fix: add compatibility with Python 3.13 (fix distutils, find_module, crypt)

Chocapikk · Chocapikk · commit 6ac5afdee652 · 2025-04-05T20:25:29.000+02:00
- Replaced deprecated `find_module` usage in `CommandParser` and `Manager` by `importlib.util.module_from_spec` and `exec_module`
  (fixes AttributeError: 'FileFinder' object has no attribute 'find_module')

- Replaced `crypt.crypt(...)` with `passlib.hash.sha512_crypt` for password hashing
  (fixes ModuleNotFoundError: No module named 'crypt')

- Added `passlib` as a dependency in `pyproject.toml` under [tool.poetry.dependencies]
  (fixes ModuleNotFoundError: No module named 'passlib')
diff --git a/pwncat/commands/__init__.py b/pwncat/commands/__init__.py
@@ -43,6 +43,7 @@ def run(self, manager: "pwncat.manager.Manager", args: "argparse.Namespace"):
 import pkgutil
 import termios
 import argparse
+import importlib.util
 from io import TextIOWrapper
 from enum import Enum, auto
 from typing import Dict, List, Type, Callable, Iterable
@@ -432,11 +433,14 @@ def __init__(self, manager: "pwncat.manager.Manager"):
         for loader, module_name, is_pkg in pkgutil.walk_packages(__path__):
             if module_name == "base":
                 continue
-            self.commands.append(
-                loader.find_module(module_name)
-                .load_module(module_name)
-                .Command(manager)
-            )
+
+            spec = importlib.util.find_spec(f"{__name__}.{module_name}")
+            if spec is None:
+                raise ImportError(f"Could not find spec for module {module_name}")
+
+            module = importlib.util.module_from_spec(spec)
+            spec.loader.exec_module(module)
+            self.commands.append(module.Command(manager))
 
         self.prompt: PromptSession = None
         self.toolbar: PromptSession = None
diff --git a/pwncat/manager.py b/pwncat/manager.py
@@ -35,6 +35,7 @@
 import tempfile
 import threading
 import contextlib
+import importlib.util
 from io import TextIOWrapper
 from enum import Enum, auto
 from typing import Dict, List, Tuple, Union, Callable, Optional, Generator
@@ -932,9 +933,12 @@ def load_modules(self, *paths):
             paths, prefix="pwncat.modules."
         ):
 
-            # Why is this check *not* part of pkgutil??????? D:<
             if module_name not in sys.modules:
-                module = loader.find_module(module_name).load_module(module_name)
+                spec = importlib.util.find_spec(module_name)
+                if spec is None:
+                    continue
+                module = importlib.util.module_from_spec(spec)
+                spec.loader.exec_module(module)
             else:
                 module = sys.modules[module_name]
 
diff --git a/pwncat/modules/linux/enumerate/escalate/append_passwd.py b/pwncat/modules/linux/enumerate/escalate/append_passwd.py
@@ -1,5 +1,6 @@
 #!/usr/bin/env python3
-import crypt
+
+from passlib.hash import sha512_crypt
 
 import pwncat
 from pwncat.util import console
@@ -31,7 +32,7 @@ def escalate(self, session: "pwncat.manager.Session"):
         shell = session.platform.getenv("SHELL")
 
         # Hash the backdoor password
-        backdoor_hash = crypt.crypt(backdoor_pass, crypt.METHOD_SHA512)
+        backdoor_hash = sha512_crypt.using(salt_size=16).hash(backdoor_pass)
 
         if not any(line.startswith(f"{backdoor_user}:") for line in passwd_contents):
 
@@ -85,4 +86,4 @@ def enumerate(self, session):
             if ability.uid != 0:
                 continue
 
-            yield AppendPasswd(self.name, ability)
+            yield AppendPasswd(self.name, ability)
diff --git a/pwncat/modules/linux/implant/passwd.py b/pwncat/modules/linux/implant/passwd.py
@@ -1,5 +1,6 @@
 #!/usr/bin/env python3
-import crypt
+
+from passlib.hash import sha512_crypt
 
 import pwncat
 from pwncat.facts import Implant, ImplantType
@@ -93,7 +94,7 @@ def install(
 
         # Hash the password
         yield Status("hashing password")
-        backdoor_hash = crypt.crypt(backdoor_pass, crypt.METHOD_SHA512)
+        backdoor_hash = sha512_crypt.using(salt_size=16).hash(backdoor_pass)
 
         # Store the new line we are adding
         new_line = f"""{backdoor_user}:{backdoor_hash}:0:0::/root:{shell}\n"""
diff --git a/pyproject.toml b/pyproject.toml
@@ -11,7 +11,7 @@ addopts = "-v"
 
 [tool.poetry]
 name = "pwncat-cs"
-version = "0.5.4"
+version = "0.5.5"
 description = "Reverse and bind shell automation framework"
 authors = ["Caleb Stewart <caleb.stewart94@gmail.com>", "John Hammond"]
 readme = "README.md"
@@ -32,7 +32,8 @@ pwncat-cs = "pwncat.__main__:main"
 [tool.poetry.dependencies]
 python = "^3.9"
 netifaces = "^0.11.0"
-packaging = "^20.9"
+packaging = ">=23.0"
+passlib = "^1.7.4"
 prompt-toolkit = "^3.0.19"
 pycryptodome = "^3.10.1"
 requests = "^2.25.1"
