e Added check for /bin/sh and set appropriate prompt
/bin/sh doesn't support colored/dynamic prompts.
Set prompt to basic when connecting to a host running
/bin/sh.
2020-08-25 13:18:14 -04:00
Caleb Stewart
5f12a12968 Merge branch 'master' of github.com:calebstewart/pwncat into master 2020-08-25 13:08:56 -04:00
Caleb Stewart
6a7af17055 Removed non-blocking flag from stdio
This caused BlockingIOError exceptions on some OSs, and
doesn't appear to provide anything. Tested privesc and
enumeration w/out blocking flag, and everything appears
to be functioning properly.
2020-08-25 13:07:53 -04:00
Caleb Stewart
c5ab324648 Update issue templates 2020-07-20 16:07:17 -04:00
Caleb Stewart
e2e9c326f6 Update issue templates 2020-07-20 16:04:20 -04:00
Caleb Stewart
a9268b6f25 Fixed requirements
git requiremens accidentally stripped by `pip freeze`
2020-07-19 21:19:44 -04:00
Caleb Stewart
efa0ee8ba8 Updated requirements with versions 2020-07-19 21:16:30 -04:00
Caleb Stewart
ae47f85d67 Added chdir in privesc to prevent weird permission denied erros during privilege escalation 2020-07-19 14:51:13 -04:00
Caleb Stewart
f6a94254bb Referenced presentation in README 2020-07-18 19:30:00 -04:00
Caleb Stewart
bd55c50c9b
Merge pull request #33 from cytopia-forked/docker
Use multi-stage build for the docker image to reduce size
2020-07-18 15:36:52 -04:00
Caleb Stewart
dd6695171f Bumped version number 2020-07-18 14:28:04 -04:00
Caleb Stewart
c81d5fdbed Fixed remaining colorama based output 2020-07-18 14:27:13 -04:00
cytopia
6cb6292c06
Use multi-stage build for the docker image to reduce size 2020-07-18 15:52:36 +02:00
Caleb Stewart
95877fa160 Added Dockerfile and updated euid_fix
Updated README to reflect new Dockerfile.
2020-07-17 02:48:29 -04:00
Caleb Stewart
93e39b9a47 Finished implementing new logging with python-rich 2020-07-06 22:40:14 -04:00
Caleb Stewart
40bfd7cb20 Merge branch 'master' into new-logging 2020-07-02 09:49:42 -04:00
Caleb Stewart
bdb5b5db56 Fixed pam persistence removal
Locating the pam directory was done differently in install and removal
routines, which caused discrepencies after installation. Should fix #21
2020-07-02 08:48:41 -04:00
Caleb Stewart
dfc86464fc Fixed init system check
Tested with the Lame machine on HtB, and it is working.
Thanks to @CodeXTF2 for the heads up on this edge case.
Fixes #22.
2020-06-29 21:55:58 -04:00
Caleb Stewart
f815ae315e Added warning for SELinux mode
Should fix #20. PAM persistence now shows warning for SELinux Permissive
mode and will not install for SELinux Enforcing mode.
2020-06-29 21:10:33 -04:00
Caleb Stewart
c6c194d1d3 More changed logging 2020-06-29 20:43:44 -04:00
Caleb Stewart
f1affd82c1 Removed old logging code in privesc command. Slow and steady. D: 2020-06-17 19:46:05 -04:00
Caleb Stewart
96e4688dae Fixed privesc.Finder.escalate for new logging
Currently, this will break Finder.read_file and Finder.write_file.
Still need to finish removing old logging functions before merging
to master. `util.log` and `util.erase_progress` current are NOPs
and just return None.
2020-06-11 23:11:13 -04:00
Caleb Stewart
fbe93c0f4d Fixed screen-version enumeration
Also, added a `victim.chdir` method which returns the
old cwd as well as changes working directories in one
command.
2020-06-11 01:56:20 -04:00
Caleb Stewart
fb6b7ad67a Fixed enumerated-private-key privesc
No longer attempts to use passphrase-protected private keys.
2020-06-09 21:11:04 -04:00
Caleb Stewart
4874dbf8bc Fixed typo in flush_output 2020-06-09 20:37:15 -04:00
Caleb Stewart
d5aa25f695 Added exclude option to privesc
Also added more formatting updates for the rich module.
2020-06-09 15:43:16 -04:00
Caleb Stewart
128b30f607 Started replacing util.log with python rich
Replaced loading messages w/ Python `rich` logging.
Will be replacing all other logging slowly with rich
as well.
2020-06-09 00:05:49 -04:00
Caleb Stewart
4c877f3a08 Shortened line in enumerate. Nothing big... 2020-06-06 00:00:37 -04:00
Caleb Stewart
3678e9fa66 Added the rich module
rich provides better progress bars and log output and exception tracebacks.
2020-06-05 21:32:24 -04:00
Caleb Stewart
cf5d809eda Fixed system.service enumeration
Shell globbing was causing faulty enumeration data for system.service.
2020-06-04 20:12:50 -04:00
Caleb Stewart
bbf49e4c72 Updated password enumeration 2020-06-04 19:35:57 -04:00
Caleb Stewart
528088be77 Fixed password config and enumeration 2020-06-04 03:34:21 -04:00
Caleb Stewart
d3ac61c0f8 updated dirtycow to new API, but left disabled. DirtyCOW is expensive (time-wise) and unstable (cuases kernel panics). This is not a good candidate for automated exploitation. 2020-06-03 15:38:34 -04:00
Caleb Stewart
1a5825fd4a Updated readme 2020-06-02 22:49:53 -04:00
Caleb Stewart
7e04faa06a Removed dead code from uploader/downloader directories. Pruned unused references to legacy 'pty' interface from a few places. Added note on BSD to readme 2020-06-02 22:48:59 -04:00
Caleb Stewart
a2552b5439 Added status output while loading privesc methods 2020-06-02 22:26:34 -04:00
Caleb Stewart
74f7c11344 Correctly catch errors while probing init system. Should fix #16 2020-06-02 21:27:17 -04:00
Caleb Stewart
67e3744d5e Minor refactor in sudo 2020-06-02 21:25:39 -04:00
Caleb Stewart
e3583607ba Rewrote pam persistence and screen privesc to use new compile interface. Added screen enumeration module as well. 2020-06-02 21:09:11 -04:00