def new_post(request):
"""New post"""
if request.method == "POST":
editform = BlogEditForm(request.POST, request.FILES)
if editform.is_valid():
post = editform.save(commit=False)
post.user = request.user
post.ip = get_ipaddress(request)
post.save()
return redirect(post.get_post_url())
elif request.method == "GET":
editform = BlogEditForm()
category_choices = settings.BLOG_CATEGORY
return render(
request,
"blogs/edit_post.html",
{
'form': editform,
'edit_type': 'new',
'category_choices': category_choices,
}
)
def __init__(self):
Listener.__init__(self)
self.name = 'http'
self.author = '@byt3bl33d3r'
self.description = 'HTTP listener'
self.options = {
# format:
# value_name : {description, required, default_value}
'Name': {
'Description': 'Name for the listener.',
'Required': True,
'Value': 'http'
},
#'StageURL': {
# 'Description' : 'URL for staging.',
# 'Required' : True,
# 'Value' : f"https://{get_ipaddress()}"
#},
'BindIP': {
'Description': 'The IPv4/IPv6 address to bind to.',
'Required': True,
'Value': get_ipaddress()
},
'Port': {
'Description': 'Port for the listener.',
'Required': True,
'Value': 80
}
}
def api_vote(request, liketype='dislike'):
"""API vote"""
if request.method == 'POST':
issue_id = request.POST['id']
ip = get_ipaddress(request)
issue = get_object_or_404(Issue, pk=issue_id)
claimusers = issue.claimusers.split(',')
if ip not in claimusers:
issue.claimusers += "," + ip
if liketype == 'like':
issue.goodcount += 1
else:
issue.count += 1
issue.save()
if request.user.is_authenticated():
if request.user.profile.point < settings.POINT_MAX:
now = timezone.now()
if issue.datetime > now - timezone.timedelta(days=7):
request.user.profile.point += 1
request.user.profile.save()
if liketype == 'like':
return JsonResponse([issue.goodcount], safe=False, status=201)
else:
return JsonResponse([issue.count], safe=False, status=201)
else:
return JsonResponse({'status': 'false'}, status=400)
else:
return JsonResponse({'status': 'false'}, status=400)
def like_post(request):
"""API like_post"""
if request.method == 'POST':
id = request.POST['id']
ip = get_ipaddress(request)
user = request.user
post = get_object_or_404(Blog, pk=id)
like_users = post.like_users.split(',')
if post.user == user or ip == post.ip:
msg = _("You like your own post?")
return JsonResponse([0, msg], safe=False, status=201)
if ip not in like_users:
if post.like_users != '':
post.like_users += ","
post.like_users += ip
post.like_count += 1
post.save()
msg = _("You've liked this article")
return JsonResponse(
[post.like_count, msg], safe=False, status=201)
else:
msg = _("You've already liked")
return JsonResponse([0, msg], safe=False, status=201)
else:
return error_page(request)
def __init__(self):
Listener.__init__(self)
self.name = 'http'
self.author = '@byt3bl33d3r'
self.description = 'HTTP listener'
self.options = {
# format:
# value_name : {description, required, default_value}
'Name': {
'Description' : 'Name for the listener.',
'Required' : True,
'Value' : 'http'
},
#'StageURL': {
# 'Description' : 'URL for staging.',
# 'Required' : True,
# 'Value' : f"https://{get_ipaddress()}"
#},
'BindIP': {
'Description' : 'The IPv4/IPv6 address to bind to.',
'Required' : True,
'Value' : get_ipaddress()
},
'Port': {
'Description' : 'Port for the listener.',
'Required' : True,
'Value' : 80
}
}
def new_article(request, table=0):
"""New article"""
if int(table) == 0 or int(table) == 9 or (int(table) < 8
and not request.user.is_staff):
return error_page(request)
if request.method == "POST":
editform = BoardEditForm(request.POST, request.FILES)
if editform.is_valid():
article = editform.save(commit=False)
if article.status != '1normal' and article.status != '2temp':
if not request.user.is_staff:
errormsg = _("Wrong status from user.")
