def new_post(request): """New post""" if request.method == "POST": editform = BlogEditForm(request.POST, request.FILES) if editform.is_valid(): post = editform.save(commit=False) post.user = request.user post.ip = get_ipaddress(request) post.save() return redirect(post.get_post_url()) elif request.method == "GET": editform = BlogEditForm() category_choices = settings.BLOG_CATEGORY return render( request, "blogs/edit_post.html", { 'form': editform, 'edit_type': 'new', 'category_choices': category_choices, } )
def __init__(self): Listener.__init__(self) self.name = 'http' self.author = '@byt3bl33d3r' self.description = 'HTTP listener' self.options = { # format: # value_name : {description, required, default_value} 'Name': { 'Description': 'Name for the listener.', 'Required': True, 'Value': 'http' }, #'StageURL': { # 'Description' : 'URL for staging.', # 'Required' : True, # 'Value' : f"https://{get_ipaddress()}" #}, 'BindIP': { 'Description': 'The IPv4/IPv6 address to bind to.', 'Required': True, 'Value': get_ipaddress() }, 'Port': { 'Description': 'Port for the listener.', 'Required': True, 'Value': 80 } }
def api_vote(request, liketype='dislike'): """API vote""" if request.method == 'POST': issue_id = request.POST['id'] ip = get_ipaddress(request) issue = get_object_or_404(Issue, pk=issue_id) claimusers = issue.claimusers.split(',') if ip not in claimusers: issue.claimusers += "," + ip if liketype == 'like': issue.goodcount += 1 else: issue.count += 1 issue.save() if request.user.is_authenticated(): if request.user.profile.point < settings.POINT_MAX: now = timezone.now() if issue.datetime > now - timezone.timedelta(days=7): request.user.profile.point += 1 request.user.profile.save() if liketype == 'like': return JsonResponse([issue.goodcount], safe=False, status=201) else: return JsonResponse([issue.count], safe=False, status=201) else: return JsonResponse({'status': 'false'}, status=400) else: return JsonResponse({'status': 'false'}, status=400)
def like_post(request): """API like_post""" if request.method == 'POST': id = request.POST['id'] ip = get_ipaddress(request) user = request.user post = get_object_or_404(Blog, pk=id) like_users = post.like_users.split(',') if post.user == user or ip == post.ip: msg = _("You like your own post?") return JsonResponse([0, msg], safe=False, status=201) if ip not in like_users: if post.like_users != '': post.like_users += "," post.like_users += ip post.like_count += 1 post.save() msg = _("You've liked this article") return JsonResponse( [post.like_count, msg], safe=False, status=201) else: msg = _("You've already liked") return JsonResponse([0, msg], safe=False, status=201) else: return error_page(request)
def __init__(self): Listener.__init__(self) self.name = 'http' self.author = '@byt3bl33d3r' self.description = 'HTTP listener' self.options = { # format: # value_name : {description, required, default_value} 'Name': { 'Description' : 'Name for the listener.', 'Required' : True, 'Value' : 'http' }, #'StageURL': { # 'Description' : 'URL for staging.', # 'Required' : True, # 'Value' : f"https://{get_ipaddress()}" #}, 'BindIP': { 'Description' : 'The IPv4/IPv6 address to bind to.', 'Required' : True, 'Value' : get_ipaddress() }, 'Port': { 'Description' : 'Port for the listener.', 'Required' : True, 'Value' : 80 } }
def new_article(request, table=0): """New article""" if int(table) == 0 or int(table) == 9 or (int(table) < 8 and not request.user.is_staff): return error_page(request) if request.method == "POST": editform = BoardEditForm(request.POST, request.FILES) if editform.is_valid(): article = editform.save(commit=False) if article.status != '1normal' and article.status != '2temp': if not request.user.is_staff: errormsg = _("Wrong status from user.") return error_page(request, errormsg) image_text = article.get_image_text() if image_text in article.content: article.has_image = True video_text = article.get_video_text() if video_text in article.content: article.has_video = True article.user = request.user article.ip = get_ipaddress(request) article.table = table article.save() if article.status == '2temp': return redirect(article.get_edit_url()) request.user.profile.last_article_at = timezone.now() request.user.profile.point += settings.POINT_ARTICLE request.user.profile.save() return redirect(article.get_absolute_url()) elif request.method == "GET": editform = BoardEditForm() board_table = BoardTable() if int(table) >= board_table.get_table_len(): return error_page(request) table_name = board_table.get_table_name(table) if table_name == '': return error_page(request) table_desc = board_table.get_table_desc(table) category_choices = board_table.get_category(table) return render( request, 'boards/edit_article.html', { 'form': editform, 'edit_type': 'new', 'table_name': table_name, 'table_desc': table_desc, 'category_choices': category_choices, })
