class PayloadType(p.Model):
ptype = p.CharField(null=False, unique=True) # name of the payload type
operator = p.ForeignKeyField(Operator, null=False)
creation_time = p.DateTimeField(null=False,
default=datetime.datetime.utcnow)
file_extension = p.CharField(null=True)
# if this type requires another payload to be already created
wrapper = p.BooleanField(default=False, null=False)
# which payload is this one wrapping
wrapped_payload_type = p.ForeignKeyField(p.DeferredRelation('PayloadType'),
null=True)
# allow the ability to specify a template for people tha want to extend the payload type with more commands
command_template = p.TextField(null=False, default="")
class Meta:
database = apfell_db
def to_json(self):
r = {}
for k in self._data.keys():
try:
if k == 'operator':
r[k] = getattr(self, k).username
elif k == 'wrapped_payload_type':
r[k] = getattr(self, k).ptype
else:
r[k] = getattr(self, k)
except:
r[k] = json.dumps(getattr(self, k))
r['creation_time'] = r['creation_time'].strftime('%m/%d/%Y %H:%M:%S')
return r
def __str__(self):
return str(self.to_json())
class Payload(p.Model):
# this is actually a sha256 from other information about the payload
uuid = p.TextField(unique=True, null=False)
# tag a payload with information like spearphish, custom bypass, lat mov, etc (indicates "how")
tag = p.TextField(null=True)
# creator of the payload, cannot be null! must be attributed to somebody (indicates "who")
operator = p.ForeignKeyField(Operator, null=False)
creation_time = p.DateTimeField(default=datetime.datetime.utcnow, null=False) # (indicates "when")
# this is fine because this is an instance of a payload, so it's tied to one PayloadType
payload_type = p.ForeignKeyField(PayloadType, null=False)
# this will signify if a current callback made / spawned a new callback that's checking in
# this helps track how we're getting callbacks (which payloads/tags/parents/operators)
pcallback = p.ForeignKeyField(p.DeferredRelation('Callback'), null=True)
location = p.CharField(null=True) # location on disk of the payload
c2_profile = p.ForeignKeyField(C2Profile, null=False) # identify which C2 profile is being used
operation = p.ForeignKeyField(Operation, null=False)
wrapped_payload = p.ForeignKeyField(p.DeferredRelation('Payload'), null=True)
deleted = p.BooleanField(null=False, default=False)
class Meta:
database = apfell_db
def to_json(self):
r = {}
for k in self._data.keys():
try:
if k == 'operator':
r[k] = getattr(self, k).username
elif k == 'pcallback':
r[k] = getattr(self, k).id
elif k == 'c2_profile':
r[k] = getattr(self, k).name
elif k == 'payload_type':
r[k] = getattr(self, k).ptype
elif k == 'operation':
r[k] = getattr(self, k).name
elif k == 'wrapped_payload':
r[k] = getattr(self, k).uuid
else:
r[k] = getattr(self, k)
except:
r[k] = json.dumps(getattr(self, k))
r['creation_time'] = r['creation_time'].strftime('%m/%d/%Y %H:%M:%S')
return r
def __str__(self):
return str(self.to_json())
class Callback(p.Model):
init_callback = p.DateTimeField(default=datetime.datetime.utcnow, null=False)
last_checkin = p.DateTimeField(default=datetime.datetime.utcnow, null=False)
user = p.CharField(null=False)
host = p.CharField(null=False)
pid = p.IntegerField(null=False)
ip = p.CharField(max_length=100, null=False)
description = p.TextField(null=True)
operator = p.ForeignKeyField(Operator, null=False)
active = p.BooleanField(default=True, null=False)
# keep track of the parent callback from this one
pcallback = p.ForeignKeyField(p.DeferredRelation('Callback'), null=True)
registered_payload = p.ForeignKeyField(Payload, null=False) # what payload is associated with this callback
integrity_level = p.IntegerField(null=True, default=2) # keep track of a callback's integrity level, check default integrity level numbers though and what they correspond to. Might be different for windows/mac/linuxl
operation = p.ForeignKeyField(Operation, null=False)
# the following information comes from the c2 profile if it wants to provide some form of encryption
encryption_type = p.CharField(null=True) # the kind of encryption on this callback (aes, xor, rc4, etc)
