Exemple #1
0
    def run(self, args):
        ros = self.client.conn.modules['os']
        remote_file = ros.path.expandvars(args.remote_file)

        if args.local_file:
            local_file = os.path.expandvars(args.local_file)

            if os.path.isdir(local_file):
                local_file = os.path.join(local_file,
                                          ros.path.basename(remote_file))
        else:
            config = PupyConfig()
            filesdir = config.get_folder('downloads',
                                         {'%c': self.client.short_name()})
            remote_file_basename = ros.path.basename(remote_file)
            local_file = os.path.join(filesdir, remote_file_basename)

        local_dir = os.path.dirname(local_file)
        if not os.path.exists(local_dir):
            os.makedirs(local_dir)

        self.info('downloading %s ...' % remote_file)
        start_time = time.time()

        download(self.client.conn,
                 remote_file,
                 local_file,
                 chunk_size=8 * 1024 * 1024)

        size = os.path.getsize(local_file)
        self.success('file downloaded from remote:%s to local:%s' %
                     (remote_file, local_file))
        total_time = round(time.time() - start_time, 2)
        self.info('%s bytes downloaded in: %ss. average %sKB/s' %
                  (size, total_time, round((size / total_time) / 10**3, 2)))
Exemple #2
0
def ssl_authenticator():
    keystr = b''
    certstr = b''
    client_cert_required = True

    try:
        import pupy_credentials
        keystr = pupy_credentials.SSL_BIND_KEY
        certstr = pupy_credentials.SSL_BIND_CERT
        castr = pupy_credentials.SSL_CA_CERT
        role = 'CLIENT'

    except:
        from pupylib.PupyConfig import PupyConfig
        from pupylib.PupyCredentials import Credentials

        config = PupyConfig()
        credentials = Credentials()

        client_cert_required = config.getboolean('ssl', 'client_cert_required')

        keystr = credentials['SSL_BIND_KEY']
        certstr = credentials['SSL_BIND_CERT']
        castr = credentials['SSL_CA_CERT']

        role = credentials.role

    return PupySSLAuthenticator(role,
                                keystr,
                                certstr,
                                castr,
                                client_cert_required=client_cert_required)
Exemple #3
0
    def run(self, args):
        ros = self.client.conn.modules['os']
        remote_file = ros.path.expandvars(args.remote_file)

        if args.local_file:
            local_file = os.path.expandvars(args.local_file)

            if os.path.isdir(local_file):
                local_file = os.path.join(local_file, ros.path.basename(remote_file))
        else:
            config = PupyConfig()
            filesdir = config.get_folder('downloads', {'%c': self.client.short_name()})
            remote_file_basename = ros.path.basename(remote_file)
            local_file = os.path.join(filesdir, remote_file_basename)

        local_dir = os.path.dirname(local_file)
        if not os.path.exists(local_dir):
            os.makedirs(local_dir)

        self.info('downloading %s ...'%remote_file)
        start_time = time.time()

        download(self.client.conn, remote_file, local_file, chunk_size=8*1024*1024)

        size = os.path.getsize(local_file)
        self.success('file downloaded from remote:%s to local:%s'%(remote_file, local_file))
        total_time=round(time.time()-start_time, 2)
        self.info(
            '%s bytes downloaded in: %ss. average %sKB/s'%(
                size, total_time, round((size/total_time)/10**3, 2)
            )
        )
Exemple #4
0
def ssl_authenticator():
    keystr = b''
    certstr = b''
    client_cert_required = True

    try:
        import pupy_credentials
        keystr = pupy_credentials.SSL_BIND_KEY
        certstr = pupy_credentials.SSL_BIND_CERT
        castr = pupy_credentials.SSL_CA_CERT
        role = 'CLIENT'

    except:
        from pupylib.PupyConfig import PupyConfig
        from pupylib.PupyCredentials import Credentials

        config = PupyConfig()
        credentials = Credentials()

        client_cert_required = config.getboolean('ssl', 'client_cert_required')