def update_ip_list(sender, user, request, **kwargs): """Update ip list""" ip = get_ipaddress(request) ip_list = user.profile.ip_list.split(',') if ip not in ip_list: if user.profile.ip_list != '': user.profile.ip_list += "," user.profile.ip_list += ip user.profile.save()
def __init__(self): super().__init__() self.name = 'https' self.author = '@byt3bl33d3r' self.description = 'HTTPS listener' self.options = { # format: # value_name : {description, required, default_value} 'Name': { 'Description': 'Name for the listener.', 'Required': True, 'Value': 'https' }, #'StageURL': { # 'Description' : 'URL for staging.', # 'Required' : True, # 'Value' : f"https://{get_ipaddress()}" #}, 'BindIP': { 'Description': 'The IPv4/IPv6 address to bind to.', 'Required': True, 'Value': get_ipaddress() }, 'Port': { 'Description': 'Port for the listener.', 'Required': True, 'Value': 443 }, 'Cert': { 'Description': 'SSL Certificate file', 'Required': False, 'Value': 'data/cert.pem' }, 'Key': { 'Description': 'SSL Key file', 'Required': False, 'Value': 'data/key.pem' }, 'RegenCert': { 'Description': 'Regenerate TLS cert', 'Required': False, 'Value': False }, 'CallBackURls': { 'Description': 'Additional C2 Callback URLs (comma seperated)', 'Required': False, 'Value': '' }, 'Comms': { 'Description': 'C2 Comms to use', 'Required': True, 'Value': 'https' } }
def generate_listener(ip, port): listener = Listener() listener.name = args.listener if ip is None: ip = get_ipaddress() listener.options = { 'BindIP': {'Description': 'The IPv4/IPv6 address to bind to.', 'Required': True, 'Value': ip}, 'Port': {'Description': 'Port for the listener.', 'Required': True, 'Value': port}} return listener
def user_logged_in_signal(sender, user, request, **kwargs): """user_logged_in_signal""" ip = get_ipaddress(request) ip_list = user.profile.ip_list.split(',') if ip not in ip_list: if user.profile.ip_list != '': user.profile.ip_list += "," user.profile.ip_list += ip user.profile.save() UserSession.objects.get_or_create(user=user, session_id=request.session.session_key)
def conversation(request, user): """Conversation""" try: other = User.objects.filter(username__iexact=user).get() except ObjectDoesNotExist: errormsg = _('User does not exist.') return error_page(request, errormsg) if request.user == other: errormsg = _('Cannot send message to yourself.') return error_page(request, errormsg) if request.method == "POST": msgform = MsgForm(request.POST) if msgform.is_valid(): msg = msgform.save(commit=False) msg.sender = request.user msg.recipient = other msg.ip = get_ipaddress(request) msg.save() other.profile.msg_count += 1 other.profile.save() return redirect('msgs:conversation', user=other) else: errormsg = _('Form validation Failure') return error_page(request, errormsg) else: q = (Q(sender__username__iexact=other.username) & Q( recipient__username__iexact=request.user.username) & (Q( recipient_status='1normal') | Q(recipient_status='2read'))) | \ (Q(sender__username__iexact=request.user.username) & Q( recipient__username__iexact=other.username) & Q( sender_status='1normal')) msgs = Msg.objects.filter(q).order_by('id') unread_msgs = msgs.filter(recipient_status='1normal').filter( recipient__username__iexact=request.user.username) for um in unread_msgs: um.recipient_status = '2read' um.save() return render(request, "msgs/conversation.html", { 'msgs': msgs, 'other': other, })
def __init__(self): Listener.__init__(self) self.name = 'https' self.author = '@byt3bl33d3r' self.description = 'HTTPS listener' self.options = { # format: # value_name : {description, required, default_value} 'Name': { 'Description' : 'Name for the listener.', 'Required' : True, 'Value' : 'https' }, #'StageURL': { # 'Description' : 'URL for staging.', # 'Required' : True, # 'Value' : f"https://{get_ipaddress()}" #}, 'BindIP': { 'Description' : 'The IPv4/IPv6 address to bind to.', 'Required' : True, 'Value' : get_ipaddress() }, 'Port': { 'Description' : 'Port for the listener.', 'Required' : True, 'Value' : 443 }, 'Cert': { 'Description' : 'SSL Certificate file', 'Required' : False, 'Value' : 'data/cert.pem' }, 'Key': { 'Description' : 'SSL Key file', 'Required' : False, 'Value' : 'data/key.pem' }, 'RegenCert': { 'Description' : 'Regenerate TLS cert', 'Required' : False, 'Value' : False } }
