From cae4dee77c796e281c5814557f041b3966e3782a Mon Sep 17 00:00:00 2001 From: Nick Date: Thu, 10 Dec 2020 07:47:29 +0000 Subject: [PATCH 1/7] Little edit --- src/plugins_template.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/plugins_template.py b/src/plugins_template.py index ac0a765..1172785 100644 --- a/src/plugins_template.py +++ b/src/plugins_template.py @@ -1,7 +1,6 @@ """ Template file for crating a plugins """ from plugins import PrivEsc, Enumeration -import pty @@ -11,7 +10,7 @@ class Escalation(PrivEsc): """ Template for PrivEsc plugin """ - def __init__(self, pw): + def __init__(self): PrivEsc.__init__(self) self.name="Name of the metod" self.author="Authors name" @@ -37,4 +36,4 @@ def __init__(self): def execute(self): print("Executing") #Code for executing the method - print("Done") \ No newline at end of file + print("Done") From 15d2b157b570a3781320a68a95eccd49c59d9a41 Mon Sep 17 00:00:00 2001 From: "Nikolay Ivanov (ivanovn)" Date: Thu, 10 Dec 2020 21:53:39 +0000 Subject: [PATCH 2/7] Update README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 69e33db..a07066e 100644 --- a/README.md +++ b/README.md @@ -36,7 +36,7 @@ The project is based on Python 3. It contains a menu, "ocLE4P.py", from which, Run ```python3 ocLE4P.py``` to open the menu or ```python3 ocLE4P.py -h``` for non-interactive interface. ## Unit Tests: -### 'mdcvxiv.py' test [![tests/test_mdcvxiv_plugins.py](https://img.shields.io/badge/tests-test__mdcvxiv__plugins.py-red)](https://github.coventry.ac.uk/ivanovn/ocLEAP/blob/master/tests/test_mdcvxiv_plugins.py) +### 'mdcvxiv.py' test [![tests/test_mdcvxiv_plugins.py](https://img.shields.io/badge/tests-test__mdcvxiv__plugins.py-red)](https://github.coventry.ac.uk/ivanovn/ocLE4P/blob/master/tests/test_mdcvxiv_plugins.py) |Function|Test|Expected result| |---|---|---| |fileIn()|Open log file|True| @@ -82,7 +82,7 @@ The project is based on Python 3. It contains a menu, "ocLE4P.py", from which, ## Plugins: -### mdcvxiv.py [![src/mdcvxiv.py](https://img.shields.io/badge/src-mdcvxiv.py-red)](https://github.coventry.ac.uk/ivanovn/ocLEAP/blob/master/src/mdcvxiv.py) +### mdcvxiv.py [![src/mdcvxiv.py](https://img.shields.io/badge/src-mdcvxiv.py-red)](https://github.coventry.ac.uk/ivanovn/ocLE4P/blob/master/src/mdcvxiv.py) #### <--------------ENUMERATION--------------> All of the enumerations plugins support the non-interactive interface. This interface can be run on Linux and Windows. The options that are provided are: ```shell From 0cd06bde120f9a94a67ba4cc5609a19b88722cb5 Mon Sep 17 00:00:00 2001 From: contehj Date: Fri, 11 Dec 2020 00:42:10 +0000 Subject: [PATCH 3/7] all updated plugins --- src/jcnetworkenum.py | 17 +++++++++++++++++ src/jcprivesc.py | 14 ++++++++++++++ src/jcsystemenum.py | 16 ++++++++++++++++ 3 files changed, 47 insertions(+) create mode 100644 src/jcnetworkenum.py create mode 100644 src/jcprivesc.py create mode 100644 src/jcsystemenum.py diff --git a/src/jcnetworkenum.py b/src/jcnetworkenum.py new file mode 100644 index 0000000..89f1464 --- /dev/null +++ b/src/jcnetworkenum.py @@ -0,0 +1,17 @@ +#!python3 +import pty +import os #used to automate linux commands within python files +from plugins import Enumeration #using generic class from plugins file +class NetworkEnumeration(Enumeration): #using generic enumeration class for specific enumeration class + def __init__(self): #constructor to initialise class + Enumeration.