-
Notifications
You must be signed in to change notification settings - Fork 1.8k
Bug Testing Report: August 3rd, 2018
This is a page for documenting pupy's functionality, as well as what is currently broken. Broken items will have issues opened en masse once the list is compiled, this is purely for convenience on my (Strazzom's) part.
All testing was done on a Windows 7 SP1 x86 physical installation. It was not updated at the time of testing, and was a fresh install.
"Working" is defined as being able to execute successfully and/or retrieve data without errors, (cosmetic errors are OK). Note that some more subtle errors may not have been detected.
Note that certain esoteric or advanced functionality may not have been tested. For instance, I did not have access to an actual network at the time of testing, so anything domain or cloud VPS related is untested.
This page will be updated as time allows for further testing, preferably on multiple platforms.
✓ = working
X = broken
O = not tested
Functionality | Status |
---|---|
connect | ✓ |
bind | ✓ |
auto_proxy | O |
dnscnc | O |
Functionality | Description | Status |
---|---|---|
sessions | list/interact with established sessions | ✓ |
jobs | Manage Jobs | O |
help | Show help | ✓ |
exposed | list exposed objects/methods | ✓ |
python | Start the local python interpreter (for debugging purposes) | ✓ |
dnscnc | DNSCNC control | O |
tag | Assign tag to current session | ✓ |
exit | Exit Shell | ✓ |
connect | Connect to the bind payload | ✓ |
run | Run a module on one or multiple clients | ✓ |
logging | Show/set log level | ✓ |
config | Work with configuration file | O |
gen | Generate payload | ✓ |
restart | Restart pupysh | ✓ |
listen | start/stop/show current listeners | ✓- (syntax? docs unclear) |
Category | Command | Description | Status |
---|---|---|---|
admin | shares | List Local And Remote Shared Folder And Permission | ✓ |
admin | getpid | List Process Information | ✓ |
admin | psh | Load/Execute Powershell Scripts | O (docs unclear) |
admin | ssh | Ssh Client | O |
admin | rfs | Mount Remote Fs As Fuse Fs To Mountpoint | O |
admin | smbspider | Walk Through A Smb Directory And Recursively Search A String Into Files | O |
admin | shell_exec | Execute Shell Commands On A Remote System | ✓ |
admin | alive | Request To Send Keepalive Packets On Rpyc Level | ✓ |
admin | rdesktop | Start A Remote Desktop Session Using A Browser Websocket Client | X (connection reset with docker published port) |
admin | cp | Copy File Or Directory | ✓ |
admin | interactive_shell | Open An Interactive Command Shell With A Nice Tty | ✓ |
admin | rm | Remove A File Or A Directory | ✓ |
admin | smb | Copy Files Via Smb Protocol | O |
admin | netstat | List Terminal Sessions | ✓ |
admin | become | Become User | O |
admin | last | List Terminal Sessions | O |
admin | rdp | Enable / Disable Rdp Connection Or Check For Valid Credentials On A Remote Host | O |
admin | w | List Terminal Sessions | ✓ |
admin | getdomain | Get Primary Domain Controller | O |
admin | cd | Change Directory | ✓ |
admin | pexec | Execute Shell Commands Non-Interactively On A Remote System In Background Using Popen | ✓ |
admin | ps | List Processes | ✓ |
admin | zip | Zip / Unzip File Or Directory | ✓ |
admin | mkdir | Create An Empty Directory | ✓ |
admin | dns | Retrieve Domain Name From Ip And Vice Versa | ✓ |
admin | clear_logs | Clear Event Logs | O |
admin | psexec | Launch Remote Commands Using Smbexec Or Wmiexec | O |
admin | pyexec | Execute Python Code On A Remote System | ✓ |
admin | beroot | Windows Privilege Escalation | ✓ |
admin | cat | Show Contents Of A File | ✓ |
admin | pyshell | Open An Interactive Python Shell On The Remote Client | ✓ |
admin | mv | Move File Or Directory | ✓ |
admin | display | Set Display Variable | O |
admin | ip | List Interfaces | ✓ |
admin | sudo_alias | Write An Alias For Sudo To Retrieve User Password | O |
admin | igd | Upnp Igd Client | O |
admin | http | Trivial Get/Post Requests Via Http Protocol | ✓ |
admin | x509 | Fetch Certificate From Server | O |
admin | getppid | List Parent Process Information | ✓ |
admin | drives | List Valid Drives In The System | ✓ |
