From cc953e84a730b540a9bff41578836edf22cd7858 Mon Sep 17 00:00:00 2001 From: James Shuttleworth Date: Mon, 16 Nov 2020 14:02:53 +0000 Subject: [PATCH 1/4] Added branch info to description --- README.md | 34 ++++++++++++++++++++-------------- 1 file changed, 20 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index 17cb99f4..70bda86c 100644 --- a/README.md +++ b/README.md @@ -30,27 +30,29 @@ things to decide might be: You should document these decisions here in the `README.md` file. Once you are all happy with this, stage, commit and push it to your shared fork. Then, each team member can begin writing their own tool by -creating an individual fork. Naming your tool something sensible and -uniquely identifiable at this point will be very helpful. If you all -keep the simple name "LEAP", you will find it tricky to remember which -repository you are working on later. You can call your own fork -whatever you like. +creating an individual fork or using branching. Naming your tool +something sensible and uniquely identifiable at this point will be +very helpful. If you all keep the simple name "LEAP", you will might +it tricky to remember which repository you are working on later. You +can call your own fork whatever you like. When the individual tools are working and each team member has their own plugins working, it is their responsibility to liaise with the other members of the team to import the other plugins. Each team member should create a fork of the repositories of each of their team-mates, integrate their plugins and submit a pull-request for each -fork. +fork. If using branches, then each team member can merge into their +branch from either the master (if any system changes are made) or from +other users' forks (to incorporate their plugins). -So, if the team members are A, B, C and D, we will have one fork to -start with in which the team collaborates on defining the basics. -Then A will create a personal fork of the shared repository and work -on their tool and plugins. When they're done, they will create forks -from their team-mate's repositories. Let's call them LEAP-B, LEAP-C -and LEAP-D. A will then port their plugins to each of these new forks -and submit pull requests for them to be merged into the repositories -of their teammates. +If using forks, with team members being A, B, C and D, they will have +one fork to start with in which the team collaborates on defining the +basics. Then A will create a personal fork of the shared repository +and work on their tool and plugins. When they're done, they will +create forks from their team-mate's repositories. Let's call them +LEAP-B, LEAP-C and LEAP-D. A will then port their plugins to each of +these new forks and submit pull requests for them to be merged into +the repositories of their teammates. ## Why? @@ -64,3 +66,7 @@ request and they can decide to merge it into their work or not. In this project you will be getting experience of working on a project and receiving multiple pull-requests from contributors and at the same time, contributing to the repositories of others. + + + + From 63e2093428d2cf8a133c2ebf8eb539116eb9dc99 Mon Sep 17 00:00:00 2001 From: James Shuttleworth Date: Wed, 18 Nov 2020 12:00:49 +0000 Subject: [PATCH 2/4] Added demo privesc --- src/js_plugins.py | 46 +++++++++++++++++++++++++++++ src/leap.py | 75 +++++++++++++++++++++++++++++++++++------------ src/plugins.py | 33 +++++++++++++++++++++ 3 files changed, 135 insertions(+), 19 deletions(-) create mode 100644 src/js_plugins.py mode change 100644 => 100755 src/leap.py create mode 100644 src/plugins.py diff --git a/src/js_plugins.py b/src/js_plugins.py new file mode 100644 index 00000000..6024f093 --- /dev/null +++ b/src/js_plugins.py @@ -0,0 +1,46 @@ +""" Plugins for LEAP designed by James Shuttleworth """ + +from plugins import PrivEsc, Enumeration + +import os, tempfile + +from subprocess import Popen, PIPE + +import pty + + +# A very basic method, but useful +def shellRun(command): + """ Put given commands into a temporary file, spawn a shell and explain how to use the command """ + f = tempfile.NamedTemporaryFile(delete=False) + fname=f.name + f.write(command.encode()) + f.close() + os.system(f"chmod u+x {fname}") + print(f"Execute command with '{fname}'...