6.3 KiB
Pupy
Pupy is an opensource, multi-platform Remote Administration Tool with an embedded Python interpreter, allowing its modules to load python packages from memory and transparently access remote python objects. Pupy can communicate using different transports and have a bunch of cool features & modules. On Windows, Pupy uses reflective dll injection and leaves no traces on disk.
Features
- On windows, the Pupy payload is compiled as a reflective DLL and the whole python interpreter is loaded from memory. Pupy does not touch the disk :)
- Pupy can reflectively migrate into other processes
- Pupy can remotely import, from memory, pure python packages (.py, .pyc) and compiled python C extensions (.pyd). The imported python modules do not touch the disk. (.pyd mem import currently work on Windows only, .so memory import is not implemented)
- Modules are quite simple to write and pupy is easily extensible
- A lot of awesome modules are already implemented!
- Pupy uses rpyc and a module can directly access python objects on the remote client
- We can also access remote objects interactively from the pupy shell and you even get auto-completion of remote attributes!
- Communication transports are modular and pupy can communicate using obfsproxy pluggable transports
- All the non interactive modules can be dispatched to multiple hosts in one command
- Multi-platform (tested on windows 7, windows xp, kali linux, ubuntu, osx)
- Modules can be executed as background jobs and their output be retrieved later
- Commands and scripts running on remote hosts are interruptible
- Auto-completion for commands and arguments
- Nice colored output :-)
- Command aliases can be defined in the config
- Interactive python shells with auto-completion on the all in memory remote python interpreter can be opened
- Interactive shells (cmd.exe, /bin/bash, ...) can be opened remotely. Remote shells on Unix clients have a real tty with all keyboard signals working fine just like a ssh shell
- Pupy can execute PE exe remotely and from memory (cf. ex with mimikatz)
- tons of other features, check out the implemented modules
Implemented Transports
- tcp_cleartext
- A good example to look at, it's a protocol that does nothing
- tcp_base64
- Another simple example
- tcp_ssl (the default one)
- obfs3
- scramblesuit
Implemented Launchers
Launchers allow pupy to run custom actions before starting the reverse connection
- simple
- Just connect back
- auto_proxy
- Retrieve a list of possible SOCKS/HTTP proxies and try each one of them. Proxy retriaval methods are: registry, WPAD requests, gnome settings, HTTP_PROXY env variable
Implemented Modules
- migrate
- inter process architecture injection also works (x86->x64 and x64->x86)
- command execution
- interactive shell (cmd.exe, /bin/sh, /bin/bash, ...)
- tty allocation is well supported on target running a unix system. Just looks like a ssh shell
- interactive python shell
- download
- upload
- persistence
- screenshot
- webcam snapshot
to spy on your crush
- in memory execution of PE exe both x86 and x64!
- works very well with mimitakz :-)
- socks5 proxy
- local and remote port forwarding
- shellcode exec (thanks to @byt3bl33d3r)
- keylogger
- monitor keys and the titles of the windows the text is typed into, plus the clipboard! (thanks @golind for the updates)
- mouselogger:
- takes small screenshots around the mouse at each click and send them back to the server (thanks @golind)
##Installation Check out the wiki ! ##Documentation Check out the wiki !
Some screenshots
#####list connected clients #####help #####execute python code on all clients #####execute a command on all clients, exception is retrieved in case the command does not exists #####use a filter to send a module only on selected clients #####migrate into another process #####interactive shells #####interactive python shell #####upload and run another PE exe from memory
FAQ
Does the server work on windows?
Pupy server works best on linux. The server on windows has not been really tested and there is probably a lot of bugs. I try my best to code in a portable way but I don't always find the time to fix everything. If you find the courage to patch non-portable code, I will gladly accept pull requests! :)
I can't install it, how does it work?
Have a look at the Installation section in the wiki
I was wondering if you had a BTC address I could send a tip over to !
Sure, here you go :) Bitcoin address: 12BKKN81RodiG9vxJn34Me9ky19ArqNQxC
hey c4n y0u add a DDOS module plzz?
No.
Contact
by mail: contact@n1nj4.eu
on Twitter: Follow me on twitter
If some of you want to participate or send me a feedback, don't hesitate :-)
This project is a personal project, please respect its philosophy and don't use it for evil purposes!