def handle_deaddrop_visit(self, query): self.send_response(200) self.end_headers() data = self.get_query('token') if not data: self.logger.warning('dead drop request received with no \'token\' parameter') return try: data = base64.b64decode('base64') except binascii.Error: self.logger.error('dead drop request received with invalid \'token\' data') return data = xor.xor_decode(data) try: data = json.loads(data) except ValueError: self.logger.error('dead drop request received with invalid \'token\' data') return session = db_manager.Session() deployment = db_manager.get_row_by_id(session, db_models.DeaddropDeployment, data.get('deaddrop_id')) if not deployment: session.close() self.logger.error('dead drop request received for an unknown campaign') return local_username = data.get('local_username') local_hostname = data.get('local_hostname') if local_username == None or local_hostname == None: session.close() self.logger.error('dead drop request received with missing data') return local_ip_addresses = data.get('local_ip_addresses') if isinstance(local_ip_addresses, (list, tuple)): local_ip_addresses = ' '.join(local_ip_addresses) query = session.query(db_models.DeaddropConnection) query = query.filter_by(id=deployment.id, local_username=local_username, local_hostname=local_hostname) connection = query.first() if connection: connection.visit_count += 1 else: connection = db_models.Connection(campaign_id=deployment.campaign_id, deployment_id=deployment.id) connection.visitor_ip = self.client_address connection.local_username = local_username connection.local_hostname = local_hostname connection.local_ip_addresses = local_ip_addresses session.add(connection) session.commit() query = session.query(db_models.DeaddropConnection) query = query.filter_by(campaign_id=deployment.campaign_id) visit_count = query.count() session.close() if visit_count > 0 and ((visit_count in [1, 3, 5]) or ((visit_count % 10) == 0)): alert_text = "{0} deaddrop connections reached for campaign: {{campaign_name}}".format(visit_count) self.server.job_manager.job_run(self.issue_alert, (alert_text, campaign_id)) return
def handle_deaddrop_visit(self, query): self.send_response(200) self.end_headers() data = self.get_query_parameter('token') if not data: self.logger.warning('dead drop request received with no \'token\' parameter') return try: data = data.decode('base64') except binascii.Error: self.logger.error('dead drop request received with invalid \'token\' data') return data = xor.xor_decode(data) try: data = json.loads(data) except ValueError: self.logger.error('dead drop request received with invalid \'token\' data') return deployment_id = data.get('deaddrop_id') with self.get_cursor() as cursor: cursor.execute('SELECT campaign_id FROM deaddrop_deployments WHERE id = ?', (deployment_id,)) campaign_id = cursor.fetchone() if not campaign_id: return campaign_id = campaign_id[0] local_username = data.get('local_username') local_hostname = data.get('local_hostname') if campaign_id == None or local_username == None or local_hostname == None: return local_ip_addresses = data.get('local_ip_addresses') if isinstance(local_ip_addresses, (list, tuple)): local_ip_addresses = ' '.join(local_ip_addresses) with self.get_cursor() as cursor: cursor.execute('SELECT id FROM deaddrop_connections WHERE deployment_id = ? AND local_username = ? AND local_hostname = ?', (deployment_id, local_username, local_hostname)) drop_id = cursor.fetchone() if drop_id: drop_id = drop_id[0] cursor.execute('UPDATE deaddrop_connections SET visit_count = visit_count + 1, last_visit = CURRENT_TIMESTAMP WHERE id = ?', (drop_id,)) return values = (deployment_id, campaign_id, self.client_address[0], local_username, local_hostname, local_ip_addresses) cursor.execute('INSERT INTO deaddrop_connections (deployment_id, campaign_id, visitor_ip, local_username, local_hostname, local_ip_addresses) VALUES (?, ?, ?, ?, ?, ?)', values) visit_count = self.query_count('SELECT COUNT(id) FROM deaddrop_connections WHERE campaign_id = ?', (campaign_id,)) if visit_count > 0 and ((visit_count in [1, 3, 5]) or ((visit_count % 10) == 0)): alert_text = "{0} deaddrop connections reached for campaign: {{campaign_name}}".format(visit_count) self.server.job_manager.job_run(self.issue_alert, (alert_text, campaign_id)) return
