Its a Test

documents/links.txt

@@ -0,0 +1,3 @@
+
+Python Execute Unix / Linux Command Examples:
+https://www.cyberciti.biz/faq/python-execute-unix-linux-command-examples/

src/all_information.py

@@ -0,0 +1,18 @@
+
+from colors import bcolors
+
+from js_plugins import HostInfo   
+
+import os
+import subprocess
+
+if __name__=="__main__":
+
+    print(bcolors.CGREY + "====" + bcolors.ENDC + bcolors.WARNING + "[BASIC INFORMATION]" + bcolors.ENDC + bcolors.CGREY + "="*37 + bcolors.ENDC)
+
+    ens=[]
+    ens.append(HostInfo())
+
+
+    print(bcolors.CGREY + "="*60 + bcolors.ENDC)
+

src/colors.py

@@ -0,0 +1,46 @@
+class bcolors:
+    HEADER = '\033[95m'
+    OKBLUE = '\033[94m'
+    OKCYAN = '\033[96m'
+    OKGREEN = '\033[92m'
+    WARNING = '\033[93m'
+    FAIL = '\033[91m'
+    ENDC = '\033[0m'
+    BOLD = '\033[1m'
+    UNDERLINE = '\033[4m'
+
+    CBLACK  = '\33[30m'
+    CRED    = '\33[31m'
+    CGREEN  = '\33[32m'
+    CYELLOW = '\33[33m'
+    CBLUE   = '\33[34m'
+    CVIOLET = '\33[35m'
+    CBEIGE  = '\33[36m'
+    CWHITE  = '\33[37m'
+
+    CBLACKBG  = '\33[40m'
+    CREDBG    = '\33[41m'
+    CGREENBG  = '\33[42m'
+    CYELLOWBG = '\33[43m'
+    CBLUEBG   = '\33[44m'
+    CVIOLETBG = '\33[45m'
+    CBEIGEBG  = '\33[46m'
+    CWHITEBG  = '\33[47m'
+
+    CGREY    = '\33[90m'
+    CRED2    = '\33[91m'
+    CGREEN2  = '\33[92m'
+    CYELLOW2 = '\33[93m'
+    CBLUE2   = '\33[94m'
+    CVIOLET2 = '\33[95m'
+    CBEIGE2  = '\33[96m'
+    CWHITE2  = '\33[97m'
+
+    CGREYBG    = '\33[100m'
+    CREDBG2    = '\33[101m'
+    CGREENBG2  = '\33[102m'
+    CYELLOWBG2 = '\33[103m'
+    CBLUEBG2   = '\33[104m'
+    CVIOLETBG2 = '\33[105m'
+    CBEIGEBG2  = '\33[106m'
+    CWHITEBG2  = '\33[107m'

src/commandline.py

@@ -0,0 +1,40 @@
+import argparse
+import os, sys
+import subprocess
+
+
+
+parser = argparse.ArgumentParser()
+
+parser.add_argument('-enum', help="execute a enumeration -> -enum [enumeration]")
+
+parser.add_argument("-d", help="\tchoose the file directory -> -d [/directory]")
+parser.add_argument('--create', help="create a file -> --create [file_name].txt")
+
+
+args = parser.parse_args()
+
+#dictionary
+dic = { 'E1':'find /etc/ -readable -type f 2>/dev/null', 'E2':'whoami'}
+
+
+if args.enum:
+    for key, value in dic.items():
+        if args.enum == key:
+            os.system(value)
+elif args.enum is None:
+    pass
+
+if args.create:
+    for key, value in dic.items():
+        if args.enum == key:
+            with open(f"{args.d}{args.create}.txt", "w+") as file:
+                file.write(os.popen(value).read())
+elif args.create is None:
+    pass
+
+
+
+
+
+

src/js_plugins.py

@@ -2,11 +2,15 @@
 
 from plugins import PrivEsc, Enumeration
 
-import os, tempfile
-
 from subprocess import Popen, PIPE
 
-import pty
+from colors import bcolors  
+
+import platform
+
+import os, subprocess, tempfile, pathlib, pty, stat
+
+import tempfile
 
 
 # A very basic method, but useful
@@ -22,25 +26,194 @@ def shellRun(command):
     pty.spawn("/bin/bash")
     #os.system(fname)
     os.unlink(fname)
+    print('\033c') # clean console
 
+def grabOutput(command):
+    sp = subprocess.run(command, stdout=subprocess.PIPE)
+    return sp.stdout.decode()
 
-class DumbSudoEscalation(PrivEsc):
-    """An example plugin that tries to use `sudo su` to get root. 
-
-    Requires being given the password for the current user and relies
-    on the current user having sudo privs, so while technically it
-    escalates proveleges, it does so only if you already have the
-    right credentials
+def checkBinary(p):
+    pl=pathlib.Path(p)
+    exists = pl.exists()
+    suid=False
+    if exists:
+        suid=(pl.stat().st_mode & stat.S_ISUID) != 0
+
+    return(exists, suid) 
 
