Closed leegengyu closed 4 years ago
hey @leegengyu!
Those are actually two separate commands that got merged somehow 🤦♂️
1. pyinstaller -F python.py
2. upx --brute python.exe
The 2nd is using https://github.com/upx/upx, I have sent a pull to update the instructions. Sorry about the confusion and thanks for running down all these issues!
This is the last command found in the preparation of the SeaDuke payload in
payload_configs.md
:pyinstaller -F python.py --upx --brute python.exe
According to the PyInstaller documents on using UPX, , there does not seem to be a
--upx
option available.Running it on the command prompt also shows that such an option was rejected in my case:![crucial2](https://user-images.githubusercontent.com/35021368/85347241-a03fa180-b52a-11ea-83b7-aa5cc9341afe.jpg)
From my understanding, in addition to not having
--upx
, it does not seem possible to pass UPX-related options to thepyinstaller
command, i.e. I could not pass the--brute
option topyinstaller
, which would run with UPX.The command which worked for me was
pyinstaller -F python.py --upx-exclude vcruntime140.dll
.Without excluding![Crucial](https://user-images.githubusercontent.com/35021368/85347634-b69a2d00-b52b-11ea-8fd7-55c589973b2a.jpg)
vcruntime140.dll
, the meterpreter session frompython.exe
would not be opened, as the executable would exit with an error code of -1:According to a user in an issue opened on PyInstaller's end, "UPX compression strips the SHA Digital Signature from vcruntime140.dll so it is no longer seen as valid."
pyinstaller
that runs with the option--upx
that I was unaware of?--brute
to the UPX that is running with PyInstaller (if my version of the command is correct)?