pwncat.facts.implant module

Implant modules generate Implant facts which provide the ability to interact with the installed implant. Implants can be one or more of spawn, replace or remote types. A spawn implant is used to locally escalate privileges and spawns a new session. A replace implant is also used to local escalation but instead replaces the context of the current session with a different user. Lastly, a remote implant allows pwncat to reconnect to the target.

class pwncat.facts.implant.Implant(source: str, types: List[str], uid: Union[int, str])

Bases: pwncat.db.Fact

Abstract base implant class. Any fact which specifies an implant.* type must implement this interface, however they are not required to inherit from this class (due to Python’s duck typing). This is most notably utilized with pwncat.facts.PrivateKey enumeration.

Parameters

• source (str) – generating module name

• types (List[str]) – list of fact types

• uid (Union[int, str]) – target UID

escalate(session: pwncat.manager.Session) → Union[pwncat.manager.Session, Callable[[pwncat.manager.Session], None]]

Escalate to the target user locally. If the implant type is implant.replace, this method should replace the current user context with the target user and return a callable which can undo this action. The callable takes a session its’ single argument. If the implant type is implant.spawn, this method spawns a new session as the target user and returns the newly established session.

Parameters

session (pwncat.manager.Session) – the target session on which to act

Return type

Union[pwncat.manager.Session, Callable[[pwncat.manager.Session], None]]

remove(session: pwncat.manager.Session)

Remove this implant from the target.

Parameters

session (pwncat.manager.Session) – the session on which to act

trigger(target: pwncat.target.Target) → pwncat.manager.Session

Trigger a remote implant and establish a new session. This is only valid for implant.remote implant types. It should return the newly established session.

Parameters

target (pwncat.target.Target) – the database target object with the details on how to connect

Return type

pwncat.manager.Session

flag pwncat.facts.implant.ImplantType(value)

Bases: enum.Flag

Type of implant which was installed

Valid values are as follows:

SPAWN = <ImplantType.SPAWN: 1>

REPLACE = <ImplantType.REPLACE: 2>

REMOTE = <ImplantType.REMOTE: 4>

exception pwncat.facts.implant.KeepImplantFact

Bases: Exception

This is raised when removing an implant where the fact itself remains in the database, but the implant types are removed. Normally, this indicates that the implant was enumerated and not installed by pwncat. Removing the implant simply removes our ability to use it, but tracks the enumeration of the data.