From: Sophie Brun <[email protected]>
Date: Tue, 17 Mar 2020 16:17:45 +0100
Subject: Store generated files in home user dir
Description: Store the generated files in ~/.local/fudgec2 instead of
/usr/share/fudgec2/Storage. settings.py are still in /usr/share/fudgec2/Storage.
Last-Update: 2020-03-17
---
FudgeC2/Controller.py | 8 ++++++--
FudgeC2/Data/Database.py | 2 +-
FudgeC2/Data/models.py | 2 +-
FudgeC2/Listeners/HttpListener.py | 7 ++++---
FudgeC2/Listeners/ListenerManagement.py | 2 +-
FudgeC2/ServerApp/ImplantManager.py | 4 ++--
FudgeC2/ServerApp/modules/ExportManager.py | 6 +++---
FudgeC2/ServerApp/templates/HelpPage.html | 4 ++--
FudgeC2/Storage/settings.py | 6 ++++--
9 files changed, 24 insertions(+), 17 deletions(-)
diff --git a/FudgeC2/Controller.py b/FudgeC2/Controller.py
index 723c37f..db8edc5 100644
--- a/FudgeC2/Controller.py
+++ b/FudgeC2/Controller.py
@@ -3,14 +3,18 @@ import _thread
import time
import os
+DB_PATH = os.path.expanduser("~/.local/fudgec2/Storage")
+if not os.path.isdir(DB_PATH):
+ os.makedirs(DB_PATH, exist_ok=True)
+
from Storage.settings import Settings
from ServerApp import ImplantManager
from Listeners import ListenerManagement
def check_tls_certificates(cert, key):
- cert_result = os.path.isfile(os.getcwd() + "/Storage/" + cert)
- key_result = os.path.isfile(os.getcwd() + "/Storage/" + key)
+ cert_result = os.path.isfile(os.path.expanduser("~/.local/fudgec2/Storage/") + cert)
+ key_result = os.path.isfile(os.path.expanduser("~/.local/fudgec2/Storage/") + key)
if key_result is False or cert_result is False:
print("Warning: Missing crypto keys for TLS listeners. These will fail to boot.")
return
diff --git a/FudgeC2/Data/Database.py b/FudgeC2/Data/Database.py
index 7871a22..e6e94d6 100644
--- a/FudgeC2/Data/Database.py
+++ b/FudgeC2/Data/Database.py
@@ -24,7 +24,7 @@ CL = CampaignLoggingDecorator()
class Database:
def __init__(self):
- path = os.getcwd() + "/Storage/"
+ path = os.path.expanduser("~/.local/fudgec2/Storage/")
engine = create_engine(f"sqlite:///{path}/{Settings.database_name}?check_same_thread=False")
self.selectors = {
diff --git a/FudgeC2/Data/models.py b/FudgeC2/Data/models.py
index 18476f8..e044d6d 100644
--- a/FudgeC2/Data/models.py
+++ b/FudgeC2/Data/models.py
@@ -147,6 +147,6 @@ class Listeners(Base):
# -- Generate an empty database if no database is found.
# -- additional checks for file existence would be sensible first
-path = os.getcwd() + "/Storage/"
+path = os.path.expanduser("~/.local/fudgec2/Storage/")
engine = create_engine(f"sqlite:///{path}/{Settings.database_name}?check_same_thread=False", echo=False)
Base.metadata.create_all(engine)
diff --git a/FudgeC2/Listeners/HttpListener.py b/FudgeC2/Listeners/HttpListener.py
index 7a4bef2..d2e1446 100644
--- a/FudgeC2/Listeners/HttpListener.py
+++ b/FudgeC2/Listeners/HttpListener.py
@@ -15,7 +15,8 @@ app.config['SECRET_KEY'] = str(uuid4())
# Adding the functions which manage encoding built in commands for transfer
def craft_sound_file(value_dict, command_id):
- path = f"{os.getcwd()}/Storage/implant_resources/{value_dict['args']}"
+
+ path = f"{os.path.expanduser('~/.local/fudgec2')}/Storage/implant_resources/{value_dict['args']}"
with open(path, 'rb') as file:
audio = base64.standard_b64encode(file.read()).decode()
final_audio = f"{value_dict['type']}{command_id}{audio}"
@@ -33,7 +34,7 @@ def craft_file_upload(value_dict, command_id):
arg_dict = value_dict['args'].split(" ")
local_file = arg_dict[0]
target_location = arg_dict[1]
- with open (os.getcwd()+"/Storage/implant_resources/"+local_file, 'rb') as file_h:
+ with open (os.path.expanduser("~/.local/fudgec2/Storage/implant_resources/")+local_file, 'rb') as file_h:
a = file_h.read()
b = base64.b64encode(a).decode()
final_str = base64.b64encode(target_location.encode()).decode()+"::"+b
@@ -62,7 +63,7 @@ def craft_export_clipboard(value_dict, command_id):
def craft_load_module(value_dict, command_id):
try:
- with open(str(os.getcwd()+"/Storage/implant_resources/modules/"+value_dict['args']+".ps1"), 'r') as fileh:
+ with open(str(os.path.expanduser("~/.local/fudgec2/Storage/implant_resources/modules/")+value_dict['args']+".ps1"), 'r') as fileh:
to_encode = f"{value_dict['args']}::{fileh.read()}"
load_module_string = "LM" + command_id + base64.b64encode(to_encode.encode()).decode()
return load_module_string
diff --git a/FudgeC2/Listeners/ListenerManagement.py b/FudgeC2/Listeners/ListenerManagement.py
index 310a8bd..dba7eb5 100644
--- a/FudgeC2/Listeners/ListenerManagement.py
+++ b/FudgeC2/Listeners/ListenerManagement.py
@@ -33,7 +33,7 @@ class HttpListener(Listener):
