From bdb5b5db56ae9d6482d02bc6192fb9c9b5f7ed31 Mon Sep 17 00:00:00 2001
From: Caleb Stewart <caleb.stewart94@gmail.com>
Date: Thu, 2 Jul 2020 08:48:41 -0400
Subject: [PATCH] Fixed pam persistence removal

Locating the pam directory was done differently in install and removal
routines, which caused discrepencies after installation. Should fix #21
---
 pwncat/persist/pam.py | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/pwncat/persist/pam.py b/pwncat/persist/pam.py
index 2a15d297..888eb907 100644
--- a/pwncat/persist/pam.py
+++ b/pwncat/persist/pam.py
@@ -210,17 +210,17 @@ def remove(self, user: Optional[str] = None):
 
             # Locate the pam_deny.so to know where to place the new module
             pam_modules = "/usr/lib/security"
-            try:
-                results = (
-                    pwncat.victim.env(["find", "/", "-name", "pam_deny.so"])
-                    .strip()
-                    .decode("utf-8")
+
+            results = (
+                pwncat.victim.run(
+                    "find / -name pam_deny.so 2>/dev/null | grep -v 'snap/'"
                 )
-                if results != "":
-                    results = results.split("\n")
-                    pam_modules = os.path.dirname(results[0])
-            except FileNotFoundError:
-                pass
+                .strip()
+                .decode("utf-8")
+            )
+            if results != "":
+                results = results.split("\n")
+                pam_modules = os.path.dirname(results[0])
 
             # Ensure the directory exists and is writable
             access = pwncat.victim.access(pam_modules)