async def export_command_list(request, user, ptype):
payload_type = unquote_plus(ptype)
try:
payload_ptype = await db_objects.get(PayloadType, ptype=payload_type)
except Exception as e:
print(e)
return json({'status': 'error', 'error': 'unable to find that payload type'})
cmdlist = []
try:
commands = await db_objects.execute(Command.select().where(Command.payload_type == payload_ptype))
for c in commands:
cmd_json = c.to_json()
del cmd_json['id']
del cmd_json['creation_time']
del cmd_json['operator']
del cmd_json['payload_type']
params = await db_objects.execute(CommandParameters.select().where(CommandParameters.command == c))
params_list = []
for p in params:
p_json = p.to_json()
del p_json['id']
del p_json['command']
del p_json['cmd']
del p_json['operator']
params_list.append(p_json)
cmd_json['parameters'] = params_list
cmdlist.append(cmd_json)
except Exception as e:
print(e)
return json({'status': 'error', 'error': 'failed to get commands for that payload type'})
return json({"payload_types": [{"name": payload_type, "commands": cmdlist}]})
async def check_command(request, user, ptype, cmd):
status = {'status': 'success'}
try:
payload_type = await db_objects.get(PayloadType, ptype=ptype)
except Exception as e:
print(e)
return json({'status': 'error', 'error': 'failed to get payload type'})
try:
command = await db_objects.get(Command,
cmd=cmd,
payload_type=payload_type)
params = await db_objects.execute(CommandParameters.select().where(
CommandParameters.command == command))
status = {
**status,
**command.to_json(), "params": [p.to_json() for p in params]
}
except Exception as e:
# the command doesn't exist yet, which is good
pass
# now check to see if the file exists
try:
file = open("./app/payloads/{}/{}".format(payload_type.ptype, cmd),
'rb')
encoded = base64.b64encode(file.read()).decode("UTF-8")
status = {**status, 'code': encoded}
except Exception as e:
# file didn't exist so just continue on
pass
return json(status)
async def get_all_commands(request, user):
all_commands = []
commands = await db_objects.execute(Command.select().order_by(Command.id))
for cmd in commands:
params = await db_objects.execute(CommandParameters.select().where(CommandParameters.command == cmd).order_by(CommandParameters.id))
all_commands.append({**cmd.to_json(), "params": [p.to_json() for p in params]})
return json(all_commands)
async def get_all_parameters_for_command(request, user, id):
try:
command = await db_objects.get(Command, id=id)
except Exception as e:
print(e)
return json({'status': 'error', 'error': 'failed to find that command'})
params = await db_objects.execute(CommandParameters.select().where(CommandParameters.command == command))
return json([p.to_json() for p in params])
async def remove_command(request, user, id):
try:
command = await db_objects.get(Command, id=id)
params = await db_objects.execute(CommandParameters.select().where(CommandParameters.command == command))
for p in params:
await db_objects.delete(p, recursive=True)
await db_objects.delete(command, recursive=True)
return json({'status': 'success', **command.to_json()})
except Exception as e:
print(e)
return json({'status': 'error', 'error': str(e)})
async def get_commands_for_payloadtype(request, user, ptype):
payload_type = unquote_plus(ptype)
try:
payloadtype = await db_objects.get(PayloadType, ptype=payload_type)
except Exception as e:
print(e)
return json({'status': 'error', 'error': 'failed to get payload type'})
commands = await db_objects.execute(Command.select().where(Command.payload_type == payloadtype).order_by(Command.cmd))
all_commands = []
for cmd in commands:
params = await db_objects.execute(CommandParameters.select().where(CommandParameters.command == cmd))
all_commands.append({**cmd.to_json(), "params": [p.to_json() for p in params]})
status = {'status': 'success'}
return json({**status, 'commands': all_commands})
async def export_command_list(request, user, ptype):
payload_type = unquote_plus(ptype)
try:
