第十七課:紅藍對抗?jié)B透測試2
專注APT攻擊與防御
https://micropoor.blogspot.com/
前言:
在團體滲透測試的項目中,如紅藍對抗,團隊滲透測試比賽等,最重要的是過程與結果實時共享于團隊,例如:A同學nmap目標站,B同學也nmap目標站,這在對抗比賽中是極其浪費時間也是非常容易引起防火墻,日志服務器或其他設備的警覺。所以打算寫一系列關于未來團隊滲透的對抗。爭取做到過程與結果,團隊實時共享。把曾經(jīng)的團隊作戰(zhàn)經(jīng)驗形成一個適應對抗,比賽等的參考。
popy簡介:
Pupy是一個開源,跨平臺(Windows,Linux,OSX,Android),多功能RAT(遠程管理工具)和主要用python編寫的后期開發(fā)工具。它具有全內(nèi)存讀取操作,進程注入等。Pupy可以使用各種傳輸進行通信,遷移到進程(注入),從內(nèi)存加載遠程Python代碼。
項目地址:https://github.com/n1nj4sec/pupy
root@John:~/Desktop# git clone https://github.com/n1nj4sec/pupy.git
root@John:~/Desktop/pupy/pupy# pip install rpyc
root@John:~/Desktop/pupy/pupy# git submodule update
root@John:~/Desktop/pupy/pupy# cd ..
root@John:~/Desktop/pupy# pip install -r pupy/requirements.txt
root@John:~/Desktop/pupy/# wget
https://github.com/n1nj4sec/pupy/releases/download/latest/payload_templates.txz
root@John:~/Desktop/pupy# tar xvf payload_templates.txz && mv
payload_templates/* pupy/payload_templates/ && rm payload_templates.txz &&
rm -r payload_templates
root@John:~/Desktop/pupy/pupy# apt-get install python-xlib
附錄:
Collecting pyautogui
Using cached PyAutoGUI-0.9.36.tar.gz
Complete output from command python setup.py egg_info:
Traceback (most recent call last):
File "<string>", line 1, in <module>
File "/attach/201901/pip-build-a90ODY/pyautogui/setup.py", line 6, in <module>
version=__import__('pyautogui').__version__,
File "pyautogui/__init__.py", line 115, in <module>
from . import _pyautogui_x11 as platformModule
File "pyautogui/_pyautogui_x11.py", line 160, in <module>
_display = Display(os.environ['DISPLAY'])
File "/usr/lib/python2.7/UserDict.py", line 40, in __getitem__
raise KeyError(key)
KeyError: 'DISPLAY'
must install on local server with GUI
Micropoor
?
