云鉴权>> pymemimporter>> 返回
项目作者: n1nj4sec

项目描述 :
import pyd or execute PE all from memory using only pure python code and some shellcode tricks
高级语言: Python
项目地址: git://github.com/n1nj4sec/pymemimporter.git
创建时间: 2017-03-16T17:58:11Z
项目社区:https://github.com/n1nj4sec/pymemimporter
开源协议:BSD 3-Clause "New" or "Revised" License
下载


pymemimporter

pymemimporter is a funny PoC that allows you to import any .pyd from memory with only pure python code (no .pyd) !

It basically executes a shellcode with ctypes to add _memimporter (from py2exe project) as a builtin python module :D

based on Joachim Bauch’s MemoryModule (https://github.com/fancycode/MemoryModule) and Didier Stevens’ ShellCodeMemoryModule (https://blog.didierstevens.com/programs/shellcode/)

Only implemented for python 32bit on Windows

usage: 

  1. C:\Users\me\Desktop>python.exe
  2. Python 2.7.11 (v2.7.11:6d1b6a68f775, Dec  5 2015, 20:32:19) [MSC v.1500 32 bit (Intel)] on win32
  3. Type "help", "copyright", "credits" or "license" for more information.
  4. >>> import pymemimporter
  5. >>> import _memimporter
  6. Traceback (most recent call last):
  7.   File "<stdin>", line 1, in <module>
  8.   ImportError: No module named _memimporter
  9. >>> pymemimporter.init()
  10. >>> import _memimporter
  11. >>> _memimporter
  12. <module '_memimporter' (built-in)>
  13. >>>

examples

running example/mimikatz32.py will load from memory a mimikatz interactive shell using only .py files as dependencies