        keystr = credentials['SSL_BIND_KEY']
        certstr = credentials['SSL_BIND_CERT']
        castr = credentials['SSL_CA_CERT']

        role = credentials.role

    return PupySSLAuthenticator(
        role, keystr, certstr, castr,
        client_cert_required=client_cert_required
    )
Exemple #5
0
 def __loadRubberDuckyConf__(self):
     '''
     '''
     config = PupyConfig()
     self.encoderPath = config.get("rubber_ducky","encoder_path")
     self.keyboardLayoutPath = config.get("rubber_ducky","default_keyboard_layout_path")
     if self.encoderPath == "TO_FILL":
         print(colorize("[+] ","red")+"The 'encoder_path' value has to be filled in pupy.conf for generating inject.bin")
     if self.keyboardLayoutPath == "TO_FILL":
         print(colorize("[+] ","red")+"The 'default_keyboard_layout_path' value has to be filled in pupy.conf for generating inject.bin")
Exemple #6
0
def main():
    from pupylib.utils.term import hint_to_text
    from traceback import print_exc

    def display(data):
        print hint_to_text(data)

    Credentials.DEFAULT_ROLE = 'CLIENT'

    config = PupyConfig()
    Credentials(config=config, validate=True)

    parser = get_parser(argparse.ArgumentParser, config)
    try:
        args = parser.parse_args()
        pupygen(args, config, None, display)

    except NoOutput:
        sys.exit(0)

    except InvalidOptions:
        sys.exit(1)

    except (ValueError, EncryptionError), e:
        if args.debug:
            print_exc()
        display(Error(e))
Exemple #7
0
    def __init__(self,
                 igd=None,
                 connect_host=None,
                 recursor=None,
                 connect_transport='ssl',
                 connect_port=443,
                 config=None,
                 credentials=None):

        credentials = credentials or Credentials()
        config = config or PupyConfig()

        self.config = config
        self.credentials = credentials
        self.igd = igd

        fdqn = self.config.get('pupyd', 'dnscnc').split(':')
        domain = fdqn[0]
        if len(fdqn) > 1:
            port = int(fdqn[1])
        else:
            port = 53

        listen = str(config.get('pupyd', 'address') or '0.0.0.0')
        prefer_external = config.getboolean('gen', 'external')

        self.host = [
            str(
                get_listener_ip(external=prefer_external,
                                config=config,
                                igd=igd))
        ]
        self.port = get_listener_port(config, external=prefer_external)
        self.transport = config.get('pupyd', 'transport')

        recursor = config.get('pupyd', 'recursor')
        if recursor and recursor.lower() in ('no', 'false', 'stop', 'n',
                                             'disable'):
            recursor = None

        self.dns_domain = domain
        self.dns_port = port
        self.dns_listen = listen
        self.dns_recursor = recursor
        self.handler = PupyDnsCommandServerHandler(
            domain,
            credentials['DNSCNC_PRIV_KEY'],
            recursor=recursor,
            config=self.config)

        self.server = DnsCommandServer(self.handler,
                                       address=listen,
                                       port=int(port))

        if self.igd and self.igd.available:
            self.igd.AddPortMapping(53, 'UDP', int(port))
            self.igd.AddPortMapping(53, 'TCP', int(port))

        self.server.start()
Exemple #8
0
    def run(self, args):
        screens = self.client.remote('screenshot', 'screens')
        screenshot = self.client.remote('screenshot', 'screenshot')

        if self.client.is_android():
            self.error("Android target, not implemented yet...")