return error_page(request, errormsg)
image_text = article.get_image_text()
if image_text in article.content:
article.has_image = True
video_text = article.get_video_text()
if video_text in article.content:
article.has_video = True
article.user = request.user
article.ip = get_ipaddress(request)
article.table = table
article.save()
if article.status == '2temp':
return redirect(article.get_edit_url())
request.user.profile.last_article_at = timezone.now()
request.user.profile.point += settings.POINT_ARTICLE
request.user.profile.save()
return redirect(article.get_absolute_url())
elif request.method == "GET":
editform = BoardEditForm()
board_table = BoardTable()
if int(table) >= board_table.get_table_len():
return error_page(request)
table_name = board_table.get_table_name(table)
if table_name == '':
return error_page(request)
table_desc = board_table.get_table_desc(table)
category_choices = board_table.get_category(table)
return render(
request, 'boards/edit_article.html', {
'form': editform,
'edit_type': 'new',
'table_name': table_name,
'table_desc': table_desc,
'category_choices': category_choices,
})
def update_ip_list(sender, user, request, **kwargs):
"""Update ip list"""
ip = get_ipaddress(request)
ip_list = user.profile.ip_list.split(',')
if ip not in ip_list:
if user.profile.ip_list != '':
user.profile.ip_list += ","
user.profile.ip_list += ip
user.profile.save()
def __init__(self):
super().__init__()
self.name = 'https'
self.author = '@byt3bl33d3r'
self.description = 'HTTPS listener'
self.options = {
# format:
# value_name : {description, required, default_value}
'Name': {
'Description': 'Name for the listener.',
'Required': True,
'Value': 'https'
},
#'StageURL': {
# 'Description' : 'URL for staging.',
# 'Required' : True,
# 'Value' : f"https://{get_ipaddress()}"
#},
'BindIP': {
'Description': 'The IPv4/IPv6 address to bind to.',
'Required': True,
'Value': get_ipaddress()
},
'Port': {
'Description': 'Port for the listener.',
'Required': True,
'Value': 443
},
'Cert': {
'Description': 'SSL Certificate file',
'Required': False,
'Value': 'data/cert.pem'
},
'Key': {
'Description': 'SSL Key file',
'Required': False,
'Value': 'data/key.pem'
},
'RegenCert': {
'Description': 'Regenerate TLS cert',
'Required': False,
'Value': False
},
'CallBackURls': {
'Description': 'Additional C2 Callback URLs (comma seperated)',
'Required': False,
'Value': ''
},
'Comms': {
'Description': 'C2 Comms to use',
'Required': True,
'Value': 'https'
}
}
def generate_listener(ip, port):
listener = Listener()
listener.name = args.listener
if ip is None:
ip = get_ipaddress()
listener.options = {
'BindIP': {'Description': 'The IPv4/IPv6 address to bind to.', 'Required': True, 'Value': ip},
'Port': {'Description': 'Port for the listener.', 'Required': True, 'Value': port}}
return listener
def user_logged_in_signal(sender, user, request, **kwargs):
"""user_logged_in_signal"""
ip = get_ipaddress(request)
ip_list = user.profile.ip_list.split(',')
if ip not in ip_list:
if user.profile.ip_list != '':
user.profile.ip_list += ","
user.profile.ip_list += ip
user.profile.save()
UserSession.objects.get_or_create(user=user,
session_id=request.session.session_key)
def conversation(request, user):
"""Conversation"""
try:
other = User.objects.filter(username__iexact=user).get()
except ObjectDoesNotExist:
errormsg = _('User does not exist.')
return error_page(request, errormsg)
if request.user == other:
errormsg = _('Cannot send message to yourself.')
return error_page(request, errormsg)
if request.method == "POST":
msgform = MsgForm(request.POST)
if msgform.is_valid():
msg = msgform.save(commit=False)
msg.sender = request.user
msg.recipient = other
msg.ip = get_ipaddress(request)
msg.save()
other.profile.msg_count += 1
other.profile.save()
return redirect('msgs:conversation', user=other)
else:
errormsg = _('Form validation Failure')
return error_page(request, errormsg)
else:
q = (Q(sender__username__iexact=other.username) & Q(
recipient__username__iexact=request.user.username) & (Q(
recipient_status='1normal') | Q(recipient_status='2read'))) | \
(Q(sender__username__iexact=request.user.username) & Q(
recipient__username__iexact=other.username) & Q(
sender_status='1normal'))
msgs = Msg.objects.filter(q).order_by('id')
unread_msgs = msgs.filter(recipient_status='1normal').filter(
recipient__username__iexact=request.user.username)
for um in unread_msgs:
um.recipient_status = '2read'
um.save()
return render(request, "msgs/conversation.html", {
'msgs': msgs,
'other': other,
})
def __init__(self):
Listener.__init__(self)
self.name = 'https'
self.author = '@byt3bl33d3r'
self.description = 'HTTPS listener'
self.options = {
# format:
# value_name : {description, required, default_value}
'Name': {
'Description' : 'Name for the listener.',
'Required' : True,
'Value' : 'https'
},
#'StageURL': {
# 'Description' : 'URL for staging.',
# 'Required' : True,
# 'Value' : f"https://{get_ipaddress()}"
#},
'BindIP': {
'Description' : 'The IPv4/IPv6 address to bind to.',
'Required' : True,
'Value' : get_ipaddress()
},
'Port': {
'Description' : 'Port for the listener.',
'Required' : True,
'Value' : 443
},
'Cert': {
'Description' : 'SSL Certificate file',
'Required' : False,
'Value' : 'data/cert.pem'
},
'Key': {
'Description' : 'SSL Key file',
'Required' : False,
'Value' : 'data/key.pem'
},
'RegenCert': {
'Description' : 'Regenerate TLS cert',
'Required' : False,
'Value' : False
}
}
def new_recruitment(request, table=0):
"""New recruitment"""
if request.method == "POST":
editform = TeamEditForm(request.POST)
if editform.is_valid():
article = editform.save(commit=False)
if article.status != '1normal':
if not request.user.is_staff:
errormsg = _("Wrong status from user.")
