Commit Graph

569 Commits

Author SHA1 Message Date
n1nj4sec 7739e1ea18 make shell_exec compatible with both strings and lists of arguments 2016-07-11 19:28:43 +02:00
n1nj4sec 75d3266ee6 fix getpid/getppid on unix systems 2016-07-11 19:28:17 +02:00
n1nj4sec 77a6bf0880 Merge branch 'AlessandroZ-master' into dev 2016-07-11 18:31:31 +02:00
n1nj4sec b57c50b1c9 Merge branch 'quentinhardy-master' into dev 2016-07-11 18:23:14 +02:00
n1nj4sec 7c20c7b25b Merge branch 'mnogostuff-dev' into dev 2016-07-11 18:19:54 +02:00
Alessandro ZANNI 3f26b4e27b list logical drives on a windows system 2016-07-10 19:07:55 +02:00
Alessandro ZANNI 53b46177b8 bug fixes 2016-07-10 13:21:22 +02:00
AlessandroZ d527643baa Merge pull request #1 from AlessandroZ/AlessandroZ-impersonation-process
Update security.py
2016-07-04 10:04:11 +02:00
Vavilov 9929522bc8 allow socks to resolve dns remotely 2016-07-03 14:22:48 -04:00
AlessandroZ 78157f786a Update security.py
- Check added to test if a user has system rights before impersonate a process token (and migrate into it). Without this check, an elevated user (uac bypassed) trying to impersonate a process token had an error, and he will not able to get system anymore (he looses his admin ritghts, I don't know why). This check will avoid that problem.

- When a user impersonate a process token and migrate into it, a full context of this new user is created. It means, he has access to all his environment. To test it, impersonate another user, get a shell and list his environment variables (with "set"). Without this new context, the impersonated user will only have access to the environment variable of the previous user.
2016-07-03 19:58:18 +02:00
quentinhardy 45d532f598 Merge branch 'master' of https://github.com/quentinhardy/pupy 2016-07-02 07:36:46 -04:00
quentinhardy 938d39b6b5 Print UAC level in output of 'info'. Print integrity Level in output of "sessions" 2016-07-02 07:35:18 -04:00
quentinhardy 81cf5998b5 Print UAC level in "sessions" output (0 to 3, with 0=Disabled) 2016-07-02 07:35:18 -04:00
quentinhardy 9ade4ac2f0 Print UAC level in output of 'info'. Print integrity Level in output of "sessions" 2016-07-02 07:33:10 -04:00
n1nj4sec 19a0ee486e AES encryption and decryption of powershell payloads served over HTTP 2016-06-30 23:12:49 +02:00
quentinhardy 489ceae0f5 Print UAC level in "sessions" output (0 to 3, with 0=Disabled) 2016-06-30 07:56:57 -04:00
n1nj4sec 7519703696 removing xor from ps1_oneliner (too slow) 2016-06-29 20:34:48 +02:00
n1nj4sec 14a3a481b6 improved interface and ip auto-detection in pupygen 2016-06-29 20:26:31 +02:00
n1nj4sec 375abf68fd module to change pupy's process argv & env on linux. related to issue #115 2016-06-28 23:21:20 +02:00
n1nj4sec 99a3a0e604 module utf8 encoding problem fix with some exception tracebacks 2016-06-28 22:43:40 +02:00
n1nj4sec e8567a5263 fix creddump display issues 2016-06-28 21:54:54 +02:00
DeveloppSoft 66d1f4f2d0 Changed info statements to success so every user will be able to see it 2016-06-26 18:59:19 +02:00
n1nj4sec c67055d90f Merge branch 'dev' 2016-06-26 15:49:29 +02:00
quentinhardy f17f6cdb50 Merge branch 'master' of https://github.com/quentinhardy/pupy 2016-06-24 10:45:51 -04:00
quentinhardy af576a701e New module for bypassing UAC with Invoke-BypassUAC.ps1, from Empire 2016-06-24 10:45:09 -04:00
quentinhardy bab54bc0f0 2 new functions used in bypassUAC: is_x64_architecture() and is_x86_architecture() 2016-06-24 10:45:09 -04:00
quentinhardy 1693e99490 Buf fixed by AlessandroZ (https://github.com/AlessandroZ), see https://github.com/n1nj4sec/pupy/issues/107
Please enter the commit message for your changes. Lines starting
2016-06-24 10:45:09 -04:00
quentinhardy 93602d766f Add new powershell script Invoke-BypassUAC.ps1 from Empire 2016-06-24 10:45:09 -04:00
quentinhardy a40d4dc272 Looging.info() of the message 'embedding %s...' 2016-06-24 10:45:09 -04:00
quentinhardy fc254e8e22 Print 'proc_arch' in ourput of 'sessions' pupy command 2016-06-24 10:45:09 -04:00
quentinhardy c9a1d70c53 New module for bypassing UAC with Invoke-BypassUAC.ps1, from Empire 2016-06-24 10:37:11 -04:00
quentinhardy 0d9d690165 2 new functions used in bypassUAC: is_x64_architecture() and is_x86_architecture() 2016-06-24 10:35:40 -04:00
quentinhardy f77d6177ad Buf fixed by AlessandroZ (https://github.com/AlessandroZ), see https://github.com/n1nj4sec/pupy/issues/107
Please enter the commit message for your changes. Lines starting
2016-06-24 10:31:55 -04:00
quentinhardy 821b57c698 Add new powershell script Invoke-BypassUAC.ps1 from Empire 2016-06-24 10:24:06 -04:00
quentinhardy 443b9a778f Looging.info() of the message 'embedding %s...' 2016-06-24 10:09:13 -04:00
quentinhardy 0dbb731cd5 Print 'proc_arch' in ourput of 'sessions' pupy command 2016-06-24 05:37:44 -04:00
n1nj4sec dc8b6fa9eb minor obfuscation of powershell oneliner payloads to avoid basic av
traffic inspection
2016-06-23 21:26:37 +02:00
n1nj4sec be6c0e20d9 call powershell's garbage collector before reflective dll loading to
limit powershell process size
2016-06-23 21:25:50 +02:00
n1nj4sec e981d86414 Update README.md 2016-06-19 20:38:14 +02:00
n1nj4sec b27aa954f0 readme update 2016-06-19 20:35:49 +02:00
n1nj4sec be57a0f491 💥 new powershell oneliner to deploy pupy from memory 2016-06-19 15:53:19 +02:00
n1nj4sec 11acaf7f3f changing memory_exec's category 2016-06-19 15:48:43 +02:00
n1nj4sec 4cdc833b87 updating windows templates 2016-06-18 19:50:47 +02:00
n1nj4sec cac6db86e6 Makefile update 2016-06-18 19:19:51 +02:00
n1nj4sec 740e3a4497 check UA option for http transport 2016-06-18 19:16:47 +02:00
n1nj4sec 149c7818f7 split http and http_asyn to two different transports 2016-06-18 18:04:24 +02:00
n1nj4sec c75b18a2b9 more layer examples 2016-06-18 18:03:55 +02:00
n1nj4sec f5227e79a1 tcp transports perf improvments 2016-06-18 17:58:01 +02:00
n1nj4sec 46f8440443 reducing aes overhead 2016-06-18 17:56:12 +02:00
n1nj4sec 9ae685647c fix scramblesuit 2016-06-18 13:02:20 +02:00