Codebase list fudgec2 / master debian / patches / Store-generated-files-in-home-user-dir.patch
master

Tree @master (Download .tar.gz)

Store-generated-files-in-home-user-dir.patch @masterraw · history · blame 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
From: Sophie Brun <[email protected]>
Date: Tue, 17 Mar 2020 16:17:45 +0100
Subject: Store generated files in home user dir

Description: Store the generated files in ~/.local/fudgec2 instead of
/usr/share/fudgec2/Storage. settings.py are still in /usr/share/fudgec2/Storage.
Last-Update: 2020-03-17
---
 FudgeC2/Controller.py                      | 8 ++++++--
 FudgeC2/Data/Database.py                   | 2 +-
 FudgeC2/Data/models.py                     | 2 +-
 FudgeC2/Listeners/HttpListener.py          | 7 ++++---
 FudgeC2/Listeners/ListenerManagement.py    | 2 +-
 FudgeC2/ServerApp/ImplantManager.py        | 4 ++--
 FudgeC2/ServerApp/modules/ExportManager.py | 6 +++---
 FudgeC2/ServerApp/templates/HelpPage.html  | 4 ++--
 FudgeC2/Storage/settings.py                | 6 ++++--
 9 files changed, 24 insertions(+), 17 deletions(-)

diff --git a/FudgeC2/Controller.py b/FudgeC2/Controller.py
index 723c37f..db8edc5 100644
--- a/FudgeC2/Controller.py
+++ b/FudgeC2/Controller.py
@@ -3,14 +3,18 @@ import _thread
 import time
 import os
 
+DB_PATH = os.path.expanduser("~/.local/fudgec2/Storage")
+if not os.path.isdir(DB_PATH):
+    os.makedirs(DB_PATH, exist_ok=True)
+
 from Storage.settings import Settings
 from ServerApp import ImplantManager
 from Listeners import ListenerManagement
 
 
 def check_tls_certificates(cert, key):
-    cert_result = os.path.isfile(os.getcwd() + "/Storage/" + cert)
-    key_result = os.path.isfile(os.getcwd() + "/Storage/" + key)
+    cert_result = os.path.isfile(os.path.expanduser("~/.local/fudgec2/Storage/") + cert)
+    key_result = os.path.isfile(os.path.expanduser("~/.local/fudgec2/Storage/") + key)
     if key_result is False or cert_result is False:
         print("Warning: Missing crypto keys for TLS listeners. These will fail to boot.")
     return
diff --git a/FudgeC2/Data/Database.py b/FudgeC2/Data/Database.py
index 7871a22..e6e94d6 100644
--- a/FudgeC2/Data/Database.py
+++ b/FudgeC2/Data/Database.py
@@ -24,7 +24,7 @@ CL = CampaignLoggingDecorator()
 
 class Database:
     def __init__(self):
-        path = os.getcwd() + "/Storage/"
+        path = os.path.expanduser("~/.local/fudgec2/Storage/")
         engine = create_engine(f"sqlite:///{path}/{Settings.database_name}?check_same_thread=False")
 
         self.selectors = {
diff --git a/FudgeC2/Data/models.py b/FudgeC2/Data/models.py
index 18476f8..e044d6d 100644
--- a/FudgeC2/Data/models.py
+++ b/FudgeC2/Data/models.py
@@ -147,6 +147,6 @@ class Listeners(Base):
 # -- Generate an empty database if no database is found.
 # --    additional checks for file existence would be sensible first
 
-path = os.getcwd() + "/Storage/"
+path = os.path.expanduser("~/.local/fudgec2/Storage/")
 engine = create_engine(f"sqlite:///{path}/{Settings.database_name}?check_same_thread=False", echo=False)
 Base.metadata.create_all(engine)
diff --git a/FudgeC2/Listeners/HttpListener.py b/FudgeC2/Listeners/HttpListener.py
index 7a4bef2..d2e1446 100644
--- a/FudgeC2/Listeners/HttpListener.py
+++ b/FudgeC2/Listeners/HttpListener.py
@@ -15,7 +15,8 @@ app.config['SECRET_KEY'] = str(uuid4())
 