admin | date | Get Current Date | ✓ |
admin | getuid | Get Username | ✓ |
admin | pwd | Get Current Working Dir | ✓ |
admin | ls | List System Files | ✓ |
creds | loot_memory | Crawl Processes Memory And Look For Cleartext Credentials | ✓- (unable to verify working) |
creds | creddump | Download The Hives From A Remote Windows System And Dump Creds | ✓ |
creds | lazagne | Retrieve Passwords Stored On The Target | X (partially broken) |
creds | mimipy | Run Mimipy To Retrieve Credentials From Memory | O |
creds | creds | Database Containing All Passwords Found | ✓ |
creds | changeme | Default Credential Scanner | X |
creds | memstrings | Dump Printable Strings From Process Memory For Futher Analysis | ✓ |
exploit | mimikatz | Execute Mimikatz From Memory | X (can't find exe) |
exploit | exploit_suggester | Exploit Suggester | X (missing python library) |
exploit | shellcode_exec | Executes The Supplied Shellcode On A Client | O |
exploit | impersonate | List/Impersonate Process Tokens | X |
gather | keylogger | A Keylogger To Monitor All Keyboards Interaction Including The Clipboard :-) | ✓ |
gather | hashmon | Try To Find Clear Text Passwords In Memory | O |
gather | get_info | Get Some Informations About One Or Multiple Clients | ✓ |
gather | contacts | To Get Contacts | O |
gather | search | Walk Through A Directory And Recursively Search A String Into Files | ✓ (works, but docs are bad) |
gather | check_vm | Check If Running On Virtual Machine | X |
gather | outlook | Interact With Outlook Session Of The Targeted User | O |
gather | record_mic | Record Sound With The Microphone ! | O |
gather | pywerview | Rewriting Of Some Powerview'S Functionalities In Python | O |
gather | apps | To Interact Manage Applications | O |
gather | call | To Get Call Details | O |
gather | gpstracker | To Interact With Gps | O |
gather | mouselogger | Log Mouse Clicks And Take Screenshots Of Areas Around It | ✓ |
gather | powerview | Execute Powerview Commands | O |
gather | get_hwuuid | Try To Get Uuid (Dmi) Or Machine-Id (Dbus/Linux) | O |
gather | webcamsnap | Take A Webcam Snap :) | O |
gather | usniper | Globally Capture String Or Register During Execution At Specified | O |
gather | cloudinfo | Retrieve Ec2/Digitalocean Metadata | O |
gather | users | Get Interactive Users | ✓ |
gather | screenshot | Take A Screenshot :) | ✓ |
gather | ttyrec | Globally Capture Intput/Output To Tty. Compatible With Kernels | O |
general | exit | Exit The Client On The Other Side | ✓ (misleading description) |
general | process_kill | Kill A Process | ✓ |
manage | edit | Edit Remote File Locally (Download->Edit->Upload) | ✓ (how to change to other editor?) |
manage | upload | Upload A File/Directory To A Remote System | ✓ |
manage | hide_process | Edit Current Process Argv & Env Not To Look Suspicious | O |
manage | download | Download A File/Directory From A Remote System | ✓ |
manage | getprivs | Manage Current Process Privileges | ✓ |
manage | tasks | Get Info About Registered Background Tasks | ✓ |
manage | memory_exec | Execute A Executable From Memory | O |
manage | lock_screen | Lock The Session | ✓ |
manage | duplicate | Duplicate The Current Pupy Payload By Executing It From Memory | O |
manage | load_package | Load A Python Package Onto A Remote Client. Packages Files Must Be Placed In One Of The Pupy/Packages/// Repository | O |
manage | migrate | Migrate Pupy Into Another Process Using Reflective Dll Injection | ✓ |
manage | persistence | Enables Persistence Via Registry Keys | ✓ |
network | port_scan | Run A Tcp Port Scan | ✓ |
network | forward | Local/Remote Port Forwarding And Socks Proxy | ✓ |
network | tcpdump | Module To Reproduce Some Of The Classic Tcpdump Tool Functions | O |
privesc | getsystem | Try To Get Nt Authority System Privileges | ✓ |
privesc | bypassuac | Try To Bypass Uac | ✓ |
privesc | inveigh | Execute Inveigh Commands | ✓ |
privesc | privesc_checker | Linux Privilege Escalation Scripts | O |
troll | text_to_speach | Use Android Text To Speach To Say Something :) | O |
troll | vibrate | Activate The Phone/Tablet Vibrator :) | O |
troll | msgbox | Pop Up A Custom Message Box | ✓ |