pwn 0.5.475 → 0.5.476

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9925d872d4ad9fd60b7b6bdcfae94e7dd9cfbbdf3b6940cbadabf7272262bcdf
-  data.tar.gz: 617935fb1c6d04fc405653444a5902e712a7f991d32125c8f61d3c409cb67495
+  metadata.gz: 27b283c37fc8b736e65e2c64b23a21333dad62b689ce43e5dd3e958f665d29ae
+  data.tar.gz: 4a80083f4126e1628992e3c7029cfc358ee9e4c257605045bfab5ba82623efad
 SHA512:
-  metadata.gz: 16ff0e642b1bb240f649061e58940ab33274c9ddf3ede313d1cb6a8a0cf6a867d7a670e5417a1d87439e14dc2d8683e1e6936936cae6877b6d4d6d5fac546405
-  data.tar.gz: e065a9f313c72510212c198836419e61cddd6d2baad2b42874046c8c5421b4cde6d2287b5a8303ad006c0bd539e04841aaae3557019bcfb4baf40f5068042094
+  metadata.gz: 1d68f38ceda2d002c7c6ba6a8f4efc94d9b6b7b96e33988c5a7d37c06bd131d61140e2ed3b7c5af5fe7d7a2da5528c98d579a3d0ce4f3436439bd948e9bed5aa
+  data.tar.gz: d3c54e9f9fdb049ee1055df0287935f88f4f2f3f4bd61020983a9b379d68b7f8ed06d86a3ddf28e611c906f23314fb14febe2ca7f68d16fa2f5de6bb49e53fdb

data/Gemfile

@@ -25,6 +25,7 @@ gem 'bundler-audit', '0.9.2'
 gem 'bunny', '2.24.0'
 gem 'colorize', '1.1.0'
 gem 'credit_card_validations', '7.0.0'
+gem 'curses', '1.5.3'
 gem 'diffy', '3.4.4'
 gem 'eventmachine', '1.2.7'
 gem 'executable-hooks', '1.7.1'

data/README.md

@@ -37,7 +37,7 @@ $ cd /opt/pwn
 $ ./install.sh
 $ ./install.sh ruby-gem
 $ pwn
-pwn[v0.5.475]:001 >>> PWN.help
+pwn[v0.5.476]:001 >>> PWN.help
 ```
 
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.4.4@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.5.475]:001 >>> PWN.help
+pwn[v0.5.476]:001 >>> PWN.help
 ```
 