decryption_key = p.TextField(null=True) # base64 of the key to use to decrypt traffic
encryption_key = p.TextField(null=True) # base64 of the key to use to encrypt traffic
class Meta:
database = apfell_db
def to_json(self):
r = {}
for k in self._data.keys():
try:
if k == 'pcallback':
r[k] = getattr(self, k).id
elif k == 'operator':
r[k] = getattr(self, k).username
elif k == 'registered_payload' and getattr(self, k) is not None and getattr(self, k) != "null":
r[k] = getattr(self, k).uuid
r['payload_type'] = getattr(self, k).payload_type.ptype
r['c2_profile'] = getattr(self, k).c2_profile.name
r['payload_description'] = getattr(self, k).tag
elif k == 'operation':
r[k] = getattr(self, k).name
elif k == 'encryption_key' or k == 'decryption_key' or k == 'encryption_type':
pass # we don't need to include these things all over the place, explicitly ask for them for more control
else:
r[k] = getattr(self, k)
except:
r[k] = json.dumps(getattr(self, k))
r['init_callback'] = r['init_callback'].strftime('%m/%d/%Y %H:%M:%S')
r['last_checkin'] = r['last_checkin'].strftime('%m/%d/%Y %H:%M:%S')
return r
def __str__(self):
return str(self.to_json())
class Callback(p.Model):
init_callback = p.DateTimeField(default=datetime.datetime.now, null=False)
last_checkin = p.DateTimeField(default=datetime.datetime.now, null=False)
user = p.CharField(null=False)
host = p.CharField(null=False)
pid = p.IntegerField(null=False)
ip = p.CharField(max_length=100, null=False)
description = p.CharField(max_length=1024, null=True)
operator = p.ForeignKeyField(Operator, null=False)
active = p.BooleanField(default=True, null=False)
# keep track of the parent callback from this one
pcallback = p.ForeignKeyField(p.DeferredRelation('Callback'), null=True)
registered_payload = p.ForeignKeyField(
Payload, null=False) # what payload is associated with this callback
integrity_level = p.IntegerField(
null=True, default=2
) # keep track of a callback's integrity level, check default integrity level numbers though and what they correspond to. Might be different for windows/mac/linuxl
operation = p.ForeignKeyField(Operation, null=False)
class Meta:
unique_together = ['host', 'pid']
database = apfell_db
def to_json(self):
r = {}
for k in self._data.keys():
try:
if k == 'pcallback':
r[k] = getattr(self, k).id
elif k == 'operator':
r[k] = getattr(self, k).username
elif k == 'registered_payload':
r[k] = getattr(self, k).uuid
r['payload_type'] = getattr(self, k).payload_type.ptype
elif k == 'operation':
r[k] = getattr(self, k).name
else:
r[k] = getattr(self, k)
except:
r[k] = json.dumps(getattr(self, k))
r['init_callback'] = r['init_callback'].strftime('%m/%d/%Y %H:%M:%S')
r['last_checkin'] = r['last_checkin'].strftime('%m/%d/%Y %H:%M:%S')
return r
def __str__(self):
return str(self.to_json())
class Operator(p.Model):
username = p.CharField(max_length=64, unique=True, null=False)
password = p.CharField(max_length=1024, null=False)
admin = p.BooleanField(null=True, default=False)
creation_time = p.DateTimeField(default=datetime.datetime.utcnow,
null=False)
last_login = p.DateTimeField(default=None, null=True)
# option to simply de-activate an account instead of delete it so you keep all your relational data intact
active = p.BooleanField(null=False, default=True)
current_operation = p.ForeignKeyField(p.DeferredRelation('Operation'),
null=True)
class Meta:
ordering = [
'-id',
]
database = apfell_db
def to_json(self):
r = {}
for k in self._data.keys():
try:
if k == 'current_operation':
r[k] = getattr(self, k).name
elif k != 'password':
r[k] = getattr(self, k)
except:
r[k] = json.dumps(getattr(self, k))
r['creation_time'] = r['creation_time'].strftime('%m/%d/%Y %H:%M:%S')
if 'last_login' in r and r['last_login'] is not None:
r['last_login'] = r['last_login'].strftime('%m/%d/%Y %H:%M:%S')
else:
r['last_login'] = "" # just indicate that account created, but they never logged in
return r
def __str__(self):
return str(self.to_json())
async def check_password(self, password):
temp_pass = await crypto.hash_SHA512(password)
return self.password.lower() == temp_pass.lower()
async def hash_password(self, password):
return await crypto.hash_SHA512(password)
class Payload(p.Model):
# this is actually a sha256 from other information about the payload
uuid = p.CharField(unique=True, null=True)
# tag a payload with information like spearphish, custom bypass, lat mov, etc (indicates "how")
tag = p.CharField(null=True)
# creator of the payload, cannot be null! must be attributed to somebody (indicates "who")
operator = p.ForeignKeyField(Operator, null=False)
creation_time = p.DateTimeField(default=datetime.datetime.now,
null=False) # (indicates "when")
payload_type = p.CharField(null=False)
# this will signify if a current callback made / spawned a new callback that's checking in
# this helps track how we're getting callbacks (which payloads/tags/parents/operators)
pcallback = p.ForeignKeyField(p.DeferredRelation('Callback'), null=True)
callback_host = p.CharField(null=False)
callback_port = p.IntegerField(null=False)
obfuscation = p.BooleanField(null=False)
callback_interval = p.IntegerField(null=False)
use_ssl = p.BooleanField(null=False)
location = p.CharField(null=True) # location on disk of the payload
class Meta:
database = apfell_db
async def create_uuid(self, info):
hash = await crypto.hash_SHA256(info)
return hash
def to_json(self):
r = {}
for k in self._data.keys():
try:
if k == 'operator':
r[k] = getattr(self, k).username
elif k == 'pcallback':
r[k] = getattr(self, k).id
else:
r[k] = getattr(self, k)
except:
r[k] = json.dumps(getattr(self, k))
r['creation_time'] = r['creation_time'].strftime('%m/%d/%Y %H:%M:%S')
return r
def __str__(self):
return str(self.to_json())
class Operator(p.Model):
default_dark_config = json.dumps({
"background-color": "#303030",
"text-color": "#66b3ff",
"hover": "#b3b3b3",
"highlight": "#b3b3b3",
"autocomplete": "#303030",
"highlight-text": "black",
"timestamp": "#b3ffff",
"operator": "#ffb3b3",
"display": "#d9b3ff",
"new-callback-color": "dark",
"new-callback-hue": "purple",
"well-bg": "#000000",
"primary-pane": "#001f4d",
"primary-pane-text-color": "#ccffff",
"primary-button": "#001f4d",
"primary-button-text-color": "white",
"primary-button-hover": "#0000cc",
"primary-button-hover-text-color": "white",
"info-pane": "#330066",
"info-pane-text-color": "#e6ccff",
"info-button": "#330066",
"info-button-text-color": "#f3e6ff",
"info-button-hover": "#5900b3",
"info-button-hover-text-color": "#f3e6ff",
"success-pane": "#003300",
"success-pane-text-color": "#b3ffb3",
"success-button": "#004d00",
"success-button-text-color": "white",
"success-button-hover": "#006600",
"success-button-hover-text-color": "white",
"danger-pane": "#800000",
"danger-pane-text-color": "white",
"danger-button": "#4d0000",
"danger-button-text-color": "white",
"danger-button-hover": "#800000",
"danger-button-hover-text-color": "white",
"warning-pane": "#330000",
"warning-pane-text-color": "#e6ccff",
"warning-button": "#804300",
"warning-button-text-color": "white",
"warning-button-hover": "#b35900",
"warning-button-hover-text-color": "white",
"table-headers": "#000000",
"operation-color": "white",
"interact-button-color": "#330066",
"interact-button-text": "#FFFFFF",
"interact-button-dropdown": "#6666FF",
"success_highlight": "#303030",
"failure_highlight": "#660000",
"top-caret": "white"
})
default_config = json.dumps({
"background-color": "#f4f4f4",
"text-color": "#000000",
"hover": "#cce6ff",
"highlight": "#cce6ff",
"autocomplete": "#e6f3ff",
"highlight-text": "blue",
"timestamp": "blue",
"operator": "#b366ff",
"display": "red",
"new-callback-color": "light",
"new-callback-hue": "",
"well-bg": "#E5E5E5",
"primary-pane": "",
"primary-pane-text-color": "",
"primary-button": "",
"primary-button-text-color": "",
"primary-button-hover": "",
"primary-button-hover-text-color": "",
"info-pane": "",
"info-pane-text-color": "",
