CUEH · scholesj2 · Nov 8, 2021 · Nov 9, 2021 · Nov 9, 2021 · Nov 10, 2021
diff --git a/src/leap.py b/src/leap.py
@@ -1,22 +1,310 @@
-def dummyFunc(data):
-    """ This function is a placeholder """
-    import base64
-    out=""
-    for i in data:
-        v=ord(i)
-        v=((v&1)<<6) | (v>>1)
-        out+=chr(v)
-    return base64.b64encode(str.encode("".join(out))).decode()
-
-def unDummyFunc(data):
-    """ This function is a placeholder """
-    import base64
-    out=""
-    for i in base64.b64decode(str.encode(data)).decode("utf-8"):
-        v=ord(i)
-        v=((v&64)>>6) | ((v<<1)&127)
-        out+=chr(v)        
-    return "".join(out)
-
-if __name__=="__main__":
-    print("Your code goes here")
+#CW 2
+import os
+import platform
+import ctypes
+from uuid import getnode as get_mac
+import sys
+import pexpect
+
+def AdminTest():
+    try:
+        return ctypes.windll.shell32.IsUserAnAdmin()
+    except:
+        return False
+
+
+def enum_1():
+    print("enum-1: Get current user by: Tazmin (11193276)")
+
+    Username = os.getlogin()        #gets the value of the current activer users username and saves it as a variable.
+    return Username
+
+
+def enum_2():
+    print("enum-2: Get user domain by: Jacob (11198307)")
+
+    domain = os.environ['userdomain']
+    return domain
+
+
+def enum_3():
+    print("enum-3: Get operating system by: Webb (11537300)")
+
+    # get OS name
+    opsys_name = platform.system()
+
+    # get OS version
+    opsys_release = platform.release()
+
+    # return OS name and version
+    return f"{opsys_name} {opsys_release}"
+
+
+def enum_4():
+    print("enum-4: List all users by: Jordan (11103769)")
+
+    print("List of all users")
+    print()
+
+    data = os.popen("net user")
+    data = data.read()
+    return data
+
+
+def enum_5():
+    print("enum-5: router scan by: Jacob (11198307)")
+
+    info = os.popen("netstat -rn")
+    info = info.read()
+    return info
+
+
+def enum_6():
+    print("enum-6: Get group ID by: Joe (10679803) and Tazmin (11193276)")
+
+    gid = os.getgid()       #checks the user ID for the active user and saves it as a variable
+    return gid
+
+
+def enum_7():
+    print("enum-7: Is current user an admin by: Joe (10679803)")
+
+    if ctypes.windll.shell32.IsUserAnAdmin():
+        message = 'privilege escalation.'
+    else:
+        message = 'not privilege escalation'
+    return message
+
+
+def enum_8():
+    print("enum-8: Get MAC address by: Reece (11073439)")
+
+    macaddress = get_mac()
+    return macaddress
+
+
+def privesc_1():
+    print("priv-esc-1 by: Tazmin (11193276) and Webb (11537300)")
+    if AdminTest():                                                     #checks the value of admintest
+        print("you are running in admin.")                              #confirms that they are using admin
+        print("press enter to view all your network configs")           #shows the user what will happen
+        input()
+        os.system("ipconfig/all")                                       #runs the command into the shell and displays the network configs
+        input()
+    else:                                                                                                       #this is the fail safe if python isn't launched as admin.
+        print("you are not running as admin, press enter to run as admin")                                      #informs the user they are not admin
+        input()
+        ctypes.windll.shell32.ShellExecuteW(None, "runas", sys.executable, " ".join(sys.argv), None, 1)         #this runs the application as admin allowing us to use OS.System commands that need admin rights
+        print("press enter to view all your network configs")                                                   #shows the user what will happen
+        input()
+        os.system("ipconfig/all")                                                                               #runs the command
+
+
+def privesc_2(ops):
+    print("priv-esc-2 by: Webb (11537300)")
+
+    if ops == "Windows":
+        # open windows cmd as administrator
+        os.system("""powershell -Command "Start-Process cmd -Verb RunAs""""")
+
+    elif ops == "Linux":
+        # open root terminal
+        os.system("sudo x-terminal-emulator")
+
+def privesc_3():
+    print("priv-esc-3 by: Jordan And Jacob")
+    #Privilege Escalation to exploit a Misconfigured system with a Default Password "toor"
+    #Spawn starts and controls child applications
+    child = pexpect.spawn("su")
+    #logs and reads the input and outputs from the above command
+    child.logfile_read = sys.stdout
+    #Child process waits for the Terminal's password prompt
+    child.expect("Password:")
+    #Sends the password "toor" into the terminal
+    child.sendline("toor")
+    #Child process waits on the Hash symbol
+    child.sendline("whoami")
+    child.expect("#")
+    check = child.expect("root")
+
+    print(check)
+    #Checks if whoami returns root and prints a statement based on outcome
+    if check == "root":
+        print("Success")
+    else:
