• Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Menu
  • Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Search
Close
  • Home
  • 2017
  • December
  • 22
  • Pupy – A Cross-platform Remote Administration and Post-Exploitation Tool

Pupy – A Cross-platform Remote Administration and Post-Exploitation Tool

December 22, 2017 Comments Off on Pupy – A Cross-platform Remote Administration and Post-Exploitation Tool
download pupy how to use pupy open source remote administration tool pupy Pupy - A Cross-platform Remote Administration and Post-Exploitation Tool pupy rat pupy rat tutorial pupy tutorial python rat source code

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android), multi-function RAT (Remote Administration Tool) and post-exploitation tool mainly written in python. It features an all-in-memory execution guideline and leaves a very low footprint.

It can communicate using various transports, migrate into processes (reflective injection), load remote python code, python packages and python C-extensions from memory.
Pupy modules can transparently access remote python objects using RPyC to perform various interactive tasks.
It can generate payloads in multiple formats like PE executables, reflective DLLs, pure python files, powershell, apk, and etc.When you package a payload, you can choose a launcher (connect, bind, …), a transport (ssl, http, rsa, obfs3, scramblesuit, …) and a number of “scriptlets”. Scriptlets are python scripts meant to be embedded to perform various tasks offline (without requiring a session), like starting a background script, adding persistence, starting a keylogger, detecting a sandbox, and etc.

Features:

  • Multi-platform (tested on windows xp, 7, 8, 10, kali linux, ubuntu, osx, android)
  • On windows, the Pupy payload can be compiled as a reflective DLL and the whole python interpreter is loaded from memory. Pupy does not touch the disk 🙂
  • pupy can also be packed into a single .py file and run without any dependencies other that the python standard library on all OS. pycrypto gets replaced by pure python aes && rsa implementations when unavailable
  • Pupy can reflectively migrate into other processes
  • Pupy can remotely import, from memory, pure python packages (.py, .pyc) and compiled python C extensions (.pyd, .so). The imported python modules do not touch the disk.
  • Pupy is easily extensible, modules are quite simple to write, sorted by os and category.
  • A lot of awesome modules are already implemented!
  • Pupy uses rpyc and a module can directly access python objects on the remote client. We can also access remote objects interactively from the pupy shell and you even get auto-completion of remote attributes!
  • Communication transports are modular, stackable and awesome. You could exfiltrate data using HTTP over HTTP over AES over XOR. Or any combination of the available transports!
  • Pupy can communicate using obfsproxy pluggable transports
  • All the non-interactive modules can be dispatched to multiple hosts in one command
  • Commands and scripts running on remote hosts are interruptible
  • Auto-completion for commands and arguments
  • Custom config can be defined: command aliases, modules automatically run at connection, …
  • Interactive python shells with auto-completion on the all in memory remote python interpreter can be opened
  • Interactive shells (cmd.exe, /bin/bash, …) can be opened remotely. Remote shells on Unix & windows clients have a real tty with all keyboard signals working fine just like an ssh shell
  • Pupy can execute PE exe remotely and from memory (cf. ex with mimikatz)
  • Pupy can generate payloads in various formats: apk, lin_x86, lin_x64, so_x86, so_x64, exe_x86, exe_x64, dll_x86,dll_x64,py, pyinst,py_oneliner, ps1, ps1_oneliner, rubber_ducky
  • Pupy can be deployed in memory, from a single command line using pupygen.py’s python or powershell one-liners.
  • “scriptlets” can be embedded in generated payloads to perform some tasks “offline” without needing network connectivity (ex: start keylogger, add persistence, execute custom python script, check_vm …)
  • tons of other features…

Transports

All transports in pupy are stackable. This means that by creating a custom transport conf (pupy/network/transport/<transport_name>/conf.py), you can make you pupy session looks like anything. For example, you could stack HTTP over HTTP over base64 over HTTP over AES over obfs3:

  • rsa

A layer with authentication & encryption using RSA and AES256, often stacked with other layers

  • aes

layer using a static AES256 key

  • ssl (the default one)

TCP transport wrapped with SSL

  • ssl_rsa

same as ssl but stacked with an rsa layer

  • http

layer making the traffic look like HTTP traffic. HTTP is stacked with a rsa layer

  • obfs3
A protocol to keep the third party from telling what protocol is in use based on message contents. obfs3 is stacked with an rsa layer for a better security
  • scramblesuit

A Polymorphic Network Protocol to Circumvent Censorship. The scramblesuit is stacked with an rsa layer for a better security

  • udp

The rsa layer but over UDP (could be buggy, it doesn’t handle packet loss yet)

  • other

Other layers don’t really have any interest and are given for code examples : (dummy, base64, XOR, …)

Launchers:

  • connect

Just connect back

  • bind

Bind payload instead of reverse

  • auto_proxy
Retrieve a list of possible SOCKS/HTTP proxies and try each one of them. Proxy retrieval methods are: registry, WPAD requests, gnome settings, and HTTP_PROXY env variable.