def new_recruitment(request, table=0): """New recruitment""" if request.method == "POST": editform = TeamEditForm(request.POST) if editform.is_valid(): article = editform.save(commit=False) if article.status != '1normal': if not request.user.is_staff: errormsg = _("Wrong status from user.") return error_page(request, errormsg) article.user = request.user article.ip = get_ipaddress(request) article.table = table article.save() request.user.profile.last_article_at = timezone.now() request.user.profile.point += settings.POINT_ARTICLE request.user.profile.save() return redirect(article.get_article_url()) elif request.method == "GET": editform = TeamEditForm() team_table = TeamTable() if int(table) >= team_table.get_table_len(): return error_page(request) table_name = team_table.get_table_name(table) if table_name == '': return error_page(request) table_desc = team_table.get_table_desc(table) category_choices = team_table.get_category(table) return render( request, 'teams/edit_recruitment.html', { 'form': editform, 'edit_type': 'new', 'table_name': table_name, 'table_desc': table_desc, 'category_choices': category_choices, } )
def api_issue(request): """API for chrome extension""" if request.method == 'GET': issues = Issue.objects.all() serializer = IssueSerializer(issues, many=True) return JsonResponse(serializer.data, safe=False) elif request.method == 'POST': request.POST = request.POST.copy() request.POST['claimusers'] = get_ipaddress(request) serializer = IssueSerializer(data=request.POST) if serializer.is_valid(): serializer.save() if request.POST['nolook'] == u'true': count = serializer.data['count'] else: count = serializer.data['goodcount'] return JsonResponse([ count, ], safe=False, status=201) return JsonResponse(serializer.errors, status=400)
def generate_listener(ip, port): listener = Listener() listener.name = args.listener if ip is None: ip = get_ipaddress() listener.options = { 'BindIP': { 'Description': 'The IPv4/IPv6 address to bind to.', 'Required': True, 'Value': ip }, 'Port': { 'Description': 'Port for the listener.', 'Required': True, 'Value': port } } return listener
def __init__(self): Listener.__init__(self) self.name = 'http' self.author = '@byt3bl33d3r' self.description = 'HTTP listener' self.options = { # format: # value_name : {description, required, default_value} 'Name': { 'Description': 'Name for the listener.', 'Required': True, 'Value': 'http' }, #'Host': { # 'Description' : 'Hostname/IP for staging.', # 'Required' : True, # 'Value' : f"https://{get_ipaddress()}" #}, 'BindIP': { 'Description': 'The IPv4/IPv6 address to bind to.', 'Required': True, 'Value': get_ipaddress() }, 'Port': { 'Description': 'Port for the listener.', 'Required': True, 'Value': 443 }, 'Cert': { 'Description': 'SSL Certificate file', 'Required': False, 'Value': 'data/cert.pem' }, 'Key': { 'Description': 'SSL Key file', 'Required': False, 'Value': 'data/key.pem' } }
def __init__(self): super().__init__() self.name = 'dns' self.author = '@byt3bl33d3r' self.description = 'DNS Listener' #self.dnsresponses = DNSResponses() self.TXT_responses = {} self.A_responses = {} self.options = { # format: # value_name : {description, required, default_value} 'Name': { 'Description': 'Name for the listener.', 'Required': True, 'Value': 'dns' }, 'BindIP': { 'Description': 'The IPv4/IPv6 address to bind to.', 'Required': True, 'Value': get_ipaddress() }, 'Domain': { 'Description': 'The domain to use.', 'Required': True, 'Value': "" }, 'Port': { 'Description': 'Port for the listener.', 'Required': True, 'Value': 53 }, 'Comms': { 'Description': 'C2 Comms to use', 'Required': True, 'Value': 'doh-dns_google' } }
def send(request, user): """Send message""" try: recipient = User.objects.filter(username__iexact=user).get() except ObjectDoesNotExist: errormsg = _('User does not exist.') return error_page(request, errormsg) if request.user == recipient: errormsg = _('Cannot send message to yourself.') return error_page(request, errormsg) if request.method == "POST": msgform = MsgForm(request.POST) if msgform.is_valid(): message = msgform.save(commit=False) message.sender = request.user message.recipient = recipient message.ip = get_ipaddress(request) message.save() recipient.profile.msg_count += 1 recipient.profile.save() return redirect('msgs:inbox', page=1) else: msg = _('Form validation Failure') elif request.method == "GET": msg = "" msgform = MsgForm(instance=request.user.profile) return render(request, "msgs/send_msg.html", { 'msgform': msgform, 'recipient': recipient, 'msg': msg, })
def write_team_reply(request): """API write_team_reply""" if not request.user.is_authenticated: return JsonResponse({'status': 'false'}, status=401) if request.method == 'POST': id = request.POST['article_id'] reply_id = rt_id = int(request.POST['reply_id']) reply_to = '' form = TeamReplyEditForm(request.POST) if form.is_valid(): article = get_object_or_404(Team, pk=id) if (article.status == '5hidden' or article.status == '6deleted') \ and not request.user.is_staff: return JsonResponse({'status': 'false'}, status=402) reply = form.save(commit=False) parent_id = reply_id while parent_id != 0: parent = get_object_or_404(TeamReply, pk=parent_id) if parent: if parent_id == reply_id and request.user != parent.user: reply_to = parent.user.username parent_id = parent.reply_id if parent_id == 0: reply_id = parent.id else: return JsonResponse({'status': 'false'}, status=400) reply.reply_id = reply_id reply.reply_to = reply_to reply.status = '1normal' reply.user = request.user reply.ip = get_ipaddress(request) reply.save() article.reply_count += 1 article.save() if article.user != request.user and reply_id == 0: if article.user.profile.alarm_board: if article.user.profile.alarm_list != '': article.user.profile.alarm_list += ',' alarm_text = 'bt:%d' % article.id article.user.profile.alarm_list += alarm_text article.user.profile.alarm = True article.user.profile.save() elif reply_to != request.user.username and reply_id > 0: user = User.objects.filter(username=reply_to) if user: if user[0].profile.alarm_reply: if user[0].profile.alarm_list != '': user[0].profile.alarm_list += ',' alarm_text = 'rt:%d' % rt_id user[0].profile.alarm_list += alarm_text user[0].profile.alarm = True user[0].save() request.user.profile.last_reply_at = timezone.now() request.user.profile.point += settings.POINT_REPLY request.user.profile.save() replies = TeamReply.objects.filter(article_id=id).annotate( custom_order=Case( When(reply_id=0, then='id'), default='reply_id', output_field=IntegerField(), ) ).order_by('custom_order', 'id') return render_to_response( 'teams/show_team_reply.html', { 'user': request.user, 'article_user': article.user, 'replies': replies, 'count': replies.count() } ) return JsonResponse({'status': 'false'}, status=400) else: return error_to_response(request)
def write_comment(request): """API write_comment""" if request.method == 'POST': id = request.POST['post_id'] comment_id = r_id = int(request.POST['comment_id']) username = request.POST['username'] form = CommentEditForm(request.POST) if form.is_valid(): post = get_object_or_404(Blog, pk=id) if post.status != '1normal' and not request.user.is_staff: return JsonResponse({'status': 'false'}, status=402) comment = form.save(commit=False) parent_id = comment_id while parent_id != 0: parent = get_object_or_404(Comment, pk=parent_id) if parent: parent_id = parent.comment_id if parent_id == 0: comment_id = parent.id else: return JsonResponse({'status': 'false'}, status=400) comment.comment_id = comment_id comment.ip = get_ipaddress(request) comment.status = '1normal' if request.user.is_authenticated: comment.userid = request.user.username else: comment.username = username if check_spam(request, comment): comment.status = '7spam' comment.save() post.comment_count += 1 post.save() if comment.status != '7spam': if post.user != request.user and comment_id == 0: if post.user.profile.alarm_list != '': post.user.profile.alarm_list += ',' alarm_text = 'l:%d' % post.id post.user.profile.alarm_list += alarm_text post.user.profile.alarm = True post.user.profile.save() elif comment_id > 0: comment_to = get_object_or_404(Comment, pk=comment_id) if comment_to and comment_to.userid: user = User.objects.filter(username=comment_to.userid) if user and user[0] is not request.user: if user[0].profile.alarm_reply: if user[0].profile.alarm_list != '': user[0].profile.alarm_list += ',' alarm_text = 'c:%d' % r_id user[0].profile.alarm_list += alarm_text user[0].profile.alarm = True user[0].save() q = Q(status='1normal') comments = Comment.objects.filter(post_id=id).filter(q).annotate( custom_order=Case( When(comment_id=0, then='id'), default='comment_id', output_field=IntegerField(), ) ).order_by('custom_order', 'id') return render_to_response( 'blogs/show_comment.html', { 'user': request.user, 'post_user': post.user.username, 'comments': comments, 'count': comments.count() } ) return JsonResponse({'status': 'false'}, status=400) else: return error_to_response(request)