__init__(self) + self.name="Network Enumeration" #overriding generic info from enumeration class and replacing with meaningful info + self.author="Joe Conteh" + self.description="Provides the user with the network configuration display information and cpu architecture" + self.version="0.1 alpha" + + + def execute(self): # when called on, displays info contained in function + cpu=os.system("lscpu") #provides cpu architecture + network=os.system("ifconfig") #provides network configuration + \ No newline at end of file diff --git a/src/jcprivesc.py b/src/jcprivesc.py new file mode 100644 index 0000000..9bfe4aa --- /dev/null +++ b/src/jcprivesc.py @@ -0,0 +1,14 @@ +#!python3 +import pty +import os +from plugins import PrivEsc +class PrivilegeEsc(PrivEsc): + def __init__(self): + PrivEsc.__init__(self) + self.name="Privilege Escalation" + self.author="Joe Conteh" + self.description="Increases the privileges of the user, allows user to see contents of shadow file" + self.version="0.1 alpha" + + def execute(self): + os.system("cat /etc/shadow") \ No newline at end of file diff --git a/src/jcsystemenum.py b/src/jcsystemenum.py new file mode 100644 index 0000000..7fab99a --- /dev/null +++ b/src/jcsystemenum.py @@ -0,0 +1,16 @@ +#!python3 +import pty +import os +from plugins import Enumeration +class SystemEnumeration(Enumeration): + def __init__(self): + Enumeration.__init__(self) + self.name="System Enumeration" + self.author="Joe Conteh" + self.description="Provides the user with the system information and hostname" + self.version="0.1 alpha" + + def execute(self): + os.system("uname -a") + os.system("hostname") + From 228c4e56e86747dc030639b9208c8a31696d8bc6 Mon Sep 17 00:00:00 2001 From: ivanovn Date: Fri, 11 Dec 2020 00:46:09 +0000 Subject: [PATCH 4/7] Typos --- README.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 69e33db..261ea62 100644 --- a/README.md +++ b/README.md @@ -41,13 +41,13 @@ The project is based on Python 3. It contains a menu, "ocLE4P.py", from which, |---|---|---| |fileIn()|Open log file|True| |fileIn()|Check the functionality with simulated plugin|True| -|interactive()|Pass incorect argument and chacks for "Incorrect argument!"|True| -|interactive()|Pass two arguments and chacks for "Only one argument is required!"|True| -|interactive()|Check is every available option printed|True| +|interactive()|Pass incorrect argument and checks for "Incorrect argument!"|True| +|interactive()|Pass two arguments and checks for "Only one argument is required!"|True| +|interactive()|Check is every available option is printed|True| |interactive()|Open log file (insurance for correctly called function)|True| -|interactive()|Chacks if the options are written|True| +|interactive()|Checks if the options are written|True| |TempFile().gen()|Checks if file is generated|True| -|TempFile().gen()|Checks if file is deleted|True| +|TempFile().rem()|Checks if file is deleted|True| |Plugin|Test|Expected result| |---|---|---| From 8bccbe45b84e2be90eb4fcb35f49015128813744 Mon Sep 17 00:00:00 2001 From: contehj Date: Fri, 11 Dec 2020 00:46:29 +0000 Subject: [PATCH 5/7] Updated group menu --- src/ocLE4P.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/ocLE4P.py b/src/ocLE4P.py index 5b3d411..94b27fa 100755 --- a/src/ocLE4P.py +++ b/src/ocLE4P.py @@ -18,6 +18,10 @@ from ja_plugins import BasicHostInfo from ja_plugins import BasicNetworkInfo from ja_plugins import SudoRights + from jcprivesc import PrivilegeEsc + from jcsystemenum import SystemEnumeration + from jcnetworkenum import NetworkEnumeration + #from YOUR_PLUGINFILE import YOUR_PLUGINS @@ -48,6 +52,7 @@ ESCAL.append(grepSHADOW()) ESCAL.append(Shadow()) ESCAL.append(SudoRights()) + ESCAL.append(PrivilegeEsc()) #ESCAL.append(YOUR_PLUGIN) #Make a list of available enumerations @@ -59,6 +64,8 @@ ENUM.append(BasicHostInfo()) ENUM.append(BasicNetworkInfo()) ENUM.append(WritableScripts()) + ENUM.append(SystemEnumeration()) + ENUM.append(NetworkEnumeration()) #ENUM.append(YOUR_PLUGIN) From af24dd89ea5d9bd22b1fb7effa6ff731b3ba4f00 Mon Sep 17 00:00:00 2001 From: contehj Date: Fri, 11 Dec 2020 00:51:56 +0000 Subject: [PATCH 6/7] Updated group menu --- src/ocLE4P.