+#function to create a file
+def file(choose, name, directory, text):
     """
-    def __init__(self, pw):
-        PrivEsc.__init__(self)
-        self.pw=pw
-        self.name="DumbSudoEscalation - not that useful"
-        self.author="James Shuttleworth"
-        self.description="Use sudo to 'hack' into the root account"
+    choose: option if the user want or not paste information inside the file
+    name: name of the file what user choose
+    directory: where the file is stay
+    text: the content of enumeration gonn pass inside the file
+    """
+    if choose == "YES":
+        #append and read a file [a+]
+        with open(f"../gather_info/{directory}/{name}.txt", "a+") as f: # a+ -> append + read in a file
+            f.write(text) # write content (text) inside the file
+            os.system(f"cat ../gather_info/{directory}/{name}.txt") #show information inside the file
+
+    elif choose == "NO":
+        print("Display Information")
+
+
+class Curl(PrivEsc):
+    def __init__(self):
+        self.name="CurlEscalator"
+        self.author=""
+        self.description=""
     def execute(self):
-        print("Executing")
+        print('\033c') # clean console
+        curlPath="/usr/bin/curl"
+        suid=checkBinary(curlPath)
+        if not suid:
+            print(f"{curlPath} does not exist SUID bit set" )
+            return
+        output = grabOutput(["/usr/bin/curl", "file:///etc/passwd"])
+        print(output)
+
+class Cat(PrivEsc):
+    def __init__(self):
+        self.name="Python"
+        self.author="Pedro Tinoco"
+        self.description="CAT Privilege"
+    def execute(self):
+        print('\033c') # clean console
+        output = grabOutput(["./cat /etc/shadow"])
+        print(output)
+
+
+class FileSystem(Enumeration):
+    def __init__(self):
+        Enumeration.__init__(self)
+        self.name="File Systems"
+        self.author="Pedro Tinoco"
+        self.description="What can be found in /var/"
+        self.version = "2.0"
+    def execute(self):
+        print('\033c')        
+        var = [] #empty list
+
+        #append this enumeration to the list 
+        var.append(grabOutput(['ls', '-alh', '/var/log']))
+        var.append(grabOutput(['ls', '-alh', '/var/mail']))
+        var.append(grabOutput(['ls', '-alh', '/var/spool']))
+
+        #option if the user want or not the enumeration information inside the file
+        create_file = input("Do you want save this information in a file: YES or NO   ")
+        if create_file == "YES": 
+            print('\033c') 
+            print("Directories: \n")
+            os.system("ls ../gather_info/") #show the directories inside the /gather_info/
+            directory = input("Name of the directory: ") #choose the directory name
+            name = input("Name of the file: ") #choose the file name
+            print('\033c') 
+            for i in var: 
+                file(create_file, name, directory, i + "-"*60 + '\n' ) #call the function and pass information into a file
+        else: #if the user dont want a file
+            print('\033c') 
+            for i in var: #just print the enumeration
+                print(i)
+
+
+class Service_Applications(Enumeration):
+    def __init__(self):
+        Enumeration.__init__(self)
+        self.name="Service and Applications"
+        self.author="Pedro Tinoco"
+        self.description="Services are runnig"
+        self.version = "1.0" 
+    def execute(self):
+        print('\033c') # clean console
+
+        enum = "YES"
+
+        while enum == "YES": #while user want run the servie applications enumeration the (enum) = TRUE
+
+            var = [] # empty list
+
+            #dictionary with service application enumerations
+            dictionary = {"s1":"ps aux", "s2":"ps aux | grep root", "s3":"ls -alh /sbin/"}
+
+            #this going to print the key (s1/s2/s3) and the corresponding value 
+            for key, value in dictionary.items():
+                print(f'{key}={value}\n')
+
+            #choose what enumeration the user want run
+            choose = input("Select Service Application Enumeration: ")
+            for key, value in dictionary.items():
+                if choose == key: #if the choose its equal to key
+                    os.system(value) #than print the corresponding enumeration
+
+            #append this enumeration to the list 
+            if choose == "s1":
+                var.append(grabOutput(['ps', 'aux']))
+            elif choose == "s2":
+                var.append(grabOutput(['ps', 'aux', '|', 'grep root']))
+            elif choose == "s3":
+                var.append(grabOutput(['ls', '-alh', '/sbin']))
+
+            #option if the user want or not the enumeration information inside the file
+            create_file = input("\nDo you want save this information in a file: YES or NO   ")
+
+            if create_file == "YES": 
+                print("Directories: \n")
+                os.system("ls ../gather_info/") #show the directories inside the /gather_info/
+                directory = input("Name of the directory: ")  #choose the directory name
+                name = input("Name of the file: ") #choose the file name
+                print('\033c') 
+                for i in var:
+                    file(create_file, name, directory, i + "-"*60 + '\n' ) #call the function and pass information into a file
+
+                enum = input("\nDo you want execute other FileSytem Enumeration ? YES or NO  ") #option if user want run again 
+
+            else:  #if the user dont want a file
+                enum = input("\nDo you want execute other FileSytem Enumeration ? YES or NO  ") #option if user want run again 
+                print('\033c') 
+
+
+
+class Windows(Enumeration):
+    def __init__(self):
+        Enumeration.__init__(self)
+        self.name="Windows Enumeration"
+        self.author="Pedro Tinoco"
+        self.description="get the system information of target system, this includes installed hotfixes"
+        self.version = "1.0" 
+    def execute(self):
+        os.system("systeminfo")
+
+#this is a Enumeration with simple information
+class HostInfo(Enumeration):
+    def __init__(self):
+        Enumeration.__init__(self)
+        print("\n", end="")
+
+        print('\tHostname: ' + '\n\t-> ' + bcolors.BOLD + bcolors.UNDERLINE + grabOutput(["hostname"]) + bcolors.ENDC, end="")
+
+        print('\n\tUser: ' + '\n\t-> ' + bcolors.BOLD + bcolors.UNDERLINE + grabOutput(["whoami"]) + bcolors.ENDC, end="")
+
+        print('\n\tCurrently Logged in Users: ' + '\n\t-> ' + bcolors.BOLD + bcolors.UNDERLINE + grabOutput(["who", "-H"]) + bcolors.ENDC, end="")
+
+        print('\n\tOS: ' + '\n\t-> ' + bcolors.BOLD + bcolors.UNDERLINE + platform.system() + bcolors.ENDC, end="")
+
+        print('\n\n\tCurrent Directory: ' + '\n\t-> ' + bcolors.BOLD + bcolors.UNDERLINE + os.getcwd() + bcolors.ENDC, end="")
+
+        print("\n\n\tID Info: ")
+        idData = grabOutput("id")
+        parts = idData.split(" ")
+        for part in parts[:2]:
+            print(f"\t-> " + bcolors.BOLD + bcolors.UNDERLINE + part + bcolors.ENDC)
+
+        print("\n\tGroup Info: ")
+        groups = parts[2][7:].split() #put split(",") and make like id format
+        for g in groups:
+            print(f"\t-> " + bcolors.BOLD + bcolors.UNDERLINE + g + bcolors.ENDC)
+
+
+
+
 
