pwn 0.4.697 → 0.4.699

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2572514219bb53ad28d5bdb441d795b192a4f18b8bcf371652ef8661be793d06
-  data.tar.gz: 6afc53d56f23965bebfed008a7e7819457e6fc0face0daa5c4dd21110e1d7c9a
+  metadata.gz: d745dcbcd6c2a339cc95cd95cf520971dd1cb5d382e440222cad856b610899d4
+  data.tar.gz: 0fbe7d75659820c93ff70d1803fc397d4496a43e9148ee303e0d661cc7e88446
 SHA512:
-  metadata.gz: 986d271d939c0652a3c8c8ba943a51c56884e95102faad3ee36393f0e3c275af78c3edcdb8cde327424ab487dcc60fd87522010e6e2f587132d88fbd384fc573
-  data.tar.gz: 5158e21c12952017324123711dfb88776bc802c10a6cc5519cf10bff9607a8147bf452cae98f9769971c6f7e77510899d37376aba95bbf8d19b1fcf23089488a
+  metadata.gz: ccb00ebd0473169fef1745f37cdf988344afa39709590ff96d3d304f041a1a8fa664ade80425eb554649872bc891742466975826a3e79c0e34bbb24238bdb438
+  data.tar.gz: a0c6cbcfe85105ace99b455f38804c75f03a24457a0b9b713e9b87cc66927610a09f2366f147cde39f298d8bf02554eb505f83a2c21b15fc7113102b1bc28b7c

data/Gemfile

@@ -80,7 +80,8 @@ gem 'sinatra', '3.0.6'
 gem 'slack-ruby-client', '2.1.0'
 gem 'socksify', '1.7.1'
 gem 'spreadsheet', '1.3.0'
-gem 'sqlite3', '1.6.2'
+gem 'sqlite3', '1.6.3'
+gem 'sys-proctable', '1.3.0'
 gem 'thin', '1.8.2'
 gem 'tty-prompt', '0.23.1'
 gem 'tty-spinner', '0.9.3'

data/README.md

@@ -37,7 +37,7 @@ $ rvm use ruby-3.2.2@pwn
 $ rvm list gemsets
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.4.697]:001 >>> PWN.help
+pwn[v0.4.699]:001 >>> PWN.help
 ```
 
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.2.2@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.4.697]:001 >>> PWN.help
+pwn[v0.4.699]:001 >>> PWN.help
 ```
 
 

data/bin/pwn

@@ -4,6 +4,7 @@
 require 'optparse'
 require 'pwn'
 require 'pry'
+require 'sys/proctable'
 require 'yaml'
 
 opts = {}
@@ -292,10 +293,27 @@ begin
   )
 
   # Start PWN REPL
+  pwn_pid = Process.pid
   Pry.start(
     self,
     prompt: prompt
   )
 rescue StandardError => e
   raise e
+ensure
+  child_pids = Sys::ProcTable.ps(smaps: false).select do |pe|
+    pe.ppid == pwn_pid
+  end.map(&:pid)
+
+  grandkid_pids = Sys::ProcTable.ps(smaps: false).select do |pe|
+    child_pids.include?(pe.ppid)
+  end.map(&:pid)
+
+  grandkid_pids.each do |grandkid_pid|
+    Process.kill('TERM', grandkid_pid)
+  end
+
+  child_pids.each do |child_pid|
+    Process.kill('TERM', child_pid)
+  end
 end

data/lib/pwn/plugins/tor.rb

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
 
+require 'netaddr'
 require 'pty'
 
 module PWN
@@ -77,6 +78,7 @@ module PWN
       #   ip: 'optional - IP address to listen (default: 127.0.0.1)',
       #   port: 'optional - socks port to listen (default: 1024-65535)',
       #   ctrl_port: 'optional - tor control port to listen (default: 1024-65535)',
+      #   net: 'optional - CIDR notation to accept connections (default: 127.0.0.0.1/32)',
       #   data_dir: 'optional - directory to keep tor session data (default: /tmp/tor_pwn-TIMESTAMP)'
       # )
 
@@ -92,6 +94,11 @@ module PWN
             break if ctrl_port != port
           end
         end
+
+        net = opts[:net]
+        net ||= "#{ip}/32"
+        acl_net = NetAddr.parse_net(net)
+
         timestamp = Time.now.strftime('%Y-%m-%d_%H-%M-%S.%N%z')
         data_dir = opts[:data_dir]
         data_dir ||= "/tmp/tor_pwn-#{timestamp}"
@@ -115,7 +122,11 @@ module PWN
             'ControlPort',
             ctrl_port.to_s,
             'CookieAuthentication',
-            '1'
+            '1',
+            'SocksPolicy',
+            "accept #{acl_net}",
+            'SocksPolicy',
+            'reject *'
           ) do |stdout, _stdin, pid|
             File.write(pid_file, pid)
             stdout.each do |line|
@@ -201,6 +212,7 @@ module PWN
             ip: 'optional - IP address to listen (default: 127.0.0.1)',
             port: 'optional - socks port to listen (default: 9050)',
             ctrl_port: 'optional - tor control port to listen (default: 9051)',
+            net: 'optional - CIDR notation to accept connections (default: 127.0.0.1/32)',
             data_dir: 'optional - directory to keep tor session data (default: /tmp/tor_pwn-TIMESTAMP)'
           )
 

data/lib/pwn/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PWN
-  VERSION = '0.4.697'
+  VERSION = '0.4.699'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.4.697
+  version: 0.4.699
 platform: ruby
 authors:
 - 0day Inc.
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-05-15 00:00:00.000000000 Z
+date: 2023-05-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -982,14 +982,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.6.2
+        version: 1.6.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.6.2
+        version: 1.6.3
+- !ruby/object:Gem::Dependency
+  name: sys-proctable
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 1.3.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 1.3.0
 - !ruby/object:Gem::Dependency
   name: thin
   requirement: !ruby/object:Gem::Requirement