Pupy is a Remote Access/Post Exploitation tool.
Here are some of my favorite features:
- All-in-memory execution
- A windows payload that can load the entire Python interpreter from memory using a reflective DLL
- Execute non-interactive commands on multiple hosts at once.
- Reflectively migrate into other processes.
- Interactive shells (cmd.exe, /bin/bash, etc) can be opened remotely and have a real tty (with all keyboard signals working just like an SSH shell).
- Remote Desktop session via your local browser
- Customizable command line aliases
Full project details and source code can be found here: https://github.com/n1nj4sec/pupy
I found the install instructions on Pupy’s github page confusing. Once I figured out how to install it I though I’d share what I learned with folks. These instruction are for Kali 2020 Rolling.
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add - echo 'deb [arch=amd64] https://download.docker.com/linux/debian buster stable' | sudo tee /etc/apt/sources.list.d/docker.list sudo apt-get remove docker docker-engine docker.io sudo apt-get install docker-ce docker run hello-world systemctl start docker systemctl enable docker sudo usermod -aG docker kali # you must open a new terminal window for the user kali to be part of the group docker
Please take a backup of your grub before modifying it
cp /etc/default/grub /root/grub_backup ## Replace GRUB_CMDLINE_LINUX_DEFAULT with the line below GRUB_CMDLINE_LINUX_DEFAULT="vsyscall=emulate" ## now run update-grup update-grub reboot
apt-get install git libssl1.0-dev libffi-dev python-dev \ python-pip build-essential python-openssl swig tcpdump pip install virtualenv==16.7.10 pip install flake8==3.6.0
Download pupy and install
git clone --recursive https://github.com/n1nj4sec/pupy cd pupy ./create-workspace.py -E virtualenv pupyws
Modify Config to Listen on Correct IP
You will need to modify pupy.conf to ensure it listens on the right IP address. If you are using a vpn this would be the IP of tun0.
In the [pupyd] section of pupy.conf, Modify "external=IP"
[pupyd] transport = ec4 port = 8080 ipv6 = false igd = false httpd = false webserver = true dnscnc = localhost:5454 use_gnome_keyring = false external = YOUR_IP_GOES_HERE allow_requests_to_external_services = false