-
Notifications
You must be signed in to change notification settings - Fork 281
Fix compatibility with Python 3.13 (crypt module removal & deprecated import logic) #296
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
...crypt) - Replaced deprecated `find_module` usage in `CommandParser` and `Manager` by `importlib.util.module_from_spec` and `exec_module` (fixes AttributeError: 'FileFinder' object has no attribute 'find_module') - Replaced `crypt.crypt(...)` with `passlib.hash.sha512_crypt` for password hashing (fixes ModuleNotFoundError: No module named 'crypt') - Added `passlib` as a dependency in `pyproject.toml` under [tool.poetry.dependencies] (fixes ModuleNotFoundError: No module named 'passlib')
@Chocapikk
Chocapikk
force-pushed
the
master
branch
2 times, most recently
from
April 5, 2025 20:13
63b2df4 to
9f81b10
Compare
...tibility Fixed CVE-2019-14287 detection logic. Also reverted a previous accidental change that broke pickle serialization, preventing persistent storage from working properly.
@Chocapikk
Chocapikk
force-pushed
the
master
branch
from
April 5, 2025 20:58
9f81b10 to
a6b4b5a
Compare
Are you also getting an error when trying to get a shell from a windows target?
I get this:
[12:05:36] received connection from 10.10.100.15:49331
[12:06:06] connection failed: channel receive timed out: b"Invoke-Expression : The
term 'stty' is not recognized as the name of a cmdlet, function, script
file, or operable \r\nprogram. Check the spelling of the name, or if a
path was included, verify that the path is correct and try again.\r\nAt
line:1 char:501\r\n+ ... BytesRead - 1);$Output = try {Invoke-Expression
$Command 2>&1 | Out-S ...\r\n+
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo :
ObjectNotFound: (stty:String) [Invoke-Expression],
CommandNotFoundException\r\n + FullyQualifiedErrorId : CommandNotFoun
dException,Microsoft.PowerShell.Commands.InvokeExpressionCommand\r\n
\r\n"
(local) pwncat$
Hey @Yakui420 , I haven't looked or tested it on Windows environments. But I just think that this payload is not compatible with the env. It says that a command cannot be found, I think it's "stty" here, you will have to add an alternative payload for the interactive shell.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.
This PR fixes
pwncatcompatibility with Python 3.13 by addressing five key issues:Fixes included
Module replacement
cryptmodule (dropped in Python 3.13)passlib.hash.sha512_cryptfor hashing/etc/passwdentries→ Updated in:
modules/linux/enumerate/escalate/append_passwd.pymodules/linux/implant/passwd.pyImport system cleanup
pwncat/commands/__init__.pypwncat/manager.pyCVE-2019-14287 detection fix
try/exceptwithpackaging.version.parse()→ Prevents crashes on systems with distro-specific or malformed sudo versions.
Pickle serialization fix
→ Restores proper enumeration, persistence, and database commits.
Dependency update
passlibtopyproject.tomlto support the new password hashing backend.Errors resolved
ModuleNotFoundError: No module named 'crypt'AttributeError: 'FileFinder' object has no attribute 'find_module'PicklingError: Can't pickle <class ...>How to install this fix immediately
If this PR is not yet merged, you can install the fixed version directly from my fork: