# 第十七课：红蓝对抗渗透测试2

## 前言：

在团体渗透测试的项目中，如红蓝对抗，团队渗透测试比赛等，最重要的是过程与结果实时共享于团队，例如：A同学nmap目标站，B同学也nmap目标站，这在对抗比赛中是极其浪费时间也是非常容易引起防火墙，日志服务器或其他设备的警觉。所以打算写一系列关于未来团队渗透的对抗。争取做到过程与结果，团队实时共享。把曾经的团队作战经验形成一个适应对抗，比赛等的参考。 ![](/files/-LZJx3N9WLX5BpJDIsiP)

## popy简介：

Pupy是一个开源，跨平台（Windows，Linux，OSX，Android），多功能RAT（远程管理工具）和主要用python编写的后期开发工具。它具有全内存读取操作，进程注入等。Pupy可以使用各种传输进行通信，迁移到进程（注入），从内存加载远程Python代码。

项目地址：<https://github.com/n1nj4sec/pupy>

```bash
root@John:~/Desktop# git clone https://github.com/n1nj4sec/pupy.git
```

![](/files/-LZJx8k1xz-T5tNuwUZ3)

```bash
root@John:~/Desktop/pupy/pupy# pip install rpyc
```

![](/files/-LZJx8k7DKFjU6QepLf4)

```bash
root@John:~/Desktop/pupy/pupy# git submodule update
```

![](/files/-LZJx8kD65fnHpCOOehO)

```bash
root@John:~/Desktop/pupy/pupy# cd .. 
root@John:~/Desktop/pupy# pip install -r pupy/requirements.txt
```

![](/files/-LZJx8kJxEZW6oEhJMEi)

```bash
root@John:~/Desktop/pupy/# wget https://github.com/n1nj4sec/pupy/releases/download/latest/payload_templates.txz
```

![](/files/-LZJx8kMWojVk8TIrIiE)

```bash
root@John:~/Desktop/pupy# tar xvf payload_templates.txz && mv payload_templates/* pupy/payload_templates/ && rm payload_templates.txz && rm -r payload_templates
```

![](/files/-LZJx8kQ8hEoJHKlX8NB)

```bash
root@John:~/Desktop/pupy/pupy# apt-get install python-xlib
```

![](/files/-LZJx8kTLLuB4Q1d70AV)

![](/files/-LZJx8kXuGWd3uO3d6_1)

## 附录：

```bash
Collecting pyautogui
Using cached PyAutoGUI-0.9.36.tar.gz
Complete output from command python setup.py egg_info: 
Traceback (most recent call last):
    File "<string>", line 1, in <module>
    File "/tmp/pip-build-a90ODY/pyautogui/setup.py", line 6, in <module> version=__import__('pyautogui').__version__,
    File "pyautogui/__init__.py", line 115, in <module>
    from . import \_pyautogui_x11 as platformModule
    File "pyautogui/_pyautogui_x11.py", line 160, in <module>
    _display = Display(os.environ['DISPLAY'])
    File "/usr/lib/python2.7/UserDict.py", line 40, in __getitem__
    raise KeyError(key) 
KeyError: 'DISPLAY'
```

**must install on local server with GUI**

> Micropoor


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://micro8.gitbook.io/micro8/contents-1/11-20/17-hong-lan-dui-kang-shen-tou-ce-shi-2.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.