-        shellRun("sudo xterm")
-        print("Done")
+

src/leap.py

@@ -1,4 +1,5 @@
 #!/usr/bin/env python3
+
 import platform
 import sys
 from js_plugins import DumbSudoEscalation
@@ -21,6 +22,7 @@
     elif system=="Windows":
         pes=[]
 
+
         ens=[]
         ens.append(wEnum_WindowsServices())
 
@@ -32,6 +34,7 @@
     else:
         shouldQuit=False
 
+
         while not shouldQuit:
             print("=".join("-"*10))
             print(" Logo here...")
@@ -87,3 +90,4 @@
 
             else:
                 print("Unknown command")
+

src/plugins.py

@@ -3,8 +3,6 @@
 import pty
 
 
-
-
 ## A couple of optional super classes and a general item class to represent them more abstractly
 ## Can be used to add common functionality to privesc/enumeration plugins
 
@@ -15,6 +13,8 @@ def __init__(self):
         self.name="Not for actual use"
         self.author="James Shuttleworth"
         self.description="Someone needs to write this bit"
+        self.version = 1.0
+
     def execute(self):
         """Execute the privelege escalation/enumeration, dropping the user
         into a shell or displaying collected info.
@@ -24,14 +24,17 @@ def execute(self):
     def info(self):
         """Return useful information on the plugin, suitable for the user to
         read"""
-        return f"{self.name}, by {self.author}.  {self.description}"
+        return f"\nName: {self.name} \nAuthor: {self.author} \nDescription: {self.description}"
+
 
 class PrivEsc(Item):
     def info(self):
+
         return "PRIVESC: "+Item.info(self)
     pass
 
 class Enumeration(Item):
     def info(self):
         return "ENUMERATION: "+Item.info(self)
     pass
+

src/progresse_bar.py

@@ -0,0 +1,13 @@
+
+import sys
+
+def progress(count, total, status=''):
+    bar_len = 50
+    filled_len = int(round(bar_len * count / float(total)))
+
+    percents = round(100 * count / float(total), 1)
+    bar = '|' * filled_len + '-' * (bar_len - filled_len)
+
+    sys.stdout.write('[%s] %s%s %s\r' % (bar, percents, '%', status))
+    sys.stdout.flush()  
+

tests/test_dummy.py

@@ -1,11 +1,23 @@
 import pytest
 import sys
-sys.path.append("./src/")
-import leap
+import platform
+sys.path.append("../src/")
+import js_plugins
+import plugins
 
 
-flag="MzZwcx15NHQzOnxzcnI9cjk="
 
+def test_grabOutput():
+    output=js_plugins.grabOutput(["which", "doesnotexist"])
+    assert len(output)==0
 
-def test_dummy():
-    assert leap.dummyFunc(leap.unDummyFunc(flag))==flag
+def test_grabOutput_something():
+    output=js_plugins.grabOutput(["which", "ls"])
+    assert len(output)>0
+    assert "ls" in output
+
+
+def test_hostinfo():
+    h=js_plugins.HostInfo()
+    assert isinstance(h,plugins.Enumeration)
+    assert isinstance(h,plugins.Item)