Modules

All platforms:

  • command execution
  • download
  • upload
  • interactive python shell with auto-completion
  • interactive shell (cmd.exe, powershell.exe, /bin/sh, /bin/bash, …)
    • tty allocation is well supported on both windows and *nix. Just looks like a ssh shell
  • shellcode exec
  • persistence
  • socks5 proxy
  • local and remote port forwarding
  • screenshot
  • keylogger
  • run the awesome credential gathering tool LaZagne from memory !
  • sniff tools, netcreds
  • process migration (windows & linux, not osx yet)
  • a lot of other tools (upnp client, various recon/pivot tools using impacket remotely, …)
Windows specific:
  • migrate
    • inter process architecture injection also works (x86->x64 and x64->x86)
  • in memory execution of PE exe both x86 and x64!
    • works very well with mimitakz 🙂
  • webcam snapshot
  • microphone recorder
  • mouselogger:
    • takes small screenshots around the mouse at each click and send them back to the server
  • token manipulation
  • getsystem
  • creddump
  • tons of useful powershell scripts
Android specific:

  • Text to speech for Android to say stuff out loud
  • webcam snapshots (front cam & back cam)
  • GPS tracker!

Download Pupy

Post navigation

Invoke-Phant0m – Windows Event Log Killer
OWASP ZAP 2.7.0 – Penetration Testing Tool for Testing Web Applications

Related Articles

AsyncRAT – Open-Source Remote Administration Tool For Windows

- Remote Administration Tools
August 24, 2019

Slackor – A Golang implant that uses Slack as a CC2 Server

- Remote Access Tool, Remote Administration Tools
July 9, 2019

Loki – Remote Access Tool / Botnet

- Remote Administration Tools
June 17, 2019June 17, 2019
hacker gadgets
hacker phone covers

Recent Posts

Yaralyzer - Visually Inspect And Force Decode YARA And Regex Matches Found In Both Binary And Text Data, With Colors

Yaralyzer – Visually Inspect And Force Decode YARA And Regex Matches Found In Both Binary And Text Data, With Colors

January 29, 2023
Austrian Resold Drugs Purchased on The Dark Web

Austrian Resold Drugs Purchased on The Dark Web

January 29, 2023
SSTImap - Automatic SSTI Detection Tool With Interactive Interface

SSTImap – Automatic SSTI Detection Tool With Interactive Interface

January 28, 2023
Octosuite v3.0.4 releases: Advanced Github OSINT Framework

Octosuite v3.0.4 releases: Advanced Github OSINT Framework

January 28, 2023
firebaseExploiter: discovers open and exploitable Firebase Database

firebaseExploiter: discovers open and exploitable Firebase Database

January 28, 2023
CISA Warns of Hackers Exploiting CVE-2017-11357 Vulnerability

CISA Warns of Hackers Exploiting CVE-2017-11357 Vulnerability

January 27, 2023

Social Media Hacking

SocialPath – Track users across Social Media Platforms

SocialPath – Track users across Social Media Platforms

- Social Media Hacking
October 16, 2019October 16, 2019

SocialPath is a django application for gathering social media intelligence on specific username. It checks for Twitter, Instagram, Facebook, Reddit...

SocialScan – Check Email Address and Username Availability on Online Platforms

SocialScan – Check Email Address and Username Availability on Online Platforms

June 17, 2019
Shellphish – Phishing Tool For 18 Social Media Apps

Shellphish – Phishing Tool For 18 Social Media Apps

June 10, 2019July 27, 2019
WhatsApp Hacking using QRLJacking

WhatsApp Hacking using QRLJacking

May 2, 2019May 19, 2019
How to Hack any Facebook Account with Z-Shadow

How to Hack any Facebook Account with Z-Shadow

April 26, 2019June 29, 2020
hacker buffs

About Us

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Join Our Community!

Please wait...
Get the latest News and Hacking Tools delivered to your inbox.
Don't Worry ! You will not be spammed

Active Members

Submit a Tool

Hackers Handbook 2018


Grab your copy here

ABOUT US

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Our primary focus revolves around the latest tools released in the Infosec community and provide a platform for developers to showcase their skillset and current projects.

COMPANY
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Menu
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Live Chat
RESOURCES
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Menu
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Get Started
TOOLBOX
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Menu
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Tools Directory

2014 – 2020 | Haxf4rall.com               Stay Connected:

Facebook Twitter Google-plus Wordpress
Please wait...

Join Our Community

Subscribe now and get your free HACKERS HANDBOOK

Don't Worry ! You will not be spammed
SIGN UP FOR NEWSLETTER NOW