diff --git a/src/leap.py b/src/leap.py index b4c6d13c..0524861a 100644 --- a/src/leap.py +++ b/src/leap.py @@ -1,22 +1,310 @@ -def dummyFunc(data): - """ This function is a placeholder """ - import base64 - out="" - for i in data: - v=ord(i) - v=((v&1)<<6) | (v>>1) - out+=chr(v) - return base64.b64encode(str.encode("".join(out))).decode() - -def unDummyFunc(data): - """ This function is a placeholder """ - import base64 - out="" - for i in base64.b64decode(str.encode(data)).decode("utf-8"): - v=ord(i) - v=((v&64)>>6) | ((v<<1)&127) - out+=chr(v) - return "".join(out) - -if __name__=="__main__": - print("Your code goes here") +#CW 2 +import os +import platform +import ctypes +from uuid import getnode as get_mac +import sys +import pexpect + +def AdminTest(): + try: + return ctypes.windll.shell32.IsUserAnAdmin() + except: + return False + + +def enum_1(): + print("enum-1: Get current user by: Tazmin (11193276)") + + Username = os.getlogin() #gets the value of the current activer users username and saves it as a variable. + return Username + + +def enum_2(): + print("enum-2: Get user domain by: Jacob (11198307)") + + domain = os.environ['userdomain'] + return domain + + +def enum_3(): + print("enum-3: Get operating system by: Webb (11537300)") + + # get OS name + opsys_name = platform.system() + + # get OS version + opsys_release = platform.release() + + # return OS name and version + return f"{opsys_name} {opsys_release}" + + +def enum_4(): + print("enum-4: List all users by: Jordan (11103769)") + + print("List of all users") + print() + + data = os.popen("net user") + data = data.read() + return data + + +def enum_5(): + print("enum-5: router scan by: Jacob (11198307)") + + info = os.popen("netstat -rn") + info = info.read() + return info + + +def enum_6(): + print("enum-6: Get group ID by: Joe (10679803) and Tazmin (11193276)") + + gid = os.getgid() #checks the user ID for the active user and saves it as a variable + return gid + + +def enum_7(): + print("enum-7: Is current user an admin by: Joe (10679803)") + + if ctypes.windll.shell32.IsUserAnAdmin(): + message = 'privilege escalation.' + else: + message = 'not privilege escalation' + return message + + +def enum_8(): + print("enum-8: Get MAC address by: Reece (11073439)") + + macaddress = get_mac() + return macaddress + + +def privesc_1(): + print("priv-esc-1 by: Tazmin (11193276) and Webb (11537300)") + if AdminTest(): #checks the value of admintest + print("you are running in admin.") #confirms that they are using admin + print("press enter to view all your network configs") #shows the user what will happen + input() + os.system("ipconfig/all") #runs the command into the shell and displays the network configs + input() + else: #this is the fail safe if python isn't launched as admin. + print("you are not running as admin, press enter to run as admin") #informs the user they are not admin + input() + ctypes.windll.shell32.ShellExecuteW(None, "runas", sys.executable, " ".join(sys.argv), None, 1) #this runs the application as admin allowing us to use OS.System commands that need admin rights + print("press enter to view all your network configs") #shows the user what will happen + input() + os.system("ipconfig/all") #runs the command + + +def privesc_2(ops): + print("priv-esc-2 by: Webb (11537300)") + + if ops == "Windows": + # open windows cmd as administrator + os.system("""powershell -Command "Start-Process cmd -Verb RunAs""""") + + elif ops == "Linux": + # open root terminal + os.system("sudo x-terminal-emulator") + +def privesc_3(): + print("priv-esc-3 by: Jordan And Jacob") + #Privilege Escalation to exploit a Misconfigured system with a Default Password "toor" + #Spawn starts and controls child applications + child = pexpect.spawn("su") + #logs and reads the input and outputs from the above command + child.logfile_read = sys.stdout + #Child process waits for the Terminal's password prompt + child.expect("Password:") + #Sends the password "toor" into the terminal + child.sendline("toor") + #Child process waits on the Hash symbol + child.sendline("whoami") + child.expect("#") + check = child.expect("root") + + print(check) + #Checks if whoami returns root and prints a statement based on outcome + if check == "root": + print("Success") + else: + print("failure") + + +def file_output(output): + # get file name from user + print("Enter