        else:
            if args.enum:
                self.rawlog('{:>2} {:>9} {:>9}\n'.format('IDX', 'SIZE', 'LEFT'))
                for i, screen in enumerate(screens()):
                    if not (screen['width'] and screen['height']):
                        continue

                    self.rawlog('{:>2}: {:>9} {:>9}\n'.format(
                        i,
                        '{}x{}'.format(screen['width'], screen['height']),
                        '({}x{})'.format(screen['top'], screen['left'])))
                return

            config = self.client.pupsrv.config or PupyConfig()
            filepath_base = config.get_file('screenshots', {'%c': self.client.short_name()})

            try:
                screenshots, error = screenshot(args.screen)
            except Exception, e:
                self.error('Impossible to take a screenshot ("{0}"). Abording...'.format(e))
                return -1
            if not screenshots:
                self.error(error)
                return -1
            else:
                self.success('number of monitor detected: %s' % str(len(screenshots)))

                for i, screenshot in enumerate(screenshots):
                    filepath = filepath_base + '-{}.png'.format(i)
                    with open(filepath, 'w') as out:
                        out.write(screenshot)
                        self.success(filepath)

                    if args.view:
                        viewer = config.get('default_viewers', 'image_viewer') or 'xdg-open'

                        found = False
                        for p in os.environ.get('PATH', '').split(':'):
                            if os.path.exists(os.path.join(p, viewer)):
                                with open(os.devnull, 'w') as DEVNULL:
                                    subprocess.Popen(
                                        [viewer, filepath],
                                        stdin=DEVNULL, stdout=DEVNULL, stderr=DEVNULL)

                                found = True
                                break

                        if not found:
                            self.error('Default viewer not found: %s' % viewer)
Exemple #9
0
    def run(self, args):
        filepath = None
        if args.write:
            config = self.client.pupsrv.config or PupyConfig()
            folder = config.get_folder('beroot', {'%c': self.client.short_name()})
            filepath = path.join(folder, str(datetime.datetime.now()).replace(" ","_").replace(":","-")+"-beroot.txt")

        with redirected_stdio(self):
            try:
                for r in self.client.conn.modules["beRoot"].run(args.cmd, args.list, args.write):
                    self.print_output(output=r, write=args.write, file=filepath)
            except Exception as e:
                print e

        if args.write:
            self.success(filepath)
Exemple #10
0
    def run(self, args):
        rscreenshot = self.client.conn.modules['screenshot']
        if self.client.is_android() == True:
            self.error("Android target, not implemented yet...")
        else:
            if args.enum:
                self.rawlog('{:>2} {:>9} {:>9}\n'.format(
                    'IDX', 'SIZE', 'LEFT'))
                for i, screen in enumerate(rscreenshot.screens()):
                    if not (screen['width'] and screen['height']):
                        continue

                    self.rawlog('{:>2}: {:>9} {:>9}\n'.format(
                        i, '{}x{}'.format(screen['width'], screen['height']),
                        '({}x{})'.format(screen['top'], screen['left'])))
                return

            config = self.client.pupsrv.config or PupyConfig()
            folder = config.get_folder('screenshots',
                                       {'%c': self.client.short_name()})

            rscreenshot.takeScreenshot()
            screenshots, error = rscreenshot.screenshot(args.screen)
            if not screenshots:
                self.error(error)
            else:
                self.success('number of monitor detected: %s' %
                             str(len(screenshots)))

                for i, screenshot in enumerate(screenshots):
                    filepath = path.join(
                        folder,
                        str(datetime.datetime.now()).replace(" ", "_").replace(
                            ":", "-") + '-' + str(i) + ".png")
                    with open(filepath, 'w') as out:
                        out.write(screenshot)
                        self.success(filepath)

                    if args.view:
                        viewer = config.get('default_viewers', 'image_viewer')
                        subprocess.Popen([viewer, filepath])
Exemple #11
0
    def run(self, args):
        screens = self.client.remote('screenshot', 'screens')
        screenshot = self.client.remote('screenshot', 'screenshot')

        if self.client.is_android() == True:
            self.error("Android target, not implemented yet...")

