コード例 #1
0
ファイル: server.py プロジェクト: vysecurity/king-phisher
    def handle_deaddrop_visit(self, query):
        self.send_response(200)
        self.end_headers()

        data = self.get_query('token')
        if not data:
            self.logger.warning(
                'dead drop request received with no \'token\' parameter')
            return
        try:
            data = base64.b64decode(data)
        except (binascii.Error, TypeError):
            self.logger.error(
                'dead drop request received with invalid \'token\' data')
            return
        data = xor.xor_decode(data)
        try:
            data = json.loads(data)
        except ValueError:
            self.logger.error(
                'dead drop request received with invalid \'token\' data')
            return

        session = db_manager.Session()
        deployment = db_manager.get_row_by_id(session,
                                              db_models.DeaddropDeployment,
                                              data.get('deaddrop_id'))
        if not deployment:
            session.close()
            self.logger.error(
                'dead drop request received for an unknown campaign')
            return
        if deployment.campaign.has_expired:
            session.close()
            self.logger.info(
                'dead drop request received for an expired campaign')
            return

        local_username = data.get('local_username')
        local_hostname = data.get('local_hostname')
        if local_username is None or local_hostname is None:
            session.close()
            self.logger.error('dead drop request received with missing data')
            return
        local_ip_addresses = data.get('local_ip_addresses')
        if isinstance(local_ip_addresses, (list, tuple)):
            local_ip_addresses = ' '.join(local_ip_addresses)

        query = session.query(db_models.DeaddropConnection)
        query = query.filter_by(deployment_id=deployment.id,
                                local_username=local_username,
                                local_hostname=local_hostname)
        connection = query.first()
        if connection:
            connection.visit_count += 1
            new_connection = False
        else:
            connection = db_models.DeaddropConnection(
                campaign_id=deployment.campaign_id,
                deployment_id=deployment.id)
            connection.visitor_ip = self.get_client_ip()
            connection.local_username = local_username
            connection.local_hostname = local_hostname
            connection.local_ip_addresses = local_ip_addresses
            session.add(connection)
            new_connection = True
        session.commit()

        query = session.query(db_models.DeaddropConnection)
        query = query.filter_by(campaign_id=deployment.campaign_id)
        visit_count = query.count()
        session.close()
        if new_connection and visit_count > 0 and (
            (visit_count in [1, 3, 5]) or ((visit_count % 10) == 0)):
            alert_text = "{0} deaddrop connections reached for campaign: {{campaign_name}}".format(
                visit_count)
            self.server.job_manager.job_run(
                self.issue_alert, (alert_text, deployment.campaign_id))
        return
コード例 #2
0
ファイル: server.py プロジェクト: quitheshit/king-phisherxx
	def handle_deaddrop_visit(self, query):
		self.send_response(200)
		self.end_headers()

		data = self.get_query('token')
		if not data:
			self.logger.warning('dead drop request received with no \'token\' parameter')
			return
		try:
			data = base64.b64decode(data)
		except (binascii.Error, TypeError):
			self.logger.error('dead drop request received with invalid \'token\' data')
			return
		data = xor.xor_decode(data)
		try:
			data = json.loads(data)
		except ValueError:
			self.logger.error('dead drop request received with invalid \'token\' data')
			return

		deaddrop_id = data.get('deaddrop_id')
		if deaddrop_id is None:
			self.logger.error('dead drop request received with no \'deaddrop_id\' key')
			return
		elif deaddrop_id == self.config.get('server.secret_id'):
			# this allows us to test the logic to this point at least
			self.logger.debug('dead drop request received with the test id')
			return

		self.semaphore_acquire()
		deployment = db_manager.get_row_by_id(self._session, db_models.DeaddropDeployment, deaddrop_id)
		if not deployment:
			self.semaphore_release()
			self.logger.error('dead drop request received for an unknown campaign')
			return
		if deployment.campaign.has_expired:
			self.semaphore_release()
			self.logger.info('dead drop request received for an expired campaign')
			return

		local_username = data.get('local_username')
		local_hostname = data.get('local_hostname')
		if local_username is None or local_hostname is None:
			self.semaphore_release()
			self.logger.error('dead drop request received with missing data')
			return
		local_ip_addresses = data.get('local_ip_addresses')
		if isinstance(local_ip_addresses, (list, tuple)):
			local_ip_addresses = ' '.join(local_ip_addresses)

		query = self._session.query(db_models.DeaddropConnection)
		query = query.filter_by(deployment_id=deployment.id, local_username=local_username, local_hostname=local_hostname)
		connection = query.first()
		if connection:
			connection.count += 1
			connection.last_seen = db_models.current_timestamp()
			new_connection = False
		else:
			connection = db_models.DeaddropConnection(campaign_id=deployment.campaign_id, deployment_id=deployment.id)
			connection.ip = self.get_client_ip()
			connection.local_username = local_username
			connection.local_hostname = local_hostname
			connection.local_ip_addresses = local_ip_addresses
			self._session.add(connection)
			new_connection = True
		self._session.commit()

		query = self._session.query(db_models.DeaddropConnection)
		query = query.filter_by(campaign_id=deployment.campaign_id)
		visit_count = query.count()
		self.semaphore_release()
		if new_connection and visit_count > 0 and ((visit_count in [1, 3, 5]) or ((visit_count % 10) == 0)):
			self.server.job_manager.job_run(self.issue_alert, (deployment.campaign_id, 'deaddrop_connections', visit_count))
		return