 # Adding the functions which manage encoding built in commands for transfer
 def craft_sound_file(value_dict, command_id):
-    path = f"{os.getcwd()}/Storage/implant_resources/{value_dict['args']}"
+
+    path = f"{os.path.expanduser('~/.local/fudgec2')}/Storage/implant_resources/{value_dict['args']}"
     with open(path, 'rb') as file:
         audio = base64.standard_b64encode(file.read()).decode()
         final_audio = f"{value_dict['type']}{command_id}{audio}"
@@ -33,7 +34,7 @@ def craft_file_upload(value_dict, command_id):
     arg_dict = value_dict['args'].split(" ")
     local_file = arg_dict[0]
     target_location = arg_dict[1]
-    with open (os.getcwd()+"/Storage/implant_resources/"+local_file, 'rb') as file_h:
+    with open (os.path.expanduser("~/.local/fudgec2/Storage/implant_resources/")+local_file, 'rb') as file_h:
         a = file_h.read()
         b = base64.b64encode(a).decode()
         final_str = base64.b64encode(target_location.encode()).decode()+"::"+b
@@ -62,7 +63,7 @@ def craft_export_clipboard(value_dict, command_id):
 
 def craft_load_module(value_dict, command_id):
     try:
-        with open(str(os.getcwd()+"/Storage/implant_resources/modules/"+value_dict['args']+".ps1"), 'r') as fileh:
+        with open(str(os.path.expanduser("~/.local/fudgec2/Storage/implant_resources/modules/")+value_dict['args']+".ps1"), 'r') as fileh:
             to_encode = f"{value_dict['args']}::{fileh.read()}"
             load_module_string = "LM" + command_id + base64.b64encode(to_encode.encode()).decode()
             return load_module_string
diff --git a/FudgeC2/Listeners/ListenerManagement.py b/FudgeC2/Listeners/ListenerManagement.py
index 310a8bd..dba7eb5 100644
--- a/FudgeC2/Listeners/ListenerManagement.py
+++ b/FudgeC2/Listeners/ListenerManagement.py
@@ -33,7 +33,7 @@ class HttpListener(Listener):
     # Read settings before this becomes an issue!
     tls_key = "server.key"
     tls_cert = "server.crt"
-    path = os.getcwd() + "/Storage/"
+    path = os.path.expanduser("~/.local/fudgec2/Storage/")
 
     def _create_app(self, listener_type):
         import Listeners.HttpListener
diff --git a/FudgeC2/ServerApp/ImplantManager.py b/FudgeC2/ServerApp/ImplantManager.py
index f0c04fe..e4afba4 100644
--- a/FudgeC2/ServerApp/ImplantManager.py
+++ b/FudgeC2/ServerApp/ImplantManager.py
@@ -172,7 +172,7 @@ def help_page():
 @login_required
 def GlobalListenerPage():
     if app.config['listener_management'].check_tls_certificates() is False:
-        flash('TLS certificates do not exist within the <install dir>/FudgeC2/Storage directory.')
+        flash('TLS certificates do not exist within the <home dir>/.local/fudgec2/Storage directory.')
     return render_template("listeners/listeners.html",
                            test_data=app.config['listener_management'].get_active_listeners())
 