"info-button": "",
"info-button-text-color": "",
"info-button-hover": "",
"info-button-hover-text-color": "",
"success-pane": "",
"success-pane-text-color": "",
"success-button": "",
"success-button-text-color": "",
"success-button-hover": "",
"success-button-hover-text-color": "",
"danger-pane": "",
"danger-pane-text-color": "",
"danger-button": "",
"danger-button-text-color": "",
"danger-button-hover": "",
"danger-button-hover-text-color": "",
"warning-pane": "",
"warning-pane-text-color": "",
"warning-button": "",
"warning-button-text-color": "",
"warning-button-hover": "",
"warning-button-hover-text-color": "",
"table-headers": "#F1F1F1",
"operation-color": "green",
"interact-button-color": "",
"interact-button-text": "",
"interact-button-dropdown": "",
"success_highlight": "#d5fdd5",
"failure_highlight": "#f68d8d",
"top-caret": "white"
})
username = p.TextField(unique=True, null=False)
password = p.TextField(null=False)
admin = p.BooleanField(null=True, default=False)
creation_time = p.DateTimeField(default=datetime.datetime.utcnow,
null=False)
last_login = p.DateTimeField(default=None, null=True)
# option to simply de-activate an account instead of delete it so you keep all your relational data intact
active = p.BooleanField(null=False, default=True)
current_operation = p.ForeignKeyField(p.DeferredRelation('Operation'),
null=True)
ui_config = p.TextField(null=False, default=default_config)
class Meta:
ordering = [
'-id',
]
database = apfell_db
def to_json(self):
r = {}
for k in self._data.keys():
try:
if k == 'current_operation':
r[k] = getattr(self, k).name
elif k != 'password' and 'default' not in k:
r[k] = getattr(self, k)
except:
r[k] = json.dumps(getattr(self, k))
r['creation_time'] = r['creation_time'].strftime('%m/%d/%Y %H:%M:%S')
if 'last_login' in r and r['last_login'] is not None:
r['last_login'] = r['last_login'].strftime('%m/%d/%Y %H:%M:%S')
else:
r['last_login'] = "" # just indicate that account created, but they never logged in
return r
def __str__(self):
return str(self.to_json())
async def check_password(self, password):
temp_pass = await crypto.hash_SHA512(password)
return self.password.lower() == temp_pass.lower()
async def hash_password(self, password):
return await crypto.hash_SHA512(password)
def DeferredForeignKey(*args):
pw.ForeignKeyField(pw.DeferredRelation(*args))
# overplaying protection
last_played = peewee.DateTimeField()
credit_count = peewee.IntegerField()
# automatic playlist
listener_count = peewee.IntegerField(default=0)
skip_vote_count = peewee.IntegerField(default=0)
has_failed = peewee.BooleanField(default=False)
# song may be duplicated using multiple sources
duplicate = peewee.ForeignKeyField('self', null=True)
# we will need this to resolve a foreign key loop
DeferredUser = peewee.DeferredRelation()
DeferredLink = peewee.DeferredRelation()
# Table for storing playlists, as many as user wants
class Playlist(DdmBotSchema):
id = peewee.PrimaryKeyField()
# playlist is owned by a user
user = peewee.ForeignKeyField(DeferredUser)
# for an identifier, we choose a "nice enough" name
name = peewee.CharField()
# the first song of the playlist
head = peewee.ForeignKeyField(DeferredLink, null=True, default=None)
# playlist may be set to repeat itself, this is default except to implicit one
repeat = peewee.BooleanField(default=True)
class SomeModel(pw.Model):
some_model2 = pw.ForeignKeyField(pw.DeferredRelation('SomeModel2'))
class Meta:
database = self.db
NOT_FREE = 0
STUDY_HALL = 1
LUNCH = 2
FREE_PERIOD = 3
class location(Enum):
LIBRARY = 1
class _Model(p.Model):
class Meta:
database = db
deferred_log = p.DeferredRelation()
class Student(_Model):
sid = p.BigIntegerField(primary_key=True)
grade = p.SmallIntegerField()
last_log = p.ForeignKeyField(deferred_log, null=True)
def __repr__(self):
return 'Student(sid={}, grade={}, last_log={})'.format(
self.sid, self.grade, self.last_log.id)
class FreePeriod(_Model):
student = p.ForeignKeyField(Student, related_name='free_periods')
period = p.SmallIntegerField()