        else:
            if args.enum:
                self.rawlog('{:>2} {:>9} {:>9}\n'.format(
                    'IDX', 'SIZE', 'LEFT'))
                for i, screen in enumerate(screens()):
                    if not (screen['width'] and screen['height']):
                        continue

                    self.rawlog('{:>2}: {:>9} {:>9}\n'.format(
                        i, '{}x{}'.format(screen['width'], screen['height']),
                        '({}x{})'.format(screen['top'], screen['left'])))
                return

            config = self.client.pupsrv.config or PupyConfig()
            filepath_base = config.get_file('screenshots',
                                            {'%c': self.client.short_name()})

            screenshots, error = screenshot(args.screen)
            if not screenshots:
                self.error(error)
            else:
                self.success('number of monitor detected: %s' %
                             str(len(screenshots)))

                for i, screenshot in enumerate(screenshots):
                    filepath = filepath_base + '-{}.png'.format(i)
                    with open(filepath, 'w') as out:
                        out.write(screenshot)
                        self.success(filepath)

                    if args.view:
                        viewer = config.get('default_viewers', 'image_viewer')
                        subprocess.Popen([viewer, filepath])
Exemple #12
0
                              port=args.oneliner_listen_port,
                              useTargetProxy=False)
        else:
            serve_ps1_payload(conf,
                              link_ip=link_ip,
                              port=args.oneliner_listen_port,
                              useTargetProxy=True)
    elif args.format == "rubber_ducky":
        rubber_ducky(conf).generateAllForOStarget()
    else:
        raise ValueError("Type %s is invalid." % (args.format))

    print(ok + "OUTPUT_PATH = %s" % os.path.abspath(outpath))
    print(ok + "SCRIPTLETS = %s" % args.scriptlet)
    print(ok + "DEBUG = %s" % args.debug)
    return os.path.abspath(outpath)


if __name__ == '__main__':
    Credentials.DEFAULT_ROLE = 'CLIENT'
    check_templates_version()
    config = PupyConfig()
    parser = get_parser(argparse.ArgumentParser, config)
    try:
        pupygen(parser.parse_args(), config)
    except InvalidOptions:
        sys.exit(0)
    except Exception, e:
        logging.exception(e)
        sys.exit(str(e))
Exemple #13
0
    def dump(self, args):
        addump = self.client.remote('ad', 'dump', False)
        config = self.client.pupsrv.config or PupyConfig()

        context = {
            'last_name': None,
            'last_fobj': None,
        }

        completion = Event()

        def on_data(name, payload):
            if name == 'dns':
                self.success('DNS server selected: {}'.format(payload))
            elif name == 'ldap':
                self.success('LDAP server selected: {}'.format(payload))
            elif name == 'error':
                self.error('Error: {}'.format(payload))
            else:
                is_first = False

                if context['last_name'] != name:
                    is_first = True

                    if context['last_name']:
                        self.success('Completed {}'.format(
                            context['last_name']))

                    dest = config.get_file(
                        'ad', {
                            r'%c': self.client.short_name(),
                            r'%n': basename(name),
                            r'%r': args.realm
                        })

                    self.success('Dumping {} -> {}'.format(name, dest))
                    context['last_name'] = name
                    if context['last_fobj']:
                        context['last_fobj'].write(u'\n]')
                        context['last_fobj'].close()

                    context['last_fobj'] = io_open(dest,
                                                   'w+',
                                                   encoding='utf-8')

                    context['last_fobj'].write(u'[\n')

                for record in from_tuple_deep(payload):
                    if is_first:
                        is_first = False
                    else:
                        context['last_fobj'].write(u',')

                    record_json = dumps(record,
                                        indent=2,
                                        sort_keys=True,
                                        default=json_default,
                                        ensure_ascii=False)

                    context['last_fobj'].write(record_json)

        def on_complete():
            if context['last_fobj']:
                context['last_fobj'].write(u']')
                context['last_fobj'].close()
                context['last_fobj'] = None

            if context['last_name']:
                self.success('Completed {}'.format(context['last_name']))
                context['last_name'] = None

                self.success('Dump completed')

            completion.set()

        self.terminate = addump(on_data, on_complete, args.realm,
                                args.global_catalog, args.filter
                                or args.target, not args.full)

        completion.wait()