def handle_deaddrop_visit(self, query): self.send_response(200) self.end_headers() data = self.get_query('token') if not data: self.logger.warning( 'dead drop request received with no \'token\' parameter') return try: data = base64.b64decode(data) except (binascii.Error, TypeError): self.logger.error( 'dead drop request received with invalid \'token\' data') return data = xor.xor_decode(data) try: data = json.loads(data) except ValueError: self.logger.error( 'dead drop request received with invalid \'token\' data') return session = db_manager.Session() deployment = db_manager.get_row_by_id(session, db_models.DeaddropDeployment, data.get('deaddrop_id')) if not deployment: session.close() self.logger.error( 'dead drop request received for an unknown campaign') return if deployment.campaign.has_expired: session.close() self.logger.info( 'dead drop request received for an expired campaign') return local_username = data.get('local_username') local_hostname = data.get('local_hostname') if local_username is None or local_hostname is None: session.close() self.logger.error('dead drop request received with missing data') return local_ip_addresses = data.get('local_ip_addresses') if isinstance(local_ip_addresses, (list, tuple)): local_ip_addresses = ' '.join(local_ip_addresses) query = session.query(db_models.DeaddropConnection) query = query.filter_by(deployment_id=deployment.id, local_username=local_username, local_hostname=local_hostname) connection = query.first() if connection: connection.visit_count += 1 new_connection = False else: connection = db_models.DeaddropConnection( campaign_id=deployment.campaign_id, deployment_id=deployment.id) connection.visitor_ip = self.get_client_ip() connection.local_username = local_username connection.local_hostname = local_hostname connection.local_ip_addresses = local_ip_addresses session.add(connection) new_connection = True session.commit() query = session.query(db_models.DeaddropConnection) query = query.filter_by(campaign_id=deployment.campaign_id) visit_count = query.count() session.close() if new_connection and visit_count > 0 and ( (visit_count in [1, 3, 5]) or ((visit_count % 10) == 0)): alert_text = "{0} deaddrop connections reached for campaign: {{campaign_name}}".format( visit_count) self.server.job_manager.job_run( self.issue_alert, (alert_text, deployment.campaign_id)) return
def handle_deaddrop_visit(self, query): self.send_response(200) self.end_headers() data = self.get_query('token') if not data: self.logger.warning('dead drop request received with no \'token\' parameter') return try: data = base64.b64decode(data) except (binascii.Error, TypeError): self.logger.error('dead drop request received with invalid \'token\' data') return data = xor.xor_decode(data) try: data = json.loads(data) except ValueError: self.logger.error('dead drop request received with invalid \'token\' data') return deaddrop_id = data.get('deaddrop_id') if deaddrop_id is None: self.logger.error('dead drop request received with no \'deaddrop_id\' key') return elif deaddrop_id == self.config.get('server.secret_id'): # this allows us to test the logic to this point at least self.logger.debug('dead drop request received with the test id') return self.semaphore_acquire() deployment = db_manager.get_row_by_id(self._session, db_models.DeaddropDeployment, deaddrop_id) if not deployment: self.semaphore_release() self.logger.error('dead drop request received for an unknown campaign') return if deployment.campaign.has_expired: self.semaphore_release() self.logger.info('dead drop request received for an expired campaign') return local_username = data.get('local_username') local_hostname = data.get('local_hostname') if local_username is None or local_hostname is None: self.semaphore_release() self.logger.error('dead drop request received with missing data') return local_ip_addresses = data.get('local_ip_addresses') if isinstance(local_ip_addresses, (list, tuple)): local_ip_addresses = ' '.join(local_ip_addresses) query = self._session.query(db_models.DeaddropConnection) query = query.filter_by(deployment_id=deployment.id, local_username=local_username, local_hostname=local_hostname) connection = query.first() if connection: connection.count += 1 connection.last_seen = db_models.current_timestamp() new_connection = False else: connection = db_models.DeaddropConnection(campaign_id=deployment.campaign_id, deployment_id=deployment.id) connection.ip = self.get_client_ip() connection.local_username = local_username connection.local_hostname = local_hostname connection.local_ip_addresses = local_ip_addresses self._session.add(connection) new_connection = True self._session.commit() query = self._session.query(db_models.DeaddropConnection) query = query.filter_by(campaign_id=deployment.campaign_id) visit_count = query.count() self.semaphore_release() if new_connection and visit_count > 0 and ((visit_count in [1, 3, 5]) or ((visit_count % 10) == 0)): self.server.job_manager.job_run(self.issue_alert, (deployment.campaign_id, 'deaddrop_connections', visit_count)) return
