Fixed SSL argument parsing for bind channels

2021-12-26 15:29:48 -05:00 · 2021-12-26 15:29:48 -05:00 · d621880324
parent ab7f0a5322
commit d621880324
5 changed files with 28 additions and 5 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -15,6 +15,7 @@ and simply didn't have the time to go back and retroactively create one.
 - Utilized Paramiko SSHClient which will also utilize the SSHAgent if available by default and supports key types aside from RSA ([#91](https://github.com/calebstewart/pwncat/issues/91))
 - Added implant module `list` command to match documentation ([#224](https://github.com/calebstewart/pwncat/issues/224)).
 - Update documentation to clarify implant reconnection
+- Fixed `--ssl` argument parsing for bind channels.

 ## [0.5.1] - 2021-12-07
 Minor bug fixes. Mainly typos from changing the package name.
--- a/pwncat/main.py
+++ b/pwncat/main.py
@ -233,11 +233,17 @@ def main():
            if query_args["certfile"] is not None or query_args["keyfile"] is not None:
                query_args["ssl"] = True

-            if query_args["protocol"] not in [None, "bind", "connect"] and args.ssl:
+            if query_args["protocol"] not in [
+                None,
+                "bind",
+                "connect",
+            ] and query_args.get("ssl"):
                console.log(
                    f"[red]error[/red]: --ssl is incompatible with an [yellow]{query_args['protocol']}[/yellow] protocol"
                )
                return
+            elif query_args["protocol"] is not None:
+                query_args["protocol"] = "ssl-" + query_args["protocol"]

            if (
                sum(
--- a/pwncat/channel/ssl_bind.py
+++ b/pwncat/channel/ssl_bind.py
@ -23,7 +23,15 @@ class SSLBind(Bind):

        self.context.load_cert_chain(certfile, keyfile)

-        self.server = self.context.wrap_socket(self.server)
+        # self.server = self.context.wrap_socket(self.server)
+
+    def _socket_connected(self, client):
+        try:
+            client = self.context.wrap_socket(client, server_side=True)
+        except ssl.SSLError as exc:
+            raise ChannelError(self, str(exc))
+
+        super()._socket_connected(client)

    def connect(self):

--- a/pwncat/channel/ssl_connect.py
+++ b/pwncat/channel/ssl_connect.py
@ -17,6 +17,6 @@ class SSLConnect(Connect):

            client = self.context.wrap_socket(client)
        except ssl.SSLError as exc:
-            raise ChannelError(str(exc))
+            raise ChannelError(self, str(exc))

        super()._socket_connected(client)
--- a/pwncat/commands/connect.py
+++ b/pwncat/commands/connect.py
@ -195,6 +195,16 @@ class Command(CommandDefinition):
        if query_args["certfile"] is not None or query_args["keyfile"] is not None:
            query_args["ssl"] = True

+        if query_args["protocol"] not in [None, "bind", "connect"] and query_args.get(
+            "ssl"
+        ):
+            console.log(
+                f"[red]error[/red]: --ssl is incompatible with an [yellow]{query_args['protocol']}[/yellow] protocol"
+            )
+            return
+        elif query_args["protocol"] is not None:
+            query_args["protocol"] = "ssl-" + query_args["protocol"]
+
        if (
            sum(
                [
@ -208,8 +218,6 @@ class Command(CommandDefinition):
            console.log("[red]error[/red]: multiple ports specified")
            return

-        console.log(args.pos_port)
-
        if args.port is not None:
            query_args["port"] = args.port
        if args.pos_port is not None: