From fac3874946cb0e94f10704b064c2693988549870 Mon Sep 17 00:00:00 2001 From: 0Nightsedge0 Date: Sun, 16 Feb 2025 03:55:30 +0800 Subject: [PATCH 1/3] Added for install pykd for Windows python 3.9 Windbg --- README.md | 65 +++++++++++++++++++++++++++++++++++++++++++ install-pykd-py39.ps1 | 46 ++++++++++++++++++++++++++++++ install-pykd-py39.sh | 49 ++++++++++++++++++++++++++++++++ 3 files changed, 160 insertions(+) create mode 100644 install-pykd-py39.ps1 create mode 100755 install-pykd-py39.sh diff --git a/README.md b/README.md index b7432ab..13cc1e2 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,7 @@ bespoke tooling for offensive security's Windows Usermode Exploit Dev course (OS - [find-gadgets.py](#find-gadgetspy) - [shellcoder.py](#shellcoderpy) - [install-mona.sh](#install-monash) + - [install-pykd-py39.sh](#install-pykd-py39sh) - [attach-process.ps1](#attach-processps1) - [WinDbg Scripts](#windbg-scripts) - [find-ppr.py](#find-pprpy) @@ -177,6 +178,70 @@ Clipboard(error): xclip_handle_SelectionNotify(), unable to find a textual targe ``` +### install-pykd-py39.sh + +For python 3.9 only! + +downloads all components necessary to install pykd and prompts you to use an admin shell on the windows box to finish installation. + +##### Usage: `install-pykd-py39.sh ` + +``` +[*] Script for installing pykd for python3.9 +Respect and original idea: epi052 +[+] Created temp directory: /tmp/tmp.R4MtcYZ1FP +[+] Copy install-pykd-py39.ps1 to /tmp/tmp.R4MtcYZ1FP +[+] once the RDP window opens, execute the following command in an Administrator terminal: + +powershell -c "cat \\tsclient\pykd_share\install-pykd-py39.ps1 | powershell -" + +[=] downloading https://github.com/user-attachments/files/18549260/pykd_ext_2.0.0.25_x86.zip +[=] downloading https://files.pythonhosted.org/packages/67/f7/19b2380834b6b4312a89731b0f00c8185b7f1ac015f2947da2969de5b37d/pykd-0.3.4.15-cp39-none-win32.whl +Autoselecting keyboard map 'en-us' from locale +Core(warning): Certificate received from server is NOT trusted by this system, an exception has been added by the user to trust this specific certificate. +Failed to initialize NLA, do you have correct Kerberos TGT initialized ? +Core(warning): Certificate received from server is NOT trusted by this system, an exception has been added by the user to trust this specific certificate. +Connection established using SSL. +Protocol(warning): process_pdu_logon(), Unhandled login infotype 1 +Clipboard(error): xclip_handle_SelectionNotify(), unable to find a textual target to satisfy RDP clipboard text request +``` + +``` +powershell -c "cat \\tsclient\pykd_share\install-pykd-py39.ps1 | powershell -" +[+] The script is running with administrative privileges. +[+] Creating folders + + + Directory: C:\ + + +Mode LastWriteTime Length Name +---- ------------- ------ ---- +d----- 2/15/2025 11:48 AM Plugins + + + + + Directory: C:\Users\Administrator\Desktop + + +Mode LastWriteTime Length Name +---- ------------- ------ ---- +d----- 2/15/2025 11:48 AM pykd_share + + +[+] copy pykd.dll +[+] installing pykd whl +Processing c:\users\administrator\desktop\pykd_share\pykd-0.3.4.15-cp39-none-win32.whl +Installing collected packages: pykd +Successfully installed pykd-0.3.4.15 +[+] set env for windbg extension path +[!] All done =] + +``` + + + ### attach-process.ps1 Credit to discord user @SilverStr for the inspiration! diff --git a/install-pykd-py39.ps1 b/install-pykd-py39.ps1 new file mode 100644 index 0000000..fec85ed --- /dev/null +++ b/install-pykd-py39.ps1 @@ -0,0 +1,46 @@ +function Test-Admin { + $currentUser = New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent()) + $isAdmin = $currentUser.