Hotfix/linuxwrite64

[WesVleuten]

Description of Changes

Fixes #173.

Major Changes Implemented:

• Fixed base64 stream in LinuxWriter

Pre-Merge Tasks

• Formatted all modified files w/ python-black
• Sorted imports for modified files w/ isort
• Ran flake8 on repo, and fixed any new problems w/ modified files
• Ran pytest test cases
• Added brief summary of updates to CHANGELOG (under [Unreleased])

There are currently issues with the pytest test cases in master. This PR does not affect the results

[calebstewart]

Interestingly, I thought I had gone through and removed the base64-based streams from the GTFObins database, but I apparently did not. That is my bad. This was mainly needed before I could figure out how to send raw data without messing up the terminal.

In order to do this properly, we'd need to have the base64io module again, but that required some modifications from public package and therefore used to depend on our internal fork of the repo and this was not ideal at all. We can pull that source directly into pwncat, if needed, but I'll need to do some testing to see what the best path forward is, and I'll get back to you. Ideally we just don't need to have base64 streams at all, to be honest.

[calebstewart]

I'm going through gtfobins.json, and I definitely did not remove the base64 payloads. I need to go through individually and make sure that they all have equivalent non-base64 payloads. Once I have that, I'll upload the modified gtfobins.json here, and if you could test that, I'd appreciate it.

Long story short, I'd like to not even worry about supporting base64 encoded data transfer options, since it complicates the process, can increase data transfer size, and also doesn't provide any positive benefit anymore (since we can now transmit raw binary data over the TTY w/ the new LinuxWriter file-like class).

As a specific example, the cp payload current specifies two different options:

  "cp": [
    {
      "type": "write",
      "stream": "print",
      "payload": "TF=none; {command}; TF=$({mktemp}); {chmod} ugo+r $TF; {cat} > $TF; {command}; rm -f $TF",
      "args": [
        "$TF",
        "{lfile}"
      ],
      "exit": "{ctrl_d}"
    },
    {
      "type": "write",
      "stream": "base64",
      "payload": "TF=none; {command}; TF=$({mktemp}); {chmod} ugo+r $TF; {base64} -d > $TF; {command}; rm -f $TF",
      "args": [
        "$TF",
        "{lfile}"
      ],
      "exit": "{ctrl_d}"
    }
  ],

The first only supports printable characters, while the second takes any kind of data, and base64-encodes it. With the updates to LinuxWriter, we can write binary data with the implementation that is currently marked as print. So, the new cp entry in gtfobins.json would simply be:

  "cp": [
    {
      "type": "write",
      "stream": "raw",
      "payload": "TF=none; {command}; TF=$({mktemp}); {chmod} ugo+r $TF; {cat} > $TF; {command}; rm -f $TF",
      "args": [
        "$TF",
        "{lfile}"
      ],
      "exit": "{ctrl_d}"
    }
  ],

[WesVleuten]

No extra encoding is definitely better. I'm okay closing this PR if you are!

[calebstewart]

I'm closing this in favor of #189. It's taking a bit, but I'd like to get tests going for every GTFOBin. Doing that has been a pain.