def handle_deaddrop_visit(self, query): self.send_response(200) self.end_headers() data = self.get_query("token") if not data: self.logger.warning("dead drop request received with no 'token' parameter") return try: data = base64.b64decode(data) except (binascii.Error, TypeError): self.logger.error("dead drop request received with invalid 'token' data") return data = xor.xor_decode(data) try: data = json.loads(data) except ValueError: self.logger.error("dead drop request received with invalid 'token' data") return session = db_manager.Session() deployment = db_manager.get_row_by_id(session, db_models.DeaddropDeployment, data.get("deaddrop_id")) if not deployment: session.close() self.logger.error("dead drop request received for an unknown campaign") return if deployment.campaign.has_expired: session.close() self.logger.info("dead drop request received for an expired campaign") return local_username = data.get("local_username") local_hostname = data.get("local_hostname") if local_username is None or local_hostname is None: session.close() self.logger.error("dead drop request received with missing data") return local_ip_addresses = data.get("local_ip_addresses") if isinstance(local_ip_addresses, (list, tuple)): local_ip_addresses = " ".join(local_ip_addresses) query = session.query(db_models.DeaddropConnection) query = query.filter_by( deployment_id=deployment.id, local_username=local_username, local_hostname=local_hostname ) connection = query.first() if connection: connection.visit_count += 1 new_connection = False else: connection = db_models.DeaddropConnection(campaign_id=deployment.campaign_id, deployment_id=deployment.id) connection.visitor_ip = self.get_client_ip() connection.local_username = local_username connection.local_hostname = local_hostname connection.local_ip_addresses = local_ip_addresses session.add(connection) new_connection = True session.commit() query = session.query(db_models.DeaddropConnection) query = query.filter_by(campaign_id=deployment.campaign_id) visit_count = query.count() session.close() if new_connection and visit_count > 0 and ((visit_count in [1, 3, 5]) or ((visit_count % 10) == 0)): alert_text = "{0} deaddrop connections reached for campaign: {{campaign_name}}".format(visit_count) self.server.job_manager.job_run(self.issue_alert, (alert_text, deployment.campaign_id)) return
def handle_deaddrop_visit(self, query): self.send_response(200) self.end_headers() data = self.get_query('token') if not data: self.logger.warning('dead drop request received with no \'token\' parameter') return try: data = base64.b64decode(data) except (binascii.Error, TypeError): self.logger.error('dead drop request received with invalid \'token\' data') return data = xor.xor_decode(data) try: data = json.loads(data) except ValueError: self.logger.error('dead drop request received with invalid \'token\' data') return self.semaphore_acquire() session = db_manager.Session() deployment = db_manager.get_row_by_id(session, db_models.DeaddropDeployment, data.get('deaddrop_id')) if not deployment: session.close() self.semaphore_release() self.logger.error('dead drop request received for an unknown campaign') return if deployment.campaign.has_expired: session.close() self.semaphore_release() self.logger.info('dead drop request received for an expired campaign') return local_username = data.get('local_username') local_hostname = data.get('local_hostname') if local_username is None or local_hostname is None: session.close() self.semaphore_release() self.logger.error('dead drop request received with missing data') return local_ip_addresses = data.get('local_ip_addresses') if isinstance(local_ip_addresses, (list, tuple)): local_ip_addresses = ' '.join(local_ip_addresses) query = session.query(db_models.DeaddropConnection) query = query.filter_by(deployment_id=deployment.id, local_username=local_username, local_hostname=local_hostname) connection = query.first() if connection: connection.count += 1 connection.last_seen = db_models.current_timestamp() new_connection = False else: connection = db_models.DeaddropConnection(campaign_id=deployment.campaign_id, deployment_id=deployment.id) connection.ip = self.get_client_ip() connection.local_username = local_username connection.local_hostname = local_hostname connection.local_ip_addresses = local_ip_addresses session.add(connection) new_connection = True session.commit() query = session.query(db_models.DeaddropConnection) query = query.filter_by(campaign_id=deployment.campaign_id) visit_count = query.count() session.close() self.semaphore_release() if new_connection and visit_count > 0 and ((visit_count in [1, 3, 5]) or ((visit_count % 10) == 0)): self.server.job_manager.job_run(self.issue_alert, (deployment.campaign_id, 'deaddrop_connections', visit_count)) return