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator) + + if ($isAdmin) { + Write-Output "[+] The script is running with administrative privileges." + } else { + Write-Output "[!] Error: The script is not running with administrative privileges." + exit + } +} + +function Get-CurrentUserName { + $currentUser = [System.Security.Principal.WindowsIdentity]::GetCurrent() + $userName = $currentUser.Name.Split("\")[-1] + return $userName +} + +# Call the function to get the current username +$currentUserName = Get-CurrentUserName + +Test-Admin + +Set-ExecutionPolicy bypass -Force + +$share_path = "\\tsclient\pykd_share" +$install_dir = "C:\Users\$($currentUserName)\Desktop\pykd_share\" +$pykd_whl = "pykd-0.3.4.15-cp39-none-win32.whl" + +# create folders and copy the windbg extension to there +Write-Output "[+] Creating folders" +mkdir "C:\Plugins" +mkdir "$($install_dir)" +Write-Output "[+] copy pykd.dll" +copy "$($share_path)\pykd.dll" "C:\Plugins\pykd.dll" + +# install whl +Write-Output "[+] installing pykd whl" +copy $share_path\$pykd_whl $install_dir +pip install $install_dir\$pykd_whl + +# set env for windbg extension path +Write-Output "[+] set env for windbg extension path" +[environment]::SetEnvironmentVariable("_NT_DEBUGGER_EXTENSION_PATH", "C:\Plugins", "Machine") + +Write-Output "[!] All done =]" \ No newline at end of file diff --git a/install-pykd-py39.sh b/install-pykd-py39.sh new file mode 100755 index 0000000..0ed4924 --- /dev/null +++ b/install-pykd-py39.sh @@ -0,0 +1,49 @@ +#!/bin/bash + +# Function to display usage information +function display_help { + echo "Usage: install-pykd-py39.sh " + echo "Options:" + echo " -h Display this help message" +} + +TOOLS=( + "https://github.com/user-attachments/files/18549260/pykd_ext_2.0.0.25_x86.zip" + "https://files.pythonhosted.org/packages/67/f7/19b2380834b6b4312a89731b0f00c8185b7f1ac015f2947da2969de5b37d/pykd-0.3.4.15-cp39-none-win32.whl" +) + +echo "[*] Script for installing pykd for python3.9" +echo "Respect and original idea: epi052" + +# Check if no arguments provided or -h flag is used +if [ $# -eq 0 ] || [ "$1" == "-h" ]; then + display_help + exit 0 +fi + +TMPDIR=$(mktemp -d) +SHARENAME="pykd_share" +SHARE="\\\\tsclient\\$SHARENAME" +SCRIPT_NAME="install-pykd-py39.ps1" + +echo "[+] Created temp directory: $TMPDIR" +echo "[+] Copy $SCRIPT_NAME to $TMPDIR" +cp ./$SCRIPT_NAME $TMPDIR +trap "rm -rf $TMPDIR" SIGINT + +pushd $TMPDIR >/dev/null + +echo "[+] once the RDP window opens, execute the following command in an Administrator terminal:" +echo +echo "powershell -c \"cat $SHARE\\$SCRIPT_NAME | powershell -\"" +echo + +for tool in "${TOOLS[@]}"; do + echo "[=] downloading $tool" + wget -q "$tool" +done + +unzip -qqo *.zip + +# 1: IP address, 2: username, 3: password +rdesktop ${1} -u ${2} -p ${3} -r disk:$SHARENAME=. From 159a55ed5077714aad3d01b217bec220a617371c Mon Sep 17 00:00:00 2001 From: 0Nightsedge0 Date: Fri, 21 Feb 2025 16:14:52 +0800 Subject: [PATCH 2/3] support py3.8 --- README.md | 14 +++++------ install-pykd-py39.ps1 => install-pykd-py3.ps1 | 25 ++++++++++++++++++- install-pykd-py39.sh => install-pykd-py3.sh | 11 +++++--- 3 files changed, 39 insertions(+), 11 deletions(-) rename install-pykd-py39.ps1 => install-pykd-py3.ps1 (67%) rename install-pykd-py39.sh => install-pykd-py3.sh (71%) diff --git a/README.md b/README.md index 13cc1e2..831c022 100644 --- a/README.md +++ b/README.md @@ -178,22 +178,22 @@ Clipboard(error): xclip_handle_SelectionNotify(), unable to find a textual targe ``` -### install-pykd-py39.sh +### install-pykd-py3.sh -For python 3.9 only! +For python 3.9 & 3.8 only! downloads all components necessary to install pykd and prompts you to use an admin shell on the windows box to finish installation. -##### Usage: `install-pykd-py39.sh ` +##### Usage: `install-pykd-py3.sh ` ``` -[*] Script for installing pykd for python3.9 +[*] Script for installing pykd for python3.9 & 3.8 Respect and original idea: epi052 [+] Created temp directory: /tmp/tmp.R4MtcYZ1FP -[+] Copy install-pykd-py39.ps1 to /tmp/tmp.R4MtcYZ1FP +[+] Copy install-pykd-py3.ps1 to /tmp/tmp.R4MtcYZ1FP [+] once the RDP window opens, execute the following command in an Administrator terminal: -powershell -c "cat \\tsclient\pykd_share\install-pykd-py39.ps1 | powershell -" +powershell -c "cat \\tsclient\pykd_share\install-pykd-py3.ps1 | powershell -" [=] downloading