# Read settings before this becomes an issue!
tls_key = "server.key"
tls_cert = "server.crt"
- path = os.getcwd() + "/Storage/"
+ path = os.path.expanduser("~/.local/fudgec2/Storage/")
def _create_app(self, listener_type):
import Listeners.HttpListener
diff --git a/FudgeC2/ServerApp/ImplantManager.py b/FudgeC2/ServerApp/ImplantManager.py
index f0c04fe..e4afba4 100644
--- a/FudgeC2/ServerApp/ImplantManager.py
+++ b/FudgeC2/ServerApp/ImplantManager.py
@@ -172,7 +172,7 @@ def help_page():
@login_required
def GlobalListenerPage():
if app.config['listener_management'].check_tls_certificates() is False:
- flash('TLS certificates do not exist within the <install dir>/FudgeC2/Storage directory.')
+ flash('TLS certificates do not exist within the <home dir>/.local/fudgec2/Storage directory.')
return render_template("listeners/listeners.html",
test_data=app.config['listener_management'].get_active_listeners())
@@ -302,7 +302,7 @@ def export_campaign_by_cid(cid):
if filename is False:
return "False"
else:
- return send_file("../Storage/ExportedCampaigns/"+filename, as_attachment=True, attachment_filename="filename")
+ return send_file(os.path.expanduser("~/.local/fudgec2/Storage/ExportedCampaigns/")+filename, as_attachment=True, attachment_filename="filename")
else:
export_result = ExpoManager.export_campaign_database(current_user.user_email, cid)
if export_result is not False:
diff --git a/FudgeC2/ServerApp/modules/ExportManager.py b/FudgeC2/ServerApp/modules/ExportManager.py
index ed8a88d..4a3ed9f 100644
--- a/FudgeC2/ServerApp/modules/ExportManager.py
+++ b/FudgeC2/ServerApp/modules/ExportManager.py
@@ -39,7 +39,7 @@ class DbCreator:
def __init__(self, filename):
filename = filename
- path = os.getcwd() + "/Storage/ExportedCampaigns/"
+ path = os.path.expanduser("~/.local/fudgec2/Storage/ExportedCampaigns/")
database_name = filename
engine = create_engine(f"sqlite:///{path}/{database_name}?check_same_thread=False", echo=False)
@@ -52,7 +52,7 @@ class DbCreator:
class CampaignExportManager:
export_db = None
db = Database()
- file_dir = "Storage/ExportedCampaigns/"
+ file_dir = os.path.expanduser("~/.local/fudgec2/Storage/ExportedCampaigns/")
def test(self, filename, file_dir):
# check file name for uniqueness.
@@ -114,7 +114,7 @@ class CampaignExportManager:
campaign_name = self.db.campaign.Get_CampaignNameFromCID(cid)
file_name = f"{campaign_name.replace(' ', '_')}_{time.time()}"
- file_dir = "Storage/ExportedCampaigns/"
+ file_dir = os.path.expanduser("~/.local/fudgec2/Storage/ExportedCampaigns/")
a = os.listdir(file_dir)
database = file_dir + file_name
if file_name in a:
diff --git a/FudgeC2/ServerApp/templates/HelpPage.html b/FudgeC2/ServerApp/templates/HelpPage.html
index 3591447..5c787a8 100644
--- a/FudgeC2/ServerApp/templates/HelpPage.html
+++ b/FudgeC2/ServerApp/templates/HelpPage.html
@@ -62,7 +62,7 @@
<div class="col-sm-4 p-1 border-bottom"><code>:: upload_file [local filename] [[path] filename ] </code></div>
<div class="col-sm-8 p-1 border-bottom">Uploads a target file to the supplied directory. All target upload files should be placed in:<br>
- <span class="">{installation dir}/FudgeC2/Storage/implant_resources/</span>
+ <span class="">{home dir}/.local/fudgec2/Storage/implant_resources/</span>
</div>
<div class="col-sm-12 border-bottom"><pre>Under development:</pre></div>
@@ -111,4 +111,4 @@
</div>
</div>
</div>
-{% endblock %}
\ No newline at end of file
+{% endblock %}
diff --git a/FudgeC2/Storage/settings.py b/FudgeC2/Storage/settings.py
index 4d416a6..52b5c7b 100644
--- a/FudgeC2/Storage/settings.py
+++ b/FudgeC2/Storage/settings.py
@@ -1,3 +1,5 @@
+import os
+
class Settings:
version = "0.5.0"
version_name = "Goblin Alchemist"
@@ -10,8 +12,8 @@ class Settings:
# This should be set to False for any non-development/testing deployments.
server_app_debug = True
# Cert & key file names used for TLS connections. These should be PEM formatted.
- # Files will be stored in: '<install dir>/FudgeC2/Storage'.
+ # Files will be stored in: '<home dir>/.local/fudgec2/Storage'.
tls_listener_cert = "server.crt"
tls_listener_key = "server.key"
# This is the folder in which all implant file download will be sent to.
- file_download_folder = "./Storage/campaign_downloads/"
\ No newline at end of file
+ file_download_folder = os.path.expanduser("~/.local/fudgec2/Storage/campaign_downloads/")