Embedder is a collection of sources in different programming languages (C++, Go, Nim, C#) that leverages the Embedding techinque to obtain execution of Python code. Embedder also aims at generating programs with small size that can run meaningful Python code, by loading only the minimum required dependencies to access the ctypes module (ctypes allows you to call Windows APIs directly with Python).
This is a way to run Pyramid without python.exe, using small PEs compiled in different languages in its place. Apart from its original purpose, this technique can be used to bring Python code execution virtually in every language that lets you interact with Windows APIs.
Drop python310.dll or your preferred version, _ctypes.pyd, libffi-7.dll and python310.zip on the folder where your executable is running, or change the load path accordingly in the source. You can find these files in the embeddable package downloadable from python.org (e.g. https://www.python.org/downloads/release/python-31010/).
paste your Python code and assign it to the pythoncode variable in the source. If using Pyramid, first start the server and use the python code generated.
- C#:
csc.exe embedder.cs - cpp:
cl /EHsc /Fe:embedder.exe embedder.cpp - nim: create a nim.cfg file like the following:
amd64.windows.gcc.path = "/usr/bin/"
amd64.windows.gcc.exe = "x86_64-w64-mingw32-gcc"
amd64.windows.gcc.linkerexe = "x86_64-w64-mingw32-gcc"
Then nim c --os:windows --cpu:amd64 -d:mingw embedder.nim
-
go:
go mod init main CGO_ENABLED=1 GOOS=windows GOARCH=amd64 CC=x86_64-w64-mingw32-gcc go build -o embedder.exe -
Rust:
cargo build --release -
Lua: The Lua script is interpreted by luajit.exe on the Windows target. You can build these, on your Kali or Windows machine, following the steps described here:
https://luajit.org/install.html
Once built and uploaded, you can run the embedder.lua like this:
.\luajit.exe .\embedder.lua
Using a 13 kB C# embedder assembly to run Python code bootstrapping a Pyramid module that injects mimikatz.exe with arguments.
c.mimi.mp4
Using a 267 kB C++ exe to run Python code bootstrapping a Pyramid module that injects chisel.exe with arguments
C++.chisel.mp4
Embedder is developed for educational, research, and legal security testing purposes. It is intended for use by security professionals and researchers with authorization to evaluate and improve security systems in a lawful manner. Users must comply with all applicable laws and ethical guidelines.
If you need to execute complex Python code with lots of dependencies, currently you need to drop all the pyd files that will be loaded during code execution and find a way to import also needed Python modules (drop on disk or in-memory). I won't provide support for Python code that it's not working. My focus is to make embedder work with some Pyramid modules using its in-memory import technique.