 If you're using a multi-user install of RVM do:
@@ -62,7 +62,7 @@ $ rvm use ruby-3.4.4@pwn
 $ rvmsudo gem uninstall --all --executables pwn
 $ rvmsudo gem install --verbose pwn
 $ pwn
-pwn[v0.5.475]:001 >>> PWN.help
+pwn[v0.5.476]:001 >>> PWN.help
 ```
 
 PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`.  The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:

data/lib/pwn/plugins/jira_data_center.rb

@@ -530,16 +530,38 @@ module PWN
           end
         end
 
-        # Create the cloned issue
-        cloned_issue = create_issue(
-          project_key: project_key,
-          summary: summary,
-          issue_type: issue_type,
-          epic_name: epic_name,
-          description: description,
-          additional_fields: additional_fields,
-          attachments: attachments
-        )
+        # Attempt create, dynamically omit unlicensed fields on failure
+        attempt = 1
+        max_attempts = 5
+        cloned_issue = nil
+        begin
+          cloned_issue = create_issue(
+            project_key: project_key,
+            summary: summary,
+            issue_type: issue_type,
+            epic_name: epic_name,
+            description: description,
+            additional_fields: additional_fields,
+            attachments: attachments
+          )
+        rescue RestClient::ExceptionWithResponse => e
+          raise e if attempt >= max_attempts || e.response.body.to_s.empty?
+
+          json = JSON.parse(e.response.body, symbolize_names: true)
+          errors_hash = json[:errors] if json.is_a?(Hash)
+          if errors_hash.is_a?(Hash)
+            unlicensed_field_keys = errors_hash.select { |_fk, msg| msg.to_s =~ /unlicensed/i }.keys
+            if unlicensed_field_keys.any?
+              unlicensed_field_keys.each do |fk|
+                additional_fields[:fields].delete(fk.to_sym)
+                additional_fields[:fields].delete(fk.to_s)
+              end
+              @@logger.warn("Omitting unlicensed fields: #{unlicensed_field_keys.join(', ')} (attempt #{attempt}/#{max_attempts}). Retrying clone.") if defined?(@@logger)
+              attempt += 1
+              retry
+            end
+          end
+        end
 
         # Return the fully fetched cloned issue
         get_issue(issue: cloned_issue[:key])

data/lib/pwn/plugins/repl.rb

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
 
+require 'curses'
 require 'fileutils'
 require 'meshtastic'
 require 'pry'
@@ -437,6 +438,14 @@ module PWN
             pi.config.pwn_mesh = true
             meshtastic_env = PWN::Env[:plugins][:meshtastic]
 
+            PWN.send(:remove_const, :MeshTxEchoThread) if PWN.const_defined?(:MeshTxEchoThread)
+            PWN.send(:remove_const, :MqttObj) if PWN.const_defined?(:MqttObj)
+            PWN.send(:remove_const, :MeshRxWin) if PWN.const_defined?(:MeshRxWin)
+            PWN.send(:remove_const, :MeshTxWin) if PWN.const_defined?(:MeshTxWin)
+            PWN.send(:remove_const, :MeshPi) if PWN.const_defined?(:MeshPi)
+            PWN.send(:remove_const, :MeshMutex) if PWN.const_defined?(:MeshMutex)
+            PWN.send(:remove_const, :MqttSubThread) if PWN.const_defined?(:MqttSubThread)
+
             mqtt_env = meshtastic_env[:mqtt]
             host = mqtt_env[:host]
             port = mqtt_env[:port]
@@ -458,6 +467,101 @@ module PWN
             psk = channel_env[:psk]
             region = channel_env[:region]
             topic = channel_env[:topic]
+            channel_num = channel_env[:channel_num]
+
+            # Init ncurses UI (idempotent) with separate RX (top) and TX (bottom) panes
+            Curses.init_screen
+            Curses.curs_set(0)
+            # Curses.crmode
+            # Curses.ESCDELAY = 0
+            Curses.start_color
+            Curses.use_default_colors
+
+            rx_height = Curses.lines - 4
+            rx_win = Curses::Window.new(rx_height, Curses.cols, 0, 0)
+            rx_win.scrollok(true)
+            rx_win.nodelay = true
+            rx_win.box('|', "\u2500")
+            rx_win.addstr("#{host}:#{port} >>> #{region}/#{topic}:#{channel_num} >>> Messages >>>\n")
+            rx_win.refresh
+
+            tx_win = Curses::Window.new(4, Curses.cols, rx_height, 0)
+            tx_win.scrollok(false)
+            tx_win.nodelay = true
+            tx_win.box('|', "\u2500")
+            tx_win.addstr("TX Pane (echo while typing, last sent shown after Enter)\n")
+            tx_win.refresh
+
+            PWN.const_set(:MeshRxWin, rx_win)
+            PWN.const_set(:MeshTxWin, tx_win)
+            PWN.const_set(:MeshMutex, Mutex.new)
+            PWN.const_set(:MeshPi, pi)
+
+            # Live typing echo thread (idempotent)
+            tx_prompt = "#{region}/#{topic}:#{channel_num} >>> "
+            echo_thread = Thread.new do
+              loop do
+                break unless pi.config.pwn_mesh
+
+                tx_win = PWN.const_get(:MeshTxWin)
+                mutex = PWN.const_get(:MeshMutex)
+                msg_input = pi.input.line_buffer.to_s
+                ts = Time.now.strftime('%H:%M:%S')
+                mutex.synchronize do
+                  # Only show draft if after_read hook hasn't just written final TX (heuristic)
+                  tx_win.clear
+                  tx_win.box('|', "\u2500")
+                  tx_win.setpos(1, 1)
+                  tx_win.addstr("[#{ts}] [TX] #{tx_prompt} #{msg_input}")
+                  tx_win.refresh
+                end
+                sleep 0.01
+              end
+            end
+            echo_thread.abort_on_exception = false
+            PWN.const_set(:MeshTxEchoThread, echo_thread)
+
+            # Start single subscriber thread (idempotent)
+            #  {packet: {from: 2868848892, to: 4294967295, channel: 93, encrypted: :decrypted, id: 3144461425, hop_limit: 3, topic: "msh/US/UT/2/e/BroadSec/!aaff28fc", node_id_from: "!aaff28fc", node_id_to: "!ffffffff", decoded: {portnum: :TEXT_MESSAGE_APP, payload: "testy"}}, channel_id: "BroadSec", gateway_id: "!aaff28fc"}