+        print("failure")
+
+
+def file_output(output):
+    # get file name from user
+    print("Enter file name:")
+    filename = input()
+
+    # get file path from user
+    print("\nEnter file path:")
+    print("(If left blank the file will be stored in the current directory)")
+    filepath = input()
+
+    # if no path given, use current directory
+    if filepath == "":
+        filepath = os.getcwd()
+
+    # write enum result to file
+    file = open(f"{filepath}\{filename}", "a")
+    file.write(f"{output}\n")
+
+    # close file
+    file.close
+
+
+def menu(sys):
+    finish = False
+
+    # display windows menu
+    if sys == "Windows":
+        # print menu
+        print("Which line of code would you like to try? (Enter a number):\n"
+              "1: Get current user by: Tazmin (11193276)\n"
+              "2: Get user domain by: Jacob (11198307)\n"
+              "3: Get operating system by: Webb (11537300)\n"
+              "4: List all users by: Jordan (11103769)\n"
+              "5: Port scanning by: Jacob (11198307)\n"
+              "7: Is current user an admin by: Joe (10679803)\n"
+              "8: Get MAC address by: Reece (11073439)\n"
+              "9: priv-esc-1 by: Tazmin (11193276) and Webb (11537300)\n"
+              "10: priv-esc-2 by: Webb (11537300)\n"
+              "11: priv-esc-3 by:\n"
+              "12: Quit program\n")
+
+        # handle invalid inputs
+        try:
+            start = int(input())
+        except:
+            start = 13
+
+        if (start == 6):
+            start = 13
+
+    # display linux menu
+    elif sys == "Linux":
+        # print menu
+        print("Which line of code would you like to try? (Enter a number):\n"
+              "1: Get current user by: Tazmin (11193276)\n"
+              "3: Get operating system by: Webb (11537300)\n"
+              "5: Port scanning by: Jacob (11198307)\n"
+              "6: Get group ID by: Joe (10679803) and Tazmin (11193276)\n"
+              "8: Get MAC address by: Reece (11073439)\n"
+              "10: priv-esc-2 by: Webb (11537300)\n"
+              "11: priv-esc-3 by:\n"
+              "12: Quit program\n")
+
+        # handle invalid inputs
+        try:
+            start = int(input())
+        except:
+            start = 13
+
+        if (start == 2) or (start == 4) or (start == 7) or (start == 9):
+            start = 13
+
+    # go to function chosen by user, print returned value
+    if start == 1:
+        result = enum_1()
+        print(result)
+        input()
+
+    elif start == 2:
+        result = enum_2()
+        print(result)
+        input()
+
+    elif start == 3:
+        result = enum_3()
+        print(result)
+        input()
+
+    elif start == 4:
+        result = enum_4()
+        print(result)
+        input()
+
+    elif start == 5:
+        result = enum_5()
+        print(result)
+        input()
+
+    elif start == 6:
+        result = enum_6()
+        print(result)
+        input()
+
+    elif start == 7:
+        result = enum_7()
+        print(result)
+        input()
+
+    elif start == 8:
+        result = enum_8()
+        print(result)
+        input()
+
+    elif start == 9:
+        print(privesc_1())
+        input()
+
+    elif start == 10:
+        print(privesc_2(sys))
+        input()
+
+    elif start == 11:
+        print(privesc_3())
+        input()
+
+    elif start == 12:
+        # if user wants to quit
+        finish = True
+
+    else:
+        print("Invalid Input")
+        input()
+
+    # if enumeration selected, offer to print result to a file
+    if start in range(1, 8, 1):
+        print("Would you like to print to a file? Y/N")
+
+        # if user says yes, print to file
+        if input().upper() == "Y":
+            file_output(result)
+
+    # return whether user wants to quit
+    return finish
+
+
+# continue to display menu
+while 1 == 1:
+    # find operating system
+    opsys = platform.system()
+
+    if opsys == "Windows":
+        # clear screen
+        os.system("cls")
+        # open menu
+        stop = menu(opsys)
+
+        # if user wants to quit, break loop
+        if stop is True:
+            break
+
+    elif opsys == "Linux":
+        # clear screen
+        os.system("clear")
+        # open menu
+        stop = menu(opsys)
+
+        # if user wants to quit, break loop
+        if stop is True:
+            break
+
+    else:
+        print("Operating system not recognised")
+        break
diff --git a/tests/Linux_tests.docx b/tests/Linux_tests.docx
diff --git a/tests/Windows_tests.docx b/tests/Windows_tests.docx
diff --git a/tests/enum3_test.py b/tests/enum3_test.py
@@ -0,0 +1,23 @@
+import unittest
+import platform
+
+
+def enum_3():
+    print("enum-3: Get operating system by: Webb")
+
+    # get OS name
+    opsys_name = platform.system()
+
+    # get OS version
+    opsys_release = platform.release()
+
+    # return OS name and version
+    return f"{opsys_name} {opsys_release}"
+
+
+class Test(unittest.TestCase):
+    def test(self):
+        self.assertEqual(enum_3(), "Windows 10")
+
+
+unittest.main()