Skip to content

Bug Testing Report: August 3rd, 2018

Strazzom edited this page Aug 18, 2018 · 1 revision

Info:

This is a page for documenting pupy's functionality, as well as what is currently broken. Broken items will have issues opened en masse once the list is compiled, this is purely for convenience on my (Strazzom's) part.

All testing was done on a Windows 7 SP1 x86 physical installation. It was not updated at the time of testing, and was a fresh install.

"Working" is defined as being able to execute successfully and/or retrieve data without errors, (cosmetic errors are OK). Note that some more subtle errors may not have been detected.

Note that certain esoteric or advanced functionality may not have been tested. For instance, I did not have access to an actual network at the time of testing, so anything domain or cloud VPS related is untested.

This page will be updated as time allows for further testing, preferably on multiple platforms.

Functionality:

✓ = working

X = broken

O = not tested

Launchers:

Functionality Status
connect
bind
auto_proxy O
dnscnc O

Commands:

Functionality Description Status
sessions list/interact with established sessions
jobs Manage Jobs O
help Show help
exposed list exposed objects/methods
python Start the local python interpreter (for debugging purposes)
dnscnc DNSCNC control O
tag Assign tag to current session
exit Exit Shell
connect Connect to the bind payload
run Run a module on one or multiple clients
logging Show/set log level
config Work with configuration file O
gen Generate payload
restart Restart pupysh
listen start/stop/show current listeners ✓- (syntax? docs unclear)

Modules

Category Command Description Status
admin shares List Local And Remote Shared Folder And Permission
admin getpid List Process Information
admin psh Load/Execute Powershell Scripts O (docs unclear)
admin ssh Ssh Client O
admin rfs Mount Remote Fs As Fuse Fs To Mountpoint O
admin smbspider Walk Through A Smb Directory And Recursively Search A String Into Files O
admin shell_exec Execute Shell Commands On A Remote System
admin alive Request To Send Keepalive Packets On Rpyc Level
admin rdesktop Start A Remote Desktop Session Using A Browser Websocket Client X (connection reset with docker published port)
admin cp Copy File Or Directory
admin interactive_shell Open An Interactive Command Shell With A Nice Tty
admin rm Remove A File Or A Directory
admin smb Copy Files Via Smb Protocol O
admin netstat List Terminal Sessions
admin become Become User O
admin last List Terminal Sessions O
admin rdp Enable / Disable Rdp Connection Or Check For Valid Credentials On A Remote Host O
admin w List Terminal Sessions
admin getdomain Get Primary Domain Controller O
admin cd Change Directory
admin pexec Execute Shell Commands Non-Interactively On A Remote System In Background Using Popen
admin ps List Processes
admin zip Zip / Unzip File Or Directory
admin mkdir Create An Empty Directory
admin dns Retrieve Domain Name From Ip And Vice Versa
admin clear_logs Clear Event Logs O
admin psexec Launch Remote Commands Using Smbexec Or Wmiexec O
admin pyexec Execute Python Code On A Remote System
admin beroot Windows Privilege Escalation
admin cat Show Contents Of A File
admin pyshell Open An Interactive Python Shell On The Remote Client
admin mv Move File Or Directory
admin display Set Display Variable O
admin ip List Interfaces
admin sudo_alias Write An Alias For Sudo To Retrieve User Password O
admin igd Upnp Igd Client O
admin http Trivial Get/Post Requests Via Http Protocol
admin x509 Fetch Certificate From Server O
admin getppid List Parent Process Information
admin drives List Valid Drives In The System
admin date Get Current Date
admin getuid Get Username
admin pwd Get Current Working Dir
admin ls List System Files
creds loot_memory Crawl Processes Memory And Look For Cleartext Credentials ✓- (unable to verify working)
creds creddump Download The Hives From A Remote Windows System And Dump Creds
creds lazagne Retrieve Passwords Stored On The Target X (partially broken)
creds mimipy Run Mimipy To Retrieve Credentials From Memory O
creds creds Database Containing All Passwords Found
creds changeme Default Credential Scanner X
creds memstrings Dump Printable Strings From Process Memory For Futher Analysis
exploit mimikatz Execute Mimikatz From Memory X (can't find exe)
exploit exploit_suggester Exploit Suggester X (missing python library)
exploit shellcode_exec Executes The Supplied Shellcode On A Client O
exploit impersonate List/Impersonate Process Tokens X
gather keylogger A Keylogger To Monitor All Keyboards Interaction Including The Clipboard :-)
gather hashmon Try To Find Clear Text Passwords In Memory O
gather get_info Get Some Informations About One Or Multiple Clients
gather contacts To Get Contacts O
gather search Walk Through A Directory And Recursively Search A String Into Files ✓ (works, but docs are bad)
gather check_vm Check If Running On Virtual Machine X
gather outlook Interact With Outlook Session Of The Targeted User O
gather record_mic Record Sound With The Microphone ! O
gather pywerview Rewriting Of Some Powerview'S Functionalities In Python O
gather apps To Interact Manage Applications O
gather call To Get Call Details O
gather gpstracker To Interact With Gps O
gather mouselogger Log Mouse Clicks And Take Screenshots Of Areas Around It
gather powerview Execute Powerview Commands O
gather get_hwuuid Try To Get Uuid (Dmi) Or Machine-Id (Dbus/Linux) O
gather webcamsnap Take A Webcam Snap :) O
gather usniper Globally Capture String Or Register During Execution At Specified O
gather cloudinfo Retrieve Ec2/Digitalocean Metadata O
gather users Get Interactive Users
gather screenshot Take A Screenshot :)
gather ttyrec Globally Capture Intput/Output To Tty. Compatible With Kernels O
general exit Exit The Client On The Other Side ✓ (misleading description)
general process_kill Kill A Process
manage edit Edit Remote File Locally (Download->Edit->Upload) ✓ (how to change to other editor?)
manage upload Upload A File/Directory To A Remote System
manage hide_process Edit Current Process Argv & Env Not To Look Suspicious O
manage download Download A File/Directory From A Remote System
manage getprivs Manage Current Process Privileges
manage tasks Get Info About Registered Background Tasks
manage memory_exec Execute A Executable From Memory O
manage lock_screen Lock The Session
manage duplicate Duplicate The Current Pupy Payload By Executing It From Memory O
manage load_package Load A Python Package Onto A Remote Client. Packages Files Must Be Placed In One Of The Pupy/Packages/// Repository O
manage migrate Migrate Pupy Into Another Process Using Reflective Dll Injection
manage persistence Enables Persistence Via Registry Keys
network port_scan Run A Tcp Port Scan
network forward Local/Remote Port Forwarding And Socks Proxy
network tcpdump Module To Reproduce Some Of The Classic Tcpdump Tool Functions O
privesc getsystem Try To Get Nt Authority System Privileges
privesc bypassuac Try To Bypass Uac
privesc inveigh Execute Inveigh Commands
privesc privesc_checker Linux Privilege Escalation Scripts O
troll text_to_speach Use Android Text To Speach To Say Something :) O
troll vibrate Activate The Phone/Tablet Vibrator :) O
troll msgbox Pop Up A Custom Message Box