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/ocLE4P.py b/src/ocLE4P.py index 94b27fa..d790717 100755 --- a/src/ocLE4P.py +++ b/src/ocLE4P.py @@ -52,7 +52,7 @@ ESCAL.append(grepSHADOW()) ESCAL.append(Shadow()) ESCAL.append(SudoRights()) - ESCAL.append(PrivilegeEsc()) + ESCAL.append(PrivilegeEsc()) #ESCAL.append(YOUR_PLUGIN) #Make a list of available enumerations @@ -64,8 +64,8 @@ ENUM.append(BasicHostInfo()) ENUM.append(BasicNetworkInfo()) ENUM.append(WritableScripts()) - ENUM.append(SystemEnumeration()) - ENUM.append(NetworkEnumeration()) + ENUM.append(SystemEnumeration()) + ENUM.append(NetworkEnumeration()) #ENUM.append(YOUR_PLUGIN) From 75096ee69b9c88c75f86a785f53fad65b0e143fb Mon Sep 17 00:00:00 2001 From: ivanovn Date: Fri, 11 Dec 2020 12:29:57 +0000 Subject: [PATCH 7/7] Last update --- README.md | 36 ++++++++++++++++++++++-------------- src/mdcvxiv.py | 10 ++++++---- 2 files changed, 28 insertions(+), 18 deletions(-) diff --git a/README.md b/README.md index adb7e88..71e251a 100644 --- a/README.md +++ b/README.md @@ -13,30 +13,38 @@ ## Introduction: -ocLE4P is a customizable Local Enumeration and Privilege Escalation tool based on Python. Everyone can write their own plugins by following the template files and including the plugins into the ocLE4P.py file. The enumeration plugins in mdcvxiv.py also support non-interactive shells. The non-interactive options give the user file with the output of the chosen enumeration. -###### What is Local Enumeration? -Local Enumeration is ordering in a list, specific assets of a system. That might be the running processes of the system, the version of the drivers, users of the system etc. -###### What is Privilege Escalation? -Privilege Escalation is escalating the rights of low privilege user to one with higher rights or root. +ocLE4P is a customizable Local Enumeration and Privilege Escalation tool based on Python. Everyone can write their own plugins by following +the template files and including the plugins into the ocLE4P.py file. The enumeration plugins in "mdcvxiv.py" also support non-interactive shells. +The non-interactive options give the user file with the output of the chosen enumeration. +###### What is Local Enumeration? +Local Enumeration is ordering in a list, specific assets of a system. That might be the running processes of the system, the version of the drivers, +users of the system etc. +###### What is Privilege Escalation? +Privilege Escalation is escalating the rights of low privilege user to one with higher rights or root. +The purpose of the project is to collect as many as possible tools for Local Enumeration and PrivEsc. That can automate the process of gathering information a system after successful penetration tasting, and it can even escalate the privilege of the user. ## User documentation: -The project is based on Python 3. It contains a menu, "ocLE4P.py", from which, the user can choose the plugin he/she wants to use. If the file is run with an argument "-h" or "--help", the non-interactive enumeration options, will be displayed. The non-interactive interface is contained in "mdcvxiv.py" plugin. +The project is based on Python 3. It contains a menu, "ocLE4P.py", from