Overview
Pupy is a Remote Access/Post Exploitation tool.
Here are some of my favorite features:
- All-in-memory execution
- A windows payload that can load the entire Python interpreter from memory using a reflective DLL
- Execute non-interactive commands on multiple hosts at once.
- Reflectively migrate into other processes.
- Interactive shells (cmd.exe, /bin/bash, etc) can be opened remotely and have a real tty (with all keyboard signals working just like an SSH shell).
- Remote Desktop session via your local browser
- Customizable command line aliases
Full project details and source code can be found here: https://github.com/n1nj4sec/pupy
Installation Instructions
I found the install instructions on Pupy’s github page confusing. Once I figured out how to install it I though I’d share what I learned with folks. These instruction are for Kali 2020 Rolling.
Docker Setup
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -
echo 'deb [arch=amd64] https://download.docker.com/linux/debian buster stable' | sudo tee /etc/apt/sources.list.d/docker.list
sudo apt-get remove docker docker-engine docker.io
sudo apt-get install docker-ce
docker run hello-world
systemctl start docker
systemctl enable docker
sudo usermod -aG docker kali
# you must open a new terminal window for the user kali to be part of the group docker
Grub Setup
Please take a backup of your grub before modifying it
cp /etc/default/grub /root/grub_backup
## Replace GRUB_CMDLINE_LINUX_DEFAULT with the line below
GRUB_CMDLINE_LINUX_DEFAULT="vsyscall=emulate"
## now run update-grup
update-grub
reboot
Install Prerequisites
apt-get install git libssl1.0-dev libffi-dev python-dev \
python-pip build-essential python-openssl swig tcpdump
pip install virtualenv==16.7.10
pip install flake8==3.6.0
Download pupy and install
git clone --recursive https://github.com/n1nj4sec/pupy
cd pupy
./create-workspace.py -E virtualenv pupyws
Modify Config to Listen on Correct IP
You will need to modify pupy.conf to ensure it listens on the right IP address. If you are using a vpn this would be the IP of tun0.
In the [pupyd] section of pupy.conf, Modify "external=IP"
[pupyd]
transport = ec4
port = 8080
ipv6 = false
igd = false
httpd = false
webserver = true
dnscnc = localhost:5454
use_gnome_keyring = false
external = YOUR_IP_GOES_HERE
allow_requests_to_external_services = false
Did everything as advised but still encountered an error at the final stage of installation related to docker. Can you assist please.
docker: Error response from daemon: Get https://registry-1.docker.io/v2/alxchk/tc-linux64/manifests/latest: Get https://auth.docker.io/token?scope=repository%3Aalxchk%2Ftc-linux64%3Apull&service=registry.docker.io: dial tcp: lookup auth.docker.io on 192.168.168.168:53: read udp 192.168.168.118:36240->192.168.168.168:53: i/o timeout.
See ‘docker run –help’.
Traceback (most recent call last):
File “create-workspace.py”, line 657, in
main()
File “create-workspace.py”, line 563, in main
templates, args.image_tag, args.persistent
File “create-workspace.py”, line 256, in build_templates
subprocess.check_call(args, stderr=subprocess.STDOUT)
File “/usr/lib/python2.7/subprocess.py”, line 190, in check_call
raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command ‘[u’docker’, u’run’, u’–rm’, u’–name=build-pupy-linux64-a9c8′, u’–ulimit’, u’nofile=65535:65535′, u’–security-opt’, u’label=disable’, u’–mount’, u’type=bind,src=/home/cybersec/Offensive/tools/pupy,target=/build/workspace/project’, u’alxchk/tc-linux64:latest’, u’client/sources-linux/build-docker.sh’]’ returned non-zero exit status 125
Did you modify the grub?
Thanks for putting this together.
Do you have any advice on ways to get pupy payloads past AV software?