file name:") + filename = input() + + # get file path from user + print("\nEnter file path:") + print("(If left blank the file will be stored in the current directory)") + filepath = input() + + # if no path given, use current directory + if filepath == "": + filepath = os.getcwd() + + # write enum result to file + file = open(f"{filepath}\{filename}", "a") + file.write(f"{output}\n") + + # close file + file.close + + +def menu(sys): + finish = False + + # display windows menu + if sys == "Windows": + # print menu + print("Which line of code would you like to try? (Enter a number):\n" + "1: Get current user by: Tazmin (11193276)\n" + "2: Get user domain by: Jacob (11198307)\n" + "3: Get operating system by: Webb (11537300)\n" + "4: List all users by: Jordan (11103769)\n" + "5: Port scanning by: Jacob (11198307)\n" + "7: Is current user an admin by: Joe (10679803)\n" + "8: Get MAC address by: Reece (11073439)\n" + "9: priv-esc-1 by: Tazmin (11193276) and Webb (11537300)\n" + "10: priv-esc-2 by: Webb (11537300)\n" + "11: priv-esc-3 by:\n" + "12: Quit program\n") + + # handle invalid inputs + try: + start = int(input()) + except: + start = 13 + + if (start == 6): + start = 13 + + # display linux menu + elif sys == "Linux": + # print menu + print("Which line of code would you like to try? (Enter a number):\n" + "1: Get current user by: Tazmin (11193276)\n" + "3: Get operating system by: Webb (11537300)\n" + "5: Port scanning by: Jacob (11198307)\n" + "6: Get group ID by: Joe (10679803) and Tazmin (11193276)\n" + "8: Get MAC address by: Reece (11073439)\n" + "10: priv-esc-2 by: Webb (11537300)\n" + "11: priv-esc-3 by:\n" + "12: Quit program\n") + + # handle invalid inputs + try: + start = int(input()) + except: + start = 13 + + if (start == 2) or (start == 4) or (start == 7) or (start == 9): + start = 13 + + # go to function chosen by user, print returned value + if start == 1: + result = enum_1() + print(result) + input() + + elif start == 2: + result = enum_2() + print(result) + input() + + elif start == 3: + result = enum_3() + print(result) + input() + + elif start == 4: + result = enum_4() + print(result) + input() + + elif start == 5: + result = enum_5() + print(result) + input() + + elif start == 6: + result = enum_6() + print(result) + input() + + elif start == 7: + result = enum_7() + print(result) + input() + + elif start == 8: + result = enum_8() + print(result) + input() + + elif start == 9: + print(privesc_1()) + input() + + elif start == 10: + print(privesc_2(sys)) + input() + + elif start == 11: + print(privesc_3()) + input() + + elif start == 12: + # if user wants to quit + finish = True + + else: + print("Invalid Input") + input() + + # if enumeration selected, offer to print result to a file + if start in range(1, 8, 1): + print("Would you like to print to a file? Y/N") + + # if user says yes, print to file + if input().upper() == "Y": + file_output(result) + + # return whether user wants to quit + return finish + + +# continue to display menu +while 1 == 1: + # find operating system + opsys = platform.system() + + if opsys == "Windows": + # clear screen + os.system("cls") + # open menu + stop = menu(opsys) + + # if user wants to quit, break loop + if stop is True: + break + + elif opsys == "Linux": + # clear screen + os.system("clear") + # open menu + stop = menu(opsys) + + # if user wants to quit, break loop + if stop is True: + break + + else: + print("Operating system not recognised") + break diff --git a/tests/Linux_tests.docx b/tests/Linux_tests.docx new file mode 100644 index 00000000..e22d9e14 Binary files /dev/null and b/tests/Linux_tests.docx differ diff --git a/tests/Windows_tests.docx b/tests/Windows_tests.docx new file mode 100644 index 00000000..76a9e45b Binary files /dev/null and b/tests/Windows_tests.docx differ diff --git a/tests/enum3_test.py b/tests/enum3_test.py new file mode 100644 index 00000000..4be02c67 --- /dev/null +++ b/tests/enum3_test.py @@ -0,0 +1,23 @@ +import unittest +import platform + + +def enum_3(): + print("enum-3: Get operating system by: Webb") + + # get OS name + opsys_name = platform.system() + + # get OS version + opsys_release = platform.release() + + # return OS name and version + return f"{opsys_name} {opsys_release}" + + +class Test(unittest.TestCase): + def test(self): + self.assertEqual(enum_3(), "Windows 10") + + +unittest.main()