Use pupy, a Linux remote access tools
In one of my previous articlesI discussed how setup wireless network , a remote administration tool that makes itself obvious. The goal is to see if the user could detect a remote administration tool or RAT on their system. In this article, I’ll be demonstrating the use of Pupy, an actual RAT, on a target Ubuntu 16.04 server.
A RAT is a program that allows the remote control and administration of a computer, either for technical support or more nefarious goals. I’ve been a fan of RATs since I was first introduced to them. I spent more time than I’d like to admit playing with tools like Sub7 and Backorifice. They were powerful, easy to install, and rarely detected.
Pupy is a modern RAT, currently still in development, but miles ahead of early RATs. For starters, Pupy allows the generation of multiple types of payloads with different data exfiltration options, which can be stacked. Communication back to the C&C (command and control) server is very configurable, and Pupy also comes with an embedded Python interpreter. This allows Pupy’s modules to fetch Python packages from memory, and remotely access Python objects
Pupy uses an
all-in-memory execution guideline, which keeps its footprint very low while reducing the likelihood of being detected. Since it never touches the disk, it’s able to execute python modules in-memory on the target without being detected. It includes many modules that are geared towards post-exploitation and information gathering, meaning that even if it is executed as a low privilege user, it will connect back and give you plenty of options for privilege escalation.