@@ -302,7 +302,7 @@ def export_campaign_by_cid(cid):
         if filename is False:
             return "False"
         else:
-            return send_file("../Storage/ExportedCampaigns/"+filename, as_attachment=True, attachment_filename="filename")
+            return send_file(os.path.expanduser("~/.local/fudgec2/Storage/ExportedCampaigns/")+filename, as_attachment=True, attachment_filename="filename")
     else:
         export_result = ExpoManager.export_campaign_database(current_user.user_email, cid)
         if export_result is not False:
diff --git a/FudgeC2/ServerApp/modules/ExportManager.py b/FudgeC2/ServerApp/modules/ExportManager.py
index ed8a88d..4a3ed9f 100644
--- a/FudgeC2/ServerApp/modules/ExportManager.py
+++ b/FudgeC2/ServerApp/modules/ExportManager.py
@@ -39,7 +39,7 @@ class DbCreator:
     def __init__(self, filename):
         filename = filename
 
-        path = os.getcwd() + "/Storage/ExportedCampaigns/"
+        path = os.path.expanduser("~/.local/fudgec2/Storage/ExportedCampaigns/")
         database_name = filename
 
         engine = create_engine(f"sqlite:///{path}/{database_name}?check_same_thread=False", echo=False)
@@ -52,7 +52,7 @@ class DbCreator:
 class CampaignExportManager:
     export_db = None
     db = Database()
-    file_dir = "Storage/ExportedCampaigns/"
+    file_dir = os.path.expanduser("~/.local/fudgec2/Storage/ExportedCampaigns/")
 
     def test(self, filename, file_dir):
         # check file name for uniqueness.
@@ -114,7 +114,7 @@ class CampaignExportManager:
 
         campaign_name = self.db.campaign.Get_CampaignNameFromCID(cid)
         file_name = f"{campaign_name.replace(' ', '_')}_{time.time()}"
-        file_dir = "Storage/ExportedCampaigns/"
+        file_dir = os.path.expanduser("~/.local/fudgec2/Storage/ExportedCampaigns/")
         a = os.listdir(file_dir)
         database = file_dir + file_name
         if file_name in a:
diff --git a/FudgeC2/ServerApp/templates/HelpPage.html b/FudgeC2/ServerApp/templates/HelpPage.html
index 3591447..5c787a8 100644
--- a/FudgeC2/ServerApp/templates/HelpPage.html
+++ b/FudgeC2/ServerApp/templates/HelpPage.html
@@ -62,7 +62,7 @@
 
                 <div class="col-sm-4 p-1 border-bottom"><code>:: upload_file [local filename] [[path] filename ] </code></div>
                 <div class="col-sm-8 p-1 border-bottom">Uploads a target file to the supplied directory. All target upload files should be placed in:<br>
-                    <span class="">{installation dir}/FudgeC2/Storage/implant_resources/</span>
+                    <span class="">{home dir}/.local/fudgec2/Storage/implant_resources/</span>
                 </div>
 
                 <div class="col-sm-12 border-bottom"><pre>Under development:</pre></div>
@@ -111,4 +111,4 @@
         </div>
     </div>
 </div>
-{% endblock %}
\ No newline at end of file
+{% endblock %}
diff --git a/FudgeC2/Storage/settings.py b/FudgeC2/Storage/settings.py
index 4d416a6..52b5c7b 100644
--- a/FudgeC2/Storage/settings.py
+++ b/FudgeC2/Storage/settings.py
@@ -1,3 +1,5 @@
+import os
+
 class Settings:
     version = "0.5.0"
     version_name = "Goblin Alchemist"
@@ -10,8 +12,8 @@ class Settings:
     # This should be set to False for any non-development/testing deployments.
     server_app_debug = True
     # Cert & key file names used for TLS connections. These should be PEM formatted.
-    #   Files will be stored in: '<install dir>/FudgeC2/Storage'.
+    #   Files will be stored in: '<home dir>/.local/fudgec2/Storage'.
     tls_listener_cert = "server.crt"
     tls_listener_key = "server.key"
     # This is the folder in which all implant file download will be sent to.
-    file_download_folder = "./Storage/campaign_downloads/"
\ No newline at end of file
+    file_download_folder = os.path.expanduser("~/.local/fudgec2/Storage/campaign_downloads/")