Permalink
Show file tree
Hide file tree
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Showing
4 changed files
with
151 additions
and
85 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
""" Plugins for LEAP designed by James Shuttleworth """ | ||
|
||
from plugins import PrivEsc, Enumeration | ||
|
||
import os, tempfile | ||
|
||
from subprocess import Popen, PIPE | ||
|
||
import pty | ||
|
||
|
||
# A very basic method, but useful | ||
def shellRun(command): | ||
""" Put given commands into a temporary file, spawn a shell and explain how to use the command """ | ||
f = tempfile.NamedTemporaryFile(delete=False) | ||
fname=f.name | ||
f.write(command.encode()) | ||
f.close() | ||
os.system(f"chmod u+x {fname}") | ||
print(f"Execute command with '{fname}'...\nCtrl-D to leave shell") | ||
|
||
pty.spawn("/bin/bash") | ||
#os.system(fname) | ||
os.unlink(fname) | ||
|
||
|
||
class DumbSudoEscalation(PrivEsc): | ||
"""An example plugin that tries to use `sudo su` to get root. | ||
Requires being given the password for the current user and relies | ||
on the current user having sudo privs, so while technically it | ||
escalates proveleges, it does so only if you already have the | ||
right credentials | ||
""" | ||
def __init__(self, pw): | ||
PrivEsc.__init__(self) | ||
self.pw=pw | ||
self.name="DumbSudoEscalation - not that useful" | ||
self.author="James Shuttleworth" | ||
self.description="Use sudo to 'hack' into the root account" | ||
def execute(self): | ||
print("Executing") | ||
|
||
shellRun("sudo xterm") | ||
print("Done") |
75
src/leap.py
100644 → 100755
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,22 +1,59 @@ | ||
def dummyFunc(data): | ||
""" This function is a placeholder """ | ||
import base64 | ||
out="" | ||
for i in data: | ||
v=ord(i) | ||
v=((v&1)<<6) | (v>>1) | ||
out+=chr(v) | ||
return base64.b64encode(str.encode("".join(out))).decode() | ||
#!/usr/bin/env python3 | ||
|
||
def unDummyFunc(data): | ||
""" This function is a placeholder """ | ||
import base64 | ||
out="" | ||
for i in base64.b64decode(str.encode(data)).decode("utf-8"): | ||
v=ord(i) | ||
v=((v&64)>>6) | ((v<<1)&127) | ||
out+=chr(v) | ||
return "".join(out) | ||
from js_plugins import DumbSudoEscalation | ||
|
||
if __name__=="__main__": | ||
print("Your code goes here") | ||
#Make a list of available privescs | ||
pes=[] | ||
pes.append(DumbSudoEscalation("swordfish")) | ||
#And enumerations | ||
ens=[] | ||
|
||
|
||
shouldQuit=False | ||
|
||
while not shouldQuit: | ||
print("=".join("-"*10)) | ||
print(" Logo here...") | ||
print("LEAP Menu") | ||
|
||
print("\nPrivescs:") | ||
for i in range(len(pes)): | ||
print(f"\tP{i}: {pes[i].name}") | ||
|
||
print("\nEnumerations:") | ||
for i in range(len(ens)): | ||
print(f"\tE{i}: {ens[i].name}") | ||
|
||
print("\nQ to quit") | ||
print() | ||
userInput=input("Enter a selection: ") | ||
print("-"*20) | ||
#remove whitespace, make uppercase | ||
userInput=userInput.strip().upper() | ||
|
||
if userInput == "Q": | ||
shouldQuit=True | ||
|
||
elif (userInput[0] in ["P","E"] and #Privesc or enumeration | ||
len(userInput)>1): #Make sure it's more than 1 letter | ||
|
||
useList=ens | ||
if userInput[0]=="P": | ||
useList=pes | ||
index=userInput[1:] #Get the number part... | ||
for i in index: | ||
if not i.isdigit(): | ||
print("Invalid selection:",userInput) | ||
break | ||
else: | ||
index=int(index) #Make it a number | ||
if index<len(useList): | ||
chosen=useList[index] | ||
print(chosen.info()) | ||
yesno=input("Enter YES in capitals to execute...") | ||
if yesno.strip()=="YES": | ||
chosen.execute() | ||
|
||
else: | ||
print("Unknown command") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
""" Template classes for plugins and useful functions """ | ||
|
||
import pty | ||
|
||
|
||
|
||
|
||
## A couple of optional super classes and a general item class to represent them more abstractly | ||
## Can be used to add common functionality to privesc/enumeration plugins | ||
|
||
class Item: | ||
"""A generic privelege escalation/enumeration class. Include common | ||
functionality here""" | ||
def __init__(self): | ||
self.name="Not for actual use" | ||
self.author="James Shuttleworth" | ||
self.description="Someone needs to write this bit" | ||
def execute(self): | ||
"""Execute the privelege escalation/enumeration, dropping the user | ||
into a shell or displaying collected info. | ||
""" | ||
print("This should be overridden in your plugin") | ||
|
||
def info(self): | ||
"""Return useful information on the plugin, suitable for the user to | ||
read""" | ||
return f"{self.name}, by {self.author}. {self.description}" | ||
|
||
class PrivEsc(Item): | ||
pass | ||
|
||
class Enumeration(Item): | ||
pass |