which, the user can choose the plugin he/she wants to use. If the file is run with an argument "-h" or "--help", the non-interactive enumeration options, will be displayed. The non-interactive interface is contained in "mdcvxiv.py" plugin. ### Setup - Requirements for installation: +Requirements for installation: - Linux, BSD OS or Windows (Tested on Arch, Kali Linux, LXDE, Windows7, Debian) - - python3 + - Python 3 - pip3 (dev mod) - - git (optional) - - Once downloaded, the tool is ready for usage. + - git (optional) +No external libs are used, so once downloaded, the tool is ready for usage. ### Usage - Run ```python3 ocLE4P.py``` to open the menu or ```python3 ocLE4P.py -h``` for non-interactive interface. +Run ```python3 ocLE4P.py``` to open the menu or ```python3 ocLE4P.py -h``` for non-interactive interface. +The menu has two main options. +1 - Privilege Escalation +2 - Local Enumeration +Each of them will take you to a sub-menu with the relevant plugins. The menu is checking the system when it is started, so only plugins for the specific OS are displayed. +The non-interactive interface supports all enumerations plugins in "mdcvxiv.py", so they can be started without entering the menu. The output is collected into a log file. ## Unit Tests: -### 'mdcvxiv.py' test [![tests/test_mdcvxiv_plugins.py](https://img.shields.io/badge/tests-test__mdcvxiv__plugins.py-red)](https://github.coventry.ac.uk/ivanovn/ocLE4P/blob/master/tests/test_mdcvxiv_plugins.py) +### 'mdcvxiv.py' test [![tests/test_mdcvxiv_plugins.py](https://img.shields.io/badge/tests-test__mdcvxiv__plugins.py-red)](https://github.coventry.ac.uk/ivanovn/ocLEAP/blob/master/tests/test_mdcvxiv_plugins.py) |Function|Test|Expected result| |---|---|---| |fileIn()|Open log file|True| @@ -82,7 +90,7 @@ The project is based on Python 3. It contains a menu, "ocLE4P.py", from which, ## Plugins: -### mdcvxiv.py [![src/mdcvxiv.py](https://img.shields.io/badge/src-mdcvxiv.py-red)](https://github.coventry.ac.uk/ivanovn/ocLE4P/blob/master/src/mdcvxiv.py) +### mdcvxiv.py [![src/mdcvxiv.py](https://img.shields.io/badge/src-mdcvxiv.py-red)](https://github.coventry.ac.uk/ivanovn/ocLEAP/blob/master/src/mdcvxiv.py) #### <--------------ENUMERATION--------------> All of the enumerations plugins support the non-interactive interface. This interface can be run on Linux and Windows. The options that are provided are: ```shell diff --git a/src/mdcvxiv.py b/src/mdcvxiv.py index c5267af..51aac3f 100644 --- a/src/mdcvxiv.py +++ b/src/mdcvxiv.py @@ -90,7 +90,7 @@ def NoNinteractive(*arg): Plugin for host info and host services enumeration. """ } - linEn, sysServUNIX, popsUNIX, winEn, sysServWIN=opt.items() + linEn, sysServUNIX, popsUNIX, winEn, sysServWIN = opt.items() def heLp(opt): print(description) @@ -124,7 +124,9 @@ def heLp(opt): #<---------------------------------------------------------------------------------------------------------------------> class TempFile: """ - Class with methods for temporary file crating and deleting + Class with methods for temporary file crating and deleting. + This class is used instead of tempfile with purpose not bloating + with too many libs Methods: gen() :Calls the temporary file, generated in __init__ Return: Temp. File @@ -483,7 +485,7 @@ def NETstat(): err=err.decode() return result, err - result, err=NETstat() + result, err = NETstat() if out==False: print(f"\n\n\033[1;32m Ports Status:\033[0m\n") @@ -500,7 +502,7 @@ def NETstat(): else: pass - result, err=NETstat() + result, err = NETstat() outCach+=f"\n\n\n Ports Status:\n\n" result=result.split("\n")