Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
OMARLEAP/src/js_plugins.py
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
46 lines (34 sloc)
1.29 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
""" Plugins for LEAP designed by James Shuttleworth """ | |
from plugins import PrivEsc, Enumeration | |
import os, tempfile | |
from subprocess import Popen, PIPE | |
import pty | |
# A very basic method, but useful | |
def shellRun(command): | |
""" Put given commands into a temporary file, spawn a shell and explain how to use the command """ | |
f = tempfile.NamedTemporaryFile(delete=False) | |
fname=f.name | |
f.write(command.encode()) | |
f.close() | |
os.system(f"chmod u+x {fname}") | |
print(f"Execute command with '{fname}'...\nCtrl-D to leave shell") | |
pty.spawn("/bin/bash") | |
#os.system(fname) | |
os.unlink(fname) | |
class DumbSudoEscalation(PrivEsc): | |
"""An example plugin that tries to use `sudo su` to get root. | |
Requires being given the password for the current user and relies | |
on the current user having sudo privs, so while technically it | |
escalates proveleges, it does so only if you already have the | |
right credentials | |
""" | |
def __init__(self, pw): | |
PrivEsc.__init__(self) | |
self.pw=pw | |
self.name="DumbSudoEscalation - not that useful" | |
self.author="James Shuttleworth" | |
self.description="Use sudo to 'hack' into the root account" | |
def execute(self): | |
print("Executing") | |
shellRun("sudo xterm") | |
print("Done") |