https://github.com/user-attachments/files/18549260/pykd_ext_2.0.0.25_x86.zip [=] downloading https://files.pythonhosted.org/packages/67/f7/19b2380834b6b4312a89731b0f00c8185b7f1ac015f2947da2969de5b37d/pykd-0.3.4.15-cp39-none-win32.whl @@ -207,7 +207,7 @@ Clipboard(error): xclip_handle_SelectionNotify(), unable to find a textual targe ``` ``` -powershell -c "cat \\tsclient\pykd_share\install-pykd-py39.ps1 | powershell -" +powershell -c "cat \\tsclient\pykd_share\install-pykd-py3.ps1 | powershell -" [+] The script is running with administrative privileges. [+] Creating folders diff --git a/install-pykd-py39.ps1 b/install-pykd-py3.ps1 similarity index 67% rename from install-pykd-py39.ps1 rename to install-pykd-py3.ps1 index fec85ed..5f74771 100644 --- a/install-pykd-py39.ps1 +++ b/install-pykd-py3.ps1 @@ -16,6 +16,21 @@ function Get-CurrentUserName { return $userName } +function Check-PythonVersion { + $pythonver = python --version + $ver = $pythonver.Split(" ")[1] -replace "`n","" -replace "`r","" + $majorver = $ver.Split(".")[0] + $minorver = $ver.Split(".")[1] + if ([int]$majorver -ne 3){ + Write-Output "[!] Error: The script needs python3" + exit + } + return $minorver +} + +$py_minor_ver = Check-PythonVersion +Write-Output "[+] Python3 minor version: $($py_minor_ver)" + # Call the function to get the current username $currentUserName = Get-CurrentUserName @@ -25,7 +40,15 @@ Set-ExecutionPolicy bypass -Force $share_path = "\\tsclient\pykd_share" $install_dir = "C:\Users\$($currentUserName)\Desktop\pykd_share\" -$pykd_whl = "pykd-0.3.4.15-cp39-none-win32.whl" +# hardcoded +if ([int]$py_minor_ver -eq 8){ + $pykd_whl = "pykd-0.3.4.15-cp38-none-win32.whl" +}elseif ([int]$py_minor_ver -eq 9){ + $pykd_whl = "pykd-0.3.4.15-cp39-none-win32.whl" +}else{ + Write-Output "[!] Error: Sorry not support for your python3 version" + exit +} # create folders and copy the windbg extension to there Write-Output "[+] Creating folders" diff --git a/install-pykd-py39.sh b/install-pykd-py3.sh similarity index 71% rename from install-pykd-py39.sh rename to install-pykd-py3.sh index 0ed4924..26f56b4 100755 --- a/install-pykd-py39.sh +++ b/install-pykd-py3.sh @@ -2,17 +2,22 @@ # Function to display usage information function display_help { - echo "Usage: install-pykd-py39.sh " + echo "Usage: install-pykd-py3.sh " echo "Options:" echo " -h Display this help message" } TOOLS=( + # From: https://github.com/ivellioscolin/pykd-ext/releases "https://github.com/user-attachments/files/18549260/pykd_ext_2.0.0.25_x86.zip" + # From: https://pypi.org/project/pykd/#files + ## 3.9 x86 "https://files.pythonhosted.org/packages/67/f7/19b2380834b6b4312a89731b0f00c8185b7f1ac015f2947da2969de5b37d/pykd-0.3.4.15-cp39-none-win32.whl" + ## 3.8 x86 + "https://files.pythonhosted.org/packages/f3/41/54f0561d2e431315b31a11b140953439e46ee6cfd0f944fc5600a2c90b84/pykd-0.3.4.15-cp38-none-win32.whl" ) -echo "[*] Script for installing pykd for python3.9" +echo "[*] Script for installing pykd for python3.9 & 3.8" echo "Respect and original idea: epi052" # Check if no arguments provided or -h flag is used @@ -24,7 +29,7 @@ fi TMPDIR=$(mktemp -d) SHARENAME="pykd_share" SHARE="\\\\tsclient\\$SHARENAME" -SCRIPT_NAME="install-pykd-py39.ps1" +SCRIPT_NAME="install-pykd-py3.ps1" echo "[+] Created temp directory: $TMPDIR" echo "[+] Copy $SCRIPT_NAME to $TMPDIR" From 18d3b2b522ac68a1e457e7bf6f2e560dcb37f7d2 Mon Sep 17 00:00:00 2001 From: 0Nightsedge0 Date: Fri, 21 Feb 2025 16:16:35 +0800 Subject: [PATCH 3/3] fix TOC --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 831c022..901cb6b 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ bespoke tooling for offensive security's Windows Usermode Exploit Dev course (OS - [find-gadgets.py](#find-gadgetspy) - [shellcoder.py](#shellcoderpy) - [install-mona.sh](#install-monash) - - [install-pykd-py39.sh](#install-pykd-py39sh) + - [install-pykd-py3.sh](#install-pykd-py3sh) - [attach-process.ps1](#attach-processps1) - [WinDbg Scripts](#windbg-scripts) - [find-ppr.py](#find-pprpy)