+            psks = { active_channel => psk }
+            PWN::Plugins::ThreadPool.fill(
+              enumerable_array: [:mesh_sub],
+              max_threads: 1,
+              detach: true
+            ) do |_|
+              Meshtastic::MQTT.subscribe(
+                mqtt_obj: mqtt_obj,
+                region: region,
+                topic: topic,
+                channel: channel_num,
+                psks: psks
+              ) do |msg|
+                next unless msg.key?(:packet) && msg[:packet].key?(:decoded) && msg[:packet][:decoded].is_a?(Hash)
+
+                packet = msg[:packet]
+                decoded = packet[:decoded]
+                next unless decoded.key?(:portnum) && decoded[:portnum] == :TEXT_MESSAGE_APP
+
+                rx_win = PWN.const_get(:MeshRxWin)
+                mutex = PWN.const_get(:MeshMutex)
+
+                from = packet[:node_id_from]
+                absolute_topic = "#{region}/#{topic.gsub('#', from)}:#{channel_num}"
+                to = packet[:node_id_to]
+                rx_text = decoded[:payload]
+                ts = Time.now.strftime('%H:%M:%S')
+                mutex.synchronize do
+                  if to == '!ffffffff'
+                    rx_win.addstr("[#{ts}] [RX] #{absolute_topic}: #{rx_text}\n")
+                  else
+                    rx_win.addstr("[#{ts}] [RX][DM INTERCEPTED] #{absolute_topic} >>> #{to}: #{rx_text}\n")
+                  end
+                  rx_win.addstr("#{msg.inspect}\n\n\n")
+                  rx_win.refresh
+                end
+              end
+            end
+            PWN.const_set(:MqttSubThread, true)
           rescue StandardError => e
             raise e
           end
@@ -523,8 +627,32 @@ module PWN
             pi.config.pwn_ai_debug = false if pi.config.pwn_ai_debug
             pi.config.pwn_ai_speak = false if pi.config.pwn_ai_speak
             pi.config.completer = Pry::InputCompleter
-            PWN.send(:remove_const, :MqttObj) if PWN.const_defined?(:MqttObj)
-            pi.config.pwn_mesh = false if pi.config.pwn_mesh
+            return unless pi.config.pwn_mesh
+
+            pi.config.pwn_mesh = false
+            # Stop echo thread
+            if PWN.const_defined?(:MeshTxEchoThread)
+              PWN.const_get(:MeshTxEchoThread).kill
+              PWN.send(:remove_const, :MeshTxEchoThread)
+            end
+
+            if PWN.const_defined?(:MqttObj)
+              Meshtastic::MQTT.disconnect(mqtt_obj: PWN.const_get(:MqttObj))
+              PWN.send(:remove_const, :MqttObj)
+            end
+
+            if PWN.const_defined?(:MeshRxWin)
+              PWN.const_get(:MeshRxWin).close
+              PWN.send(:remove_const, :MeshRxWin)
+            end
+            if PWN.const_defined?(:MeshTxWin)
+              PWN.const_get(:MeshTxWin).close
+              PWN.send(:remove_const, :MeshTxWin)
+            end
+            PWN.send(:remove_const, :MeshPi) if PWN.const_defined?(:MeshPi)
+            PWN.send(:remove_const, :MeshMutex) if PWN.const_defined?(:MeshMutex)
+            PWN.send(:remove_const, :MqttSubThread) if PWN.const_defined?(:MqttSubThread)
+            Curses.close_screen
           end
         end
       rescue StandardError => e
@@ -656,21 +784,18 @@ module PWN
             psks = {}
             psks[active_channel] = psk
 
-            text = pi.input.line_buffer
+            tx_text = pi.input.line_buffer.to_s
             to = '!ffffffff'
-            # If text include @! with 8 byte length OR
-            if text.include?('@!')
-              to_raw = text.split('@').last.chomp[0..8]
+            # If text include @! with 8 byte length,
+            # send DM to that address
+            if tx_text.include?('@!')
+              to_raw = tx_text.split('@').last.chomp[0..8]
               # If to_raw[1..-1] is hex than set to = to_raw
               to = to_raw if to_raw[1..-1].match?(/^[a-fA-F0-9]{8}$/)
-              text.gsub!("@#{to_raw}", '')
+              # Remove any spaces from beginning of to_raw
+              tx_text.gsub!("@#{to_raw}", '').strip!
             end
-            puts "\nFrom: #{from}"
-            puts "To: #{to}"
-            puts "Region: #{region}"
-            puts "Topic: #{topic}"
-            puts "Channel #: #{channel_num}"
-            puts "Text: #{text}\n\n"
+
             Meshtastic::MQTT.send_text(
               mqtt_obj: mqtt_obj,
               from: from,
@@ -678,9 +803,24 @@ module PWN
               region: region,
               topic: topic,
               channel: channel_num,
-              text: text,
+              text: tx_text,
               psks: psks
             )
+
+            # Update TX pane (bottom) with last sent message
+            if PWN.const_defined?(:MeshTxWin)
+              tx_win = PWN.const_get(:MeshTxWin)
+              mutex = PWN.const_get(:MeshMutex)
+              absolute_topic = "#{region}/#{topic.gsub('#', from)}:#{channel_num}"
+              ts = Time.now.strftime('%H:%M:%S')
+              mutex.synchronize do
+                tx_win.clear
+                tx_win.box('|', "\u2500")
+                tx_win.setpos(1, 1)
+                tx_win.addstr("[#{ts}] [TX] #{absolute_topic} >>> #{to}: #{tx_text}")
+                tx_win.refresh
+              end
+            end
           end
         end
       rescue StandardError => e

data/lib/pwn/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PWN
-  VERSION = '0.5.475'
+  VERSION = '0.5.476'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.5.475
+  version: 0.5.476
 platform: ruby
 authors:
 - 0day Inc.
@@ -205,6 +205,20 @@ dependencies:
     - - '='
       - !ruby/object:Gem::Version
         version: 7.0.0
+- !ruby/object:Gem::Dependency
+  name: curses
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 1.5.3
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 1.5.3
 - !ruby/object:Gem::Dependency
   name: diffy
   requirement: !ruby/object:Gem::Requirement