\nCtrl-D to leave shell") + + pty.spawn("/bin/bash") + #os.system(fname) + os.unlink(fname) + + +class DumbSudoEscalation(PrivEsc): + """An example plugin that tries to use `sudo su` to get root. + + Requires being given the password for the current user and relies + on the current user having sudo privs, so while technically it + escalates proveleges, it does so only if you already have the + right credentials + + """ + def __init__(self, pw): + PrivEsc.__init__(self) + self.pw=pw + self.name="DumbSudoEscalation - not that useful" + self.author="James Shuttleworth" + self.description="Use sudo to 'hack' into the root account" + def execute(self): + print("Executing") + + shellRun("sudo xterm") + print("Done") diff --git a/src/leap.py b/src/leap.py old mode 100644 new mode 100755 index b4c6d13c..1a5e85d9 --- a/src/leap.py +++ b/src/leap.py @@ -1,22 +1,59 @@ -def dummyFunc(data): - """ This function is a placeholder """ - import base64 - out="" - for i in data: - v=ord(i) - v=((v&1)<<6) | (v>>1) - out+=chr(v) - return base64.b64encode(str.encode("".join(out))).decode() +#!/usr/bin/env python3 -def unDummyFunc(data): - """ This function is a placeholder """ - import base64 - out="" - for i in base64.b64decode(str.encode(data)).decode("utf-8"): - v=ord(i) - v=((v&64)>>6) | ((v<<1)&127) - out+=chr(v) - return "".join(out) +from js_plugins import DumbSudoEscalation if __name__=="__main__": - print("Your code goes here") + #Make a list of available privescs + pes=[] + pes.append(DumbSudoEscalation("swordfish")) + #And enumerations + ens=[] + + + shouldQuit=False + + while not shouldQuit: + print("=".join("-"*10)) + print(" Logo here...") + print("LEAP Menu") + + print("\nPrivescs:") + for i in range(len(pes)): + print(f"\tP{i}: {pes[i].name}") + + print("\nEnumerations:") + for i in range(len(ens)): + print(f"\tE{i}: {ens[i].name}") + + print("\nQ to quit") + print() + userInput=input("Enter a selection: ") + print("-"*20) + #remove whitespace, make uppercase + userInput=userInput.strip().upper() + + if userInput == "Q": + shouldQuit=True + + elif (userInput[0] in ["P","E"] and #Privesc or enumeration + len(userInput)>1): #Make sure it's more than 1 letter + + useList=ens + if userInput[0]=="P": + useList=pes + index=userInput[1:] #Get the number part... + for i in index: + if not i.isdigit(): + print("Invalid selection:",userInput) + break + else: + index=int(index) #Make it a number + if index Date: Wed, 25 Nov 2020 20:51:27 +0000 Subject: [PATCH 3/4] Done the discusions --- README.md | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 70bda86c..8b7ab484 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,13 @@ -# LEAP +#Discusions +During the first meeting we decided all of the names and file trees that we will +work with. For the function naming convention we decided that all +Windows enumarators will be named winEnumUsers and all Linux enumarators will be +called linEnumUsers. For the file tree we chose that all programs will be in /src +directory, Windows and Linux will each have a sub directory, the enumeration script +will be in /src, the enumeration plugins will be in only one file and each plugin +will have its own class. + +#LEAP LEAP: Local Enumeration And Privesc. Framework for 4061CEM project. From c759e82b5d3a545e27e69863806c7c5134ee2472 Mon Sep 17 00:00:00 2001 From: ciobotarub Date: Sat, 28 Nov 2020 13:58:38 +0000 Subject: [PATCH 4/4] Done the discusions --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 8b7ab484..305a930f 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ #Discusions During the first meeting we decided all of the names and file trees that we will -work with. For the function naming convention we decided that all +work with. For the function naming convention, we decided that all Windows enumarators will be named winEnumUsers and all Linux enumarators will be called linEnumUsers. For the file tree we chose that all programs will be in /src directory, Windows and Linux will each have a sub directory, the enumeration script