1
0
mirror of https://github.com/calebstewart/pwncat.git synced 2024-11-30 12:24:14 +01:00
pwncat/CHANGELOG.md
Caleb Stewart cbd6f1d20f
Merge pull request #182 from calebstewart/issue-181-leak-privkey-root
Updated leak_privkey to leak all keys when UID=0
2021-09-18 23:43:13 -04:00

4.1 KiB

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

The Changelog starts with v0.4.1, because we did not keep one before that, and simply didn't have the time to go back and retroactively create one.

[Unreleased]

Fixed

  • Possible exception due to pre-registering of session with manager
  • Covered edge case in sudo rule parsing for wildcards (#183)
  • Added fallthrough cases for PTY methods in case of misbehaving binaries (looking at you: screen)
  • Fixed handling of socket.getpeername when Socket channel uses IPv6 (#159).
  • Fixed verbose logging handler to be unique for every channel
  • Fixed docstrings in Command modules
  • Changed docker base image to python3.9-alpine to fix python version issues.

Added

  • Added alternatives to bash to be used during shell upgrade for a better shell
  • Added a warning message when a KeyboardInterrupt is caught
  • Added --verbose/-V for argument parser
  • Added OSError for bind protocol to show appropriate error messages

Changed

  • Changed some 'red' warning message color to 'yellow'
  • Leak private keys for all users w/ file-read ability as UID=0 (#181)
  • Raise PermissionError when underlying processes terminate unsuccessfully for LinuxReader and LinuxWriter

[0.4.3] - 2021-06-18

Patch fix release. Major fixes are the correction of file IO for LinuxWriters and improved stability with better exception handling.

Fixed

  • Pinned container base image to alpine 3.13.5 and installed to virtualenv (#134)
  • Fixed syntax for f-strings in escalation command
  • Re-added readline import for windows platform after being accidentally removed
  • Corrected processing of password in connection string

Changed

  • Changed session tracking so session IDs aren't reused
  • Changed zsh prompt to match CWD of other shell prompts
  • Improved exception handling throughout framework (#133)
  • Added explicit permission checks when opening files
  • Changed LinuxWriter close routine again to account for needed EOF signals (#140)

Added

  • Added better file io test cases

[0.4.2] - 2021-06-15

Quick patch release due to corrected bug in ChannelFile which caused command output to be empty in some situations.

Fixed

  • Fixed linux.enumerate.system.network to work with old and new style ip.
  • Fixed ChannelFile.recvinto which will no longer raise BlockingIOError (#126, #131)
  • Fixed sessions command with invalid session ID (#130)
  • Fixed zsh shell prompt color syntax (#130)

Added

  • Added Pull Request template
  • Added CONTRIBUTING.md
  • Added --version option to entrypoint to retrieve pwncat version
  • Added latest tag to documented install command to prevent dev installs

[0.4.1] - 2021-06-14

Added

  • Differentiate prompt syntax for standard bash, zsh and sh (#126)
  • Added -c=never to ip command in linux.enumerate.system.network (#126)
  • Updated Dockerfile to properly build post-v0.4.0 releases (#125)
  • Added check for nologin shell to stop pwncat from accidentally closing the session (#116)
  • Resolved all flake8 errors (#123)
  • Improved EOF handling for Linux file-writes (#117)