Honor prefer_workdir for credentials

This commit is contained in:
Oleksii Shevchuk 2017-03-09 19:00:29 +02:00
parent 3297c1188d
commit 94492a338e
3 changed files with 20 additions and 22 deletions

1
.gitignore vendored
View File

@ -1,5 +1,6 @@
#pupy stuff #pupy stuff
pupy/data/ pupy/data/
pupy/crypto/*.py
pupy/.pupy_history pupy/.pupy_history
.DS_Store .DS_Store
*.swp *.swp

View File

@ -14,6 +14,7 @@ prefer_workdir = no
downloads = data/downloads/%c downloads = data/downloads/%c
screenshots = data/screenshots/%c screenshots = data/screenshots/%c
creds = data/db/%c creds = data/db/%c
crypto = crypto
[on_connect] [on_connect]
#run_module = gather/keylogger start #run_module = gather/keylogger start
@ -27,11 +28,6 @@ sound_player = totem
exe_Win32=/usr/share/mimikatz/Win32/mimikatz.exe exe_Win32=/usr/share/mimikatz/Win32/mimikatz.exe
exe_x64=/usr/share/mimikatz/x64/mimikatz.exe exe_x64=/usr/share/mimikatz/x64/mimikatz.exe
[lazagne]
win=/usr/share/lazagne/laZagne.exe
linux_32=/usr/share/lazagne/LaZagne-32bits
linux_64=/usr/share/lazagne/LaZagne-64bits
[aliases] [aliases]
info = get_info info = get_info
pyexec = pyexec pyexec = pyexec

View File

@ -4,6 +4,8 @@ if __name__ == '__main__':
import sys import sys
sys.path.append('..') sys.path.append('..')
from PupyConfig import PupyConfig
from os import path, urandom, chmod, makedirs, unlink from os import path, urandom, chmod, makedirs, unlink
import logging import logging
@ -95,18 +97,15 @@ class Encryptor(object):
ENCRYPTOR = Encryptor.instance ENCRYPTOR = Encryptor.instance
class Credentials(object): class Credentials(object):
USER_CONFIG = path.expanduser( SYSTEM_CONFIG = path.join(path.dirname(__file__), '..', 'crypto', 'credentials.py')
path.join('~', '.config', 'pupy', 'credentials.py')
)
CONFIG_FILES = [
path.join(path.dirname(__file__), '..', 'crypto', 'credentials.py'),
path.join('crypto', 'credentials.py'),
USER_CONFIG,
]
def __init__(self, role=None, password=None): def __init__(self, role=None, password=None):
self._generate(password=password) config = PupyConfig()
configfile = path.join(config.get_folder('crypto'), 'credentials.py')
self._generate(password=password, configfile=configfile)
configfiles = [ self.SYSTEM_CONFIG, configfile ]
role = role or DEFAULT_ROLE role = role or DEFAULT_ROLE
self.role = role.upper() if role else 'ANY' self.role = role.upper() if role else 'ANY'
@ -115,7 +114,7 @@ class Credentials(object):
raise ValueError('Unsupported role: {}'.format(self.role)) raise ValueError('Unsupported role: {}'.format(self.role))
self._credentials = {} self._credentials = {}
for config in self.CONFIG_FILES: for config in configfiles:
if path.exists(config): if path.exists(config):
with open(config, 'rb') as creds: with open(config, 'rb') as creds:
content = creds.read() content = creds.read()
@ -246,11 +245,13 @@ class Credentials(object):
return pk.as_pem(cipher=None), cert.as_pem() return pk.as_pem(cipher=None), cert.as_pem()
def _generate(self, force=False, password=None): def _generate(self, force=False, password=None, configfile=None):
if path.exists(self.USER_CONFIG) and not force: if path.exists(configfile) and not force:
return return
logging.warning("Generating credentials to {}".format(self.USER_CONFIG)) configdir = path.dirname(configfile)
logging.warning("Generating credentials to {}".format(configfile))
ECPV_PRIVATE_KEY, ECPV_PUBLIC_KEY = self._generate_ecpv_keypair() ECPV_PRIVATE_KEY, ECPV_PUBLIC_KEY = self._generate_ecpv_keypair()
@ -308,13 +309,13 @@ class Credentials(object):
} }
try: try:
makedirs(path.dirname(self.USER_CONFIG)) makedirs(path.dirname(configfile))
except OSError as e: except OSError as e:
if not e.errno == errno.EEXIST: if not e.errno == errno.EEXIST:
raise raise
with open(self.USER_CONFIG, 'wb') as user_config: with open(configfile, 'wb') as user_config:
chmod(self.USER_CONFIG, 0600) chmod(configfile, 0600)
content = '\n'.join([ content = '\n'.join([
'{}={}\n'.format(k, repr(v)) for k,v in credentials.iteritems() '{}={}\n'.format(k, repr(v)) for k,v in credentials.iteritems()
]) + '\n' ]) + '\n'