n1nj4sec
7739e1ea18
make shell_exec compatible with both strings and lists of arguments
2016-07-11 19:28:43 +02:00
n1nj4sec
75d3266ee6
fix getpid/getppid on unix systems
2016-07-11 19:28:17 +02:00
n1nj4sec
77a6bf0880
Merge branch 'AlessandroZ-master' into dev
2016-07-11 18:31:31 +02:00
n1nj4sec
b57c50b1c9
Merge branch 'quentinhardy-master' into dev
2016-07-11 18:23:14 +02:00
n1nj4sec
7c20c7b25b
Merge branch 'mnogostuff-dev' into dev
2016-07-11 18:19:54 +02:00
Alessandro ZANNI
3f26b4e27b
list logical drives on a windows system
2016-07-10 19:07:55 +02:00
Alessandro ZANNI
53b46177b8
bug fixes
2016-07-10 13:21:22 +02:00
AlessandroZ
d527643baa
Merge pull request #1 from AlessandroZ/AlessandroZ-impersonation-process
...
Update security.py
2016-07-04 10:04:11 +02:00
Vavilov
9929522bc8
allow socks to resolve dns remotely
2016-07-03 14:22:48 -04:00
AlessandroZ
78157f786a
Update security.py
...
- Check added to test if a user has system rights before impersonate a process token (and migrate into it). Without this check, an elevated user (uac bypassed) trying to impersonate a process token had an error, and he will not able to get system anymore (he looses his admin ritghts, I don't know why). This check will avoid that problem.
- When a user impersonate a process token and migrate into it, a full context of this new user is created. It means, he has access to all his environment. To test it, impersonate another user, get a shell and list his environment variables (with "set"). Without this new context, the impersonated user will only have access to the environment variable of the previous user.
2016-07-03 19:58:18 +02:00
quentinhardy
45d532f598
Merge branch 'master' of https://github.com/quentinhardy/pupy
2016-07-02 07:36:46 -04:00
quentinhardy
938d39b6b5
Print UAC level in output of 'info'. Print integrity Level in output of "sessions"
2016-07-02 07:35:18 -04:00
quentinhardy
81cf5998b5
Print UAC level in "sessions" output (0 to 3, with 0=Disabled)
2016-07-02 07:35:18 -04:00
quentinhardy
9ade4ac2f0
Print UAC level in output of 'info'. Print integrity Level in output of "sessions"
2016-07-02 07:33:10 -04:00
n1nj4sec
19a0ee486e
AES encryption and decryption of powershell payloads served over HTTP
2016-06-30 23:12:49 +02:00
quentinhardy
489ceae0f5
Print UAC level in "sessions" output (0 to 3, with 0=Disabled)
2016-06-30 07:56:57 -04:00
n1nj4sec
7519703696
removing xor from ps1_oneliner (too slow)
2016-06-29 20:34:48 +02:00
n1nj4sec
14a3a481b6
improved interface and ip auto-detection in pupygen
2016-06-29 20:26:31 +02:00
n1nj4sec
375abf68fd
module to change pupy's process argv & env on linux. related to issue #115
2016-06-28 23:21:20 +02:00
n1nj4sec
99a3a0e604
module utf8 encoding problem fix with some exception tracebacks
2016-06-28 22:43:40 +02:00
n1nj4sec
e8567a5263
fix creddump display issues
2016-06-28 21:54:54 +02:00
DeveloppSoft
66d1f4f2d0
Changed info statements to success so every user will be able to see it
2016-06-26 18:59:19 +02:00
n1nj4sec
c67055d90f
Merge branch 'dev'
2016-06-26 15:49:29 +02:00
quentinhardy
f17f6cdb50
Merge branch 'master' of https://github.com/quentinhardy/pupy
2016-06-24 10:45:51 -04:00
quentinhardy
af576a701e
New module for bypassing UAC with Invoke-BypassUAC.ps1, from Empire
2016-06-24 10:45:09 -04:00
quentinhardy
bab54bc0f0
2 new functions used in bypassUAC: is_x64_architecture() and is_x86_architecture()
2016-06-24 10:45:09 -04:00
quentinhardy
1693e99490
Buf fixed by AlessandroZ ( https://github.com/AlessandroZ ), see https://github.com/n1nj4sec/pupy/issues/107
...
Please enter the commit message for your changes. Lines starting
2016-06-24 10:45:09 -04:00
quentinhardy
93602d766f
Add new powershell script Invoke-BypassUAC.ps1 from Empire
2016-06-24 10:45:09 -04:00
quentinhardy
a40d4dc272
Looging.info() of the message 'embedding %s...'
2016-06-24 10:45:09 -04:00
quentinhardy
fc254e8e22
Print 'proc_arch' in ourput of 'sessions' pupy command
2016-06-24 10:45:09 -04:00
quentinhardy
c9a1d70c53
New module for bypassing UAC with Invoke-BypassUAC.ps1, from Empire
2016-06-24 10:37:11 -04:00
quentinhardy
0d9d690165
2 new functions used in bypassUAC: is_x64_architecture() and is_x86_architecture()
2016-06-24 10:35:40 -04:00
quentinhardy
f77d6177ad
Buf fixed by AlessandroZ ( https://github.com/AlessandroZ ), see https://github.com/n1nj4sec/pupy/issues/107
...
Please enter the commit message for your changes. Lines starting
2016-06-24 10:31:55 -04:00
quentinhardy
821b57c698
Add new powershell script Invoke-BypassUAC.ps1 from Empire
2016-06-24 10:24:06 -04:00
quentinhardy
443b9a778f
Looging.info() of the message 'embedding %s...'
2016-06-24 10:09:13 -04:00
quentinhardy
0dbb731cd5
Print 'proc_arch' in ourput of 'sessions' pupy command
2016-06-24 05:37:44 -04:00
n1nj4sec
dc8b6fa9eb
minor obfuscation of powershell oneliner payloads to avoid basic av
...
traffic inspection
2016-06-23 21:26:37 +02:00
n1nj4sec
be6c0e20d9
call powershell's garbage collector before reflective dll loading to
...
limit powershell process size
2016-06-23 21:25:50 +02:00
n1nj4sec
e981d86414
Update README.md
2016-06-19 20:38:14 +02:00
n1nj4sec
b27aa954f0
readme update
2016-06-19 20:35:49 +02:00
n1nj4sec
be57a0f491
💥 new powershell oneliner to deploy pupy from memory
2016-06-19 15:53:19 +02:00
n1nj4sec
11acaf7f3f
changing memory_exec's category
2016-06-19 15:48:43 +02:00
n1nj4sec
4cdc833b87
updating windows templates
2016-06-18 19:50:47 +02:00
n1nj4sec
cac6db86e6
Makefile update
2016-06-18 19:19:51 +02:00
n1nj4sec
740e3a4497
check UA option for http transport
2016-06-18 19:16:47 +02:00
n1nj4sec
149c7818f7
split http and http_asyn to two different transports
2016-06-18 18:04:24 +02:00
n1nj4sec
c75b18a2b9
more layer examples
2016-06-18 18:03:55 +02:00
n1nj4sec
f5227e79a1
tcp transports perf improvments
2016-06-18 17:58:01 +02:00
n1nj4sec
46f8440443
reducing aes overhead
2016-06-18 17:56:12 +02:00
n1nj4sec
9ae685647c
fix scramblesuit
2016-06-18 13:02:20 +02:00