Install pykd

README.md

@@ -8,6 +8,7 @@ bespoke tooling for offensive security's Windows Usermode Exploit Dev course (OS
     - [find-gadgets.py](#find-gadgetspy)
     - [shellcoder.py](#shellcoderpy)
     - [install-mona.sh](#install-monash)
+    - [install-pykd-py3.sh](#install-pykd-py3sh)
     - [attach-process.ps1](#attach-processps1)
 - [WinDbg Scripts](#windbg-scripts)
     - [find-ppr.py](#find-pprpy)
@@ -177,6 +178,70 @@ Clipboard(error): xclip_handle_SelectionNotify(), unable to find a textual targe
 
 ```
 
+### install-pykd-py3.sh
+
+For python 3.9 & 3.8 only!
+
+downloads all components necessary to install pykd and prompts you to use an admin shell on the windows box to finish installation.
+
+##### Usage: `install-pykd-py3.sh <RDP_IP_Addr> <username> <password>`
+
+```
+[*] Script for installing pykd for python3.9 & 3.8
+Respect and original idea: epi052
+[+] Created temp directory: /tmp/tmp.R4MtcYZ1FP
+[+] Copy install-pykd-py3.ps1 to /tmp/tmp.R4MtcYZ1FP
+[+] once the RDP window opens, execute the following command in an Administrator terminal:
+
+powershell -c "cat \\tsclient\pykd_share\install-pykd-py3.ps1 | powershell -"
+
+[=] downloading https://github.com/user-attachments/files/18549260/pykd_ext_2.0.0.25_x86.zip
+[=] downloading https://files.pythonhosted.org/packages/67/f7/19b2380834b6b4312a89731b0f00c8185b7f1ac015f2947da2969de5b37d/pykd-0.3.4.15-cp39-none-win32.whl
+Autoselecting keyboard map 'en-us' from locale
+Core(warning): Certificate received from server is NOT trusted by this system, an exception has been added by the user to trust this specific certificate.
+Failed to initialize NLA, do you have correct Kerberos TGT initialized ?
+Core(warning): Certificate received from server is NOT trusted by this system, an exception has been added by the user to trust this specific certificate.
+Connection established using SSL.
+Protocol(warning): process_pdu_logon(), Unhandled login infotype 1
+Clipboard(error): xclip_handle_SelectionNotify(), unable to find a textual target to satisfy RDP clipboard text request
+```
+
+```
+powershell -c "cat \\tsclient\pykd_share\install-pykd-py3.ps1 | powershell -"
+[+] The script is running with administrative privileges.
+[+] Creating folders
+
+
+    Directory: C:\
+
+
+Mode                LastWriteTime         Length Name
+----                -------------         ------ ----
+d-----        2/15/2025  11:48 AM                Plugins
+
+
+
+
+    Directory: C:\Users\Administrator\Desktop
+
+
+Mode                LastWriteTime         Length Name
+----                -------------         ------ ----
+d-----        2/15/2025  11:48 AM                pykd_share
+
+
+[+] copy pykd.dll
+[+] installing pykd whl
+Processing c:\users\administrator\desktop\pykd_share\pykd-0.3.4.15-cp39-none-win32.whl
+Installing collected packages: pykd
+Successfully installed pykd-0.3.4.15
+[+] set env for windbg extension path
+[!] All done =]
+
+```
+
+
+
 ### attach-process.ps1
 
 Credit to discord user @SilverStr for the inspiration! 

install-pykd-py3.ps1

@@ -0,0 +1,69 @@
+function Test-Admin {
+    $currentUser = New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())
+    $isAdmin = $currentUser.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)
+
+    if ($isAdmin) {
+        Write-Output "[+] The script is running with administrative privileges."
+    } else {
+        Write-Output "[!] Error: The script is not running with administrative privileges."
