search

alxchk / pupy

OpenSource cross-platform python security toolkit (remote shell)
Other
46 stars 12 forks source link

Syntax to connect to bind payload from pupysh.py? #3

Closed Strazzom closed 6 years ago

Strazzom commented 6 years ago

Having done some initial testing with the latest docker pull, I have noticed some really poor documentation for how to use the bind payload.

I have generated a payload targeting x86 Windows, which I then deployed in a VM. Following that, I attempted to decipher how to use the connect command from pupysh.py.

Just typing "connect" at the prompt yields the following:

>> connect
[-] connect: too few arguments
usage: connect [-h] args

Typing connect -h shows this:

connect -h
usage: connect [-h] args

Connect to the bind payload

positional arguments:
  args        Arguments to connect

optional arguments:
  -h, --help  show this help message and exit

Seeing as this is equally unhelpful, I tried typing "connect" followed by the <ip:port>. (In this case, 127.0.0.1:80 is an example. This is not actually what I am connecting to.)

>> connect 127.0.0.1:80
usage: connect [-h] --host <host:port>
               [-t {obfs3,http,ssl,ecm,tcp_cleartext,rsa,udp_secure,kc4,ec4,scramblesuit,websocket,udp_cleartext,ssl_rsa}]
               ...

I then tried the following:

>> connect --host 127.0.0.1:80 -t ssl
[-] connect: unrecognized arguments: --host -t ssl
usage: connect [-h] args

It seems that specifying any flags besides -h throws the above error.

Is the bind payload actually implemented? Doing ps and netstat -a on the target VM seem to indicate that it is listening on the port specified.

It seems like this is a matter of poor documentation rather than an error. What is the correct syntax for using the connect command? Is there another way to connect to a bind payload?

Strazzom commented 6 years ago

This seems to have fixed the issue with the connect command, but now pupygen is completely broken.

https://gist.github.com/Strazzom/8e13f1dc907bb9c6a6c70306eb7132ee

I did a git pull into the docker container, seeing as I can't actually install it correctly. The above is the output of running pupygen -h.

https://gist.github.com/Strazzom/40f47bb7edc0bc2062234b54aca96290

This is the error that is thrown when I attempt to connect to localhost. This is expected, because there is no actual bind payload running there, this is just to see if the connection actually completes. I have no way of testing if it will connect to the actual payload, seeing as I can't actually generate them as of the latest commit.

alxchk commented 6 years ago

I will fix pupygen today, but its better to use gen from pupysh directly

Strazzom commented 6 years ago

Noted. I presume the separate script is meant more for automation than actual manual use?

alxchk commented 6 years ago

No, it was from the beginning. I made gen command to make life a bit easier. Also in pupysh context it can know a bit more about context

Strazzom commented 6 years ago

Issue cleanup. Forgot to close this one.