From 82bda40339ccd7384fbbeb6727d308537090f717 Mon Sep 17 00:00:00 2001 From: AlessandroZ Date: Tue, 2 May 2017 23:26:48 +0200 Subject: [PATCH] beroot module --- pupy/modules/beroot.py | 86 +++++++++++++++++++++++++++++ pupy/packages/windows/all/beRoot.py | 1 + pupy/packages/windows/all/beroot | 1 + 3 files changed, 88 insertions(+) create mode 100644 pupy/modules/beroot.py create mode 120000 pupy/packages/windows/all/beRoot.py create mode 120000 pupy/packages/windows/all/beroot diff --git a/pupy/modules/beroot.py b/pupy/modules/beroot.py new file mode 100644 index 00000000..75e6da3b --- /dev/null +++ b/pupy/modules/beroot.py @@ -0,0 +1,86 @@ +# -*- coding: utf-8 -*- +from pupylib.PupyModule import * +from pupylib.utils.rpyc_utils import redirected_stdio +from pupylib.PupyConfig import PupyConfig +import datetime +import json + +__class_name__="Beroot" + +@config(cat="admin", compat=["windows"]) +class Beroot(PupyModule): + """ Windows Privilege escalation """ + + dependencies = { + 'windows': [ + 'pyexpat', 'xml', '_elementtree', 'xml.etree', 'impacket', 'impacket.examples', 'beroot', 'beRoot' + ] + } + + def init_argparse(self): + self.arg_parser = PupyArgumentParser(prog="beroot", description=self.__doc__) + self.arg_parser.add_argument("-l", "--list", action="store_true", default=False, help="list all softwares installed (not run by default)") + self.arg_parser.add_argument("-w", "--write", action="store_true", default=False, help="write output") + self.arg_parser.add_argument("-c", "--cmd", action="store", default="whoami", help="cmd to execute for the webclient check (default: whoami)") + + def run(self, args): + filepath = None + if args.write: + config = self.client.pupsrv.config or PupyConfig() + folder = config.get_folder('beroot', {'%c': self.client.short_name()}) + filepath = os.path.join(folder, str(datetime.datetime.now()).replace(" ","_").replace(":","-")+"-beroot.txt") + + with redirected_stdio(self): + for r in self.client.conn.modules["beRoot"].run(args.cmd, args.list, args.write): + self.print_output(output=r, write=args.write, file=filepath) + + if args.write: + self.success(filepath) + + def print_output(self, output, write=False, file=None): + toPrint = True + if 'NotPrint' in output: + toPrint = False + + st = '\n-------------- %s --------------\n' % output['Category'] + if 'list' in str(type(output['All'])): + for results in output['All']: + st += '\n[!] %s\n' % results['Function'].capitalize() + + results = results['Results'] + + # return only one result (True or False) + if 'bool' in str(type(results)): + st += '%s\n' % str(results) + + elif 'dict' in str(type(results)): + for result in results: + if 'list' in str(type(results[result])): + st += '%s\n' % str(result) + for w in results[result]: + st += '- %s\n' % w + st += '\n' + + elif 'list' in str(type(results)): + for result in results: + if 'str' in str(type(result)): + st += '%s\n' % result + else: + for r in result: + if 'list' in str(type(result[r])): + st += '%s:\n' % r + for w in result[r]: + st += '- %s\n' % w + else: + st += '%s: %s\n' % (r, str(result[r])) + st += '\n' + elif 'str' in str(type(output['All'])): + st += output['All'] + + if toPrint: + print st + + if write: + f = open(file, 'a') + f.write(st) + f.close() diff --git a/pupy/packages/windows/all/beRoot.py b/pupy/packages/windows/all/beRoot.py new file mode 120000 index 00000000..fb73eb8b --- /dev/null +++ b/pupy/packages/windows/all/beRoot.py @@ -0,0 +1 @@ +../../../external/BeRoot/beRoot.py \ No newline at end of file diff --git a/pupy/packages/windows/all/beroot b/pupy/packages/windows/all/beroot new file mode 120000 index 00000000..df9f4fff --- /dev/null +++ b/pupy/packages/windows/all/beroot @@ -0,0 +1 @@ +../../../external/BeRoot/beroot/ \ No newline at end of file