+        exit
+    }
+}
+
+function Get-CurrentUserName {
+    $currentUser = [System.Security.Principal.WindowsIdentity]::GetCurrent()
+    $userName = $currentUser.Name.Split("\")[-1]
+    return $userName
+}
+
+function Check-PythonVersion {
+    $pythonver = python --version
+    $ver = $pythonver.Split(" ")[1] -replace "`n","" -replace "`r",""
+    $majorver = $ver.Split(".")[0]
+    $minorver = $ver.Split(".")[1]
+    if ([int]$majorver -ne 3){
+        Write-Output "[!] Error: The script needs python3"
+        exit
+    }
+    return $minorver
+}
+
+$py_minor_ver = Check-PythonVersion
+Write-Output "[+] Python3 minor version: $($py_minor_ver)"
+
+# Call the function to get the current username
+$currentUserName = Get-CurrentUserName
+
+Test-Admin
+
+Set-ExecutionPolicy bypass -Force
+
+$share_path = "\\tsclient\pykd_share"
+$install_dir = "C:\Users\$($currentUserName)\Desktop\pykd_share\"
+# hardcoded
+if ([int]$py_minor_ver -eq 8){
+    $pykd_whl = "pykd-0.3.4.15-cp38-none-win32.whl"
+}elseif ([int]$py_minor_ver -eq 9){
+    $pykd_whl = "pykd-0.3.4.15-cp39-none-win32.whl"
+}else{
+    Write-Output "[!] Error: Sorry not support for your python3 version"
+    exit
+}
+
+# create folders and copy the windbg extension to there
+Write-Output "[+] Creating folders"
+mkdir "C:\Plugins"
+mkdir "$($install_dir)"
+Write-Output "[+] copy pykd.dll"
+copy "$($share_path)\pykd.dll" "C:\Plugins\pykd.dll"
+
+# install whl
+Write-Output "[+] installing pykd whl"
+copy $share_path\$pykd_whl $install_dir
+pip install $install_dir\$pykd_whl
+
+# set env for windbg extension path
+Write-Output "[+] set env for windbg extension path"
+[environment]::SetEnvironmentVariable("_NT_DEBUGGER_EXTENSION_PATH", "C:\Plugins", "Machine")
+
+Write-Output "[!] All done =]"

install-pykd-py3.sh

@@ -0,0 +1,54 @@
+#!/bin/bash
+
+# Function to display usage information
+function display_help {
+    echo "Usage: install-pykd-py3.sh <RDP_IP_Addr> <username> <password>"
+    echo "Options:"
+    echo "  -h  Display this help message"
+}
+
+TOOLS=(
+    # From: https://github.com/ivellioscolin/pykd-ext/releases
+    "https://github.com/user-attachments/files/18549260/pykd_ext_2.0.0.25_x86.zip"
+    # From: https://pypi.org/project/pykd/#files
+    ## 3.9 x86
+    "https://files.pythonhosted.org/packages/67/f7/19b2380834b6b4312a89731b0f00c8185b7f1ac015f2947da2969de5b37d/pykd-0.3.4.15-cp39-none-win32.whl"
+    ## 3.8 x86
+    "https://files.pythonhosted.org/packages/f3/41/54f0561d2e431315b31a11b140953439e46ee6cfd0f944fc5600a2c90b84/pykd-0.3.4.15-cp38-none-win32.whl"
+)
+
+echo "[*] Script for installing pykd for python3.9 & 3.8"
+echo "Respect and original idea: epi052"
+
+# Check if no arguments provided or -h flag is used
+if [ $# -eq 0 ] || [ "$1" == "-h" ]; then
+    display_help
+    exit 0
+fi
+
+TMPDIR=$(mktemp -d)
+SHARENAME="pykd_share"
+SHARE="\\\\tsclient\\$SHARENAME"
+SCRIPT_NAME="install-pykd-py3.ps1"
+
+echo "[+] Created temp directory: $TMPDIR"
+echo "[+] Copy $SCRIPT_NAME to $TMPDIR"
+cp ./$SCRIPT_NAME $TMPDIR
+trap "rm -rf $TMPDIR" SIGINT
+
+pushd $TMPDIR >/dev/null
+
+echo "[+] once the RDP window opens, execute the following command in an Administrator terminal:"
+echo
+echo "powershell -c \"cat $SHARE\\$SCRIPT_NAME | powershell -\""
+echo
+
+for tool in "${TOOLS[@]}"; do
+    echo "[=] downloading $tool"
+    wget -q "$tool"
+done
+
+unzip -qqo *.zip
+
+# 1: IP address, 2: username, 3: password
+rdesktop ${1} -u ${2} -p ${3} -r disk:$SHARENAME=.