payload_ptype = await db_objects.get(PayloadType, ptype=payload_type)
operation = await db_objects.get(Operation,
name=user['current_operation'])
except Exception as e:
print(e)
return json({
'status': 'error',
'error': 'unable to find that payload type'
})
cmdlist = []
try:
payloadtype_json = payload_ptype.to_json()
del payloadtype_json['id']
del payloadtype_json['operator']
del payloadtype_json['creation_time']
payloadtype_json['files'] = []
for file in glob.iglob(
"./app/payloads/{}/payload/*".format(payload_type)):
payload_file = open(file, 'rb')
file_dict = {
file.split("/")[-1]:
base64.b64encode(payload_file.read()).decode('utf-8')
}
payloadtype_json['files'].append(file_dict)
commands = await db_objects.execute(
Command.select().where(Command.payload_type == payload_ptype))
for c in commands:
cmd_json = c.to_json()
del cmd_json['id']
del cmd_json['creation_time']
del cmd_json['operator']
del cmd_json['payload_type']
params = await db_objects.execute(CommandParameters.select().where(
CommandParameters.command == c))
params_list = []
for p in params:
p_json = p.to_json()
del p_json['id']
del p_json['command']
del p_json['cmd']
del p_json['operator']
del p_json['payload_type']
params_list.append(p_json)
cmd_json['parameters'] = params_list
attacks = await db_objects.execute(
ATTACKCommand.select().where(ATTACKCommand.command == c))
attack_list = []
for a in attacks:
a_json = a.to_json()
del a_json['command']
del a_json['command_id']
del a_json['id']
attack_list.append(a_json)
cmd_json['attack'] = attack_list
artifacts = await db_objects.execute(
ArtifactTemplate.select().where(ArtifactTemplate.command == c))
artifact_list = []
for a in artifacts:
a_json = {
"command_parameter": a.command_parameter,
"artifact": a.artifact.name,
"artifact_string": a.artifact_string,
"replace_string": a.replace_string
}
artifact_list.append(a_json)
cmd_json['artifacts'] = artifact_list
cmd_file = open(
"./app/payloads/{}/commands/{}".format(payload_type, c.cmd),
'rb')
cmd_json['file'] = base64.b64encode(
cmd_file.read()).decode('utf-8')
cmdlist.append(cmd_json)
# get all the c2 profiles we can that match up with this payload type for the current operation
profiles = await db_objects.execute(
PayloadTypeC2Profile.select().where(
PayloadTypeC2Profile.payload_type == payload_ptype).join(
C2Profile).where(C2Profile.operation == operation))
profiles_dict = {}
for p in profiles:
files = []
for profile_file in glob.iglob(
"./app/c2_profiles/{}/{}/{}/*".format(
operation.name, p.c2_profile.name, payload_type)):
file_contents = open(profile_file, 'rb')
file_dict = {
profile_file.split("/")[-1]:
base64.b64encode(file_contents.read()).decode('utf-8')
}
files.append(file_dict)
profiles_dict[p.c2_profile.name] = files
payloadtype_json['c2_profiles'] = profiles_dict
# get all of the module load transformations
load_transforms = await db_objects.execute(Transform.select().where(
(Transform.t_type == "load")
& (Transform.payload_type == payload_ptype)))
load_transforms_list = []
for lt in load_transforms:
lt_json = lt.to_json()
del lt_json['payload_type']
del lt_json['operator']
del lt_json['timestamp']
del lt_json['t_type']
del lt_json['id']
load_transforms_list.append(lt_json)
payloadtype_json['load_transforms'] = load_transforms_list
# get all of the payload creation transformations
create_transforms = await db_objects.execute(Transform.select().where(
(Transform.t_type == "create")
& (Transform.payload_type == payload_ptype)))
create_transforms_list = []
for ct in create_transforms:
ct_json = ct.to_json()
del ct_json['payload_type']
del ct_json['operator']
del ct_json['timestamp']
del ct_json['t_type']
del ct_json['id']
create_transforms_list.append(ct_json)
payloadtype_json['create_transforms'] = create_transforms_list
except Exception as e:
print(e)
return json({
'status':
'error',
'error':
'failed to get information for that payload type: ' + str(e)
})
return json({"payload_types": [{**payloadtype_json, "commands": cmdlist}]})