return error_page(request, errormsg)
article.user = request.user
article.ip = get_ipaddress(request)
article.table = table
article.save()
request.user.profile.last_article_at = timezone.now()
request.user.profile.point += settings.POINT_ARTICLE
request.user.profile.save()
return redirect(article.get_article_url())
elif request.method == "GET":
editform = TeamEditForm()
team_table = TeamTable()
if int(table) >= team_table.get_table_len():
return error_page(request)
table_name = team_table.get_table_name(table)
if table_name == '':
return error_page(request)
table_desc = team_table.get_table_desc(table)
category_choices = team_table.get_category(table)
return render(
request,
'teams/edit_recruitment.html',
{
'form': editform,
'edit_type': 'new',
'table_name': table_name,
'table_desc': table_desc,
'category_choices': category_choices,
}
)
def api_issue(request):
"""API for chrome extension"""
if request.method == 'GET':
issues = Issue.objects.all()
serializer = IssueSerializer(issues, many=True)
return JsonResponse(serializer.data, safe=False)
elif request.method == 'POST':
request.POST = request.POST.copy()
request.POST['claimusers'] = get_ipaddress(request)
serializer = IssueSerializer(data=request.POST)
if serializer.is_valid():
serializer.save()
if request.POST['nolook'] == u'true':
count = serializer.data['count']
else:
count = serializer.data['goodcount']
return JsonResponse([
count,
], safe=False, status=201)
return JsonResponse(serializer.errors, status=400)
def generate_listener(ip, port):
listener = Listener()
listener.name = args.listener
if ip is None:
ip = get_ipaddress()
listener.options = {
'BindIP': {
'Description': 'The IPv4/IPv6 address to bind to.',
'Required': True,
'Value': ip
},
'Port': {
'Description': 'Port for the listener.',
'Required': True,
'Value': port
}
}
return listener
def __init__(self):
Listener.__init__(self)
self.name = 'http'
self.author = '@byt3bl33d3r'
self.description = 'HTTP listener'
self.options = {
# format:
# value_name : {description, required, default_value}
'Name': {
'Description': 'Name for the listener.',
'Required': True,
'Value': 'http'
},
#'Host': {
# 'Description' : 'Hostname/IP for staging.',
# 'Required' : True,
# 'Value' : f"https://{get_ipaddress()}"
#},
'BindIP': {
'Description': 'The IPv4/IPv6 address to bind to.',
'Required': True,
'Value': get_ipaddress()
},
'Port': {
'Description': 'Port for the listener.',
'Required': True,
'Value': 443
},
'Cert': {
'Description': 'SSL Certificate file',
'Required': False,
'Value': 'data/cert.pem'
},
'Key': {
'Description': 'SSL Key file',
'Required': False,
'Value': 'data/key.pem'
}
}
def __init__(self):
super().__init__()
self.name = 'dns'
self.author = '@byt3bl33d3r'
self.description = 'DNS Listener'
#self.dnsresponses = DNSResponses()
self.TXT_responses = {}
self.A_responses = {}
self.options = {
# format:
# value_name : {description, required, default_value}
'Name': {
'Description': 'Name for the listener.',
'Required': True,
'Value': 'dns'
},
'BindIP': {
'Description': 'The IPv4/IPv6 address to bind to.',
'Required': True,
'Value': get_ipaddress()
},
'Domain': {
'Description': 'The domain to use.',
'Required': True,
'Value': ""
},
'Port': {
'Description': 'Port for the listener.',
'Required': True,
'Value': 53
},
'Comms': {
'Description': 'C2 Comms to use',
'Required': True,
'Value': 'doh-dns_google'
}
}
def send(request, user):
"""Send message"""
try:
recipient = User.objects.filter(username__iexact=user).get()
except ObjectDoesNotExist:
errormsg = _('User does not exist.')
return error_page(request, errormsg)
if request.user == recipient:
errormsg = _('Cannot send message to yourself.')
return error_page(request, errormsg)
if request.method == "POST":
msgform = MsgForm(request.POST)
if msgform.is_valid():
message = msgform.save(commit=False)
message.sender = request.user
message.recipient = recipient
message.ip = get_ipaddress(request)
message.save()
recipient.profile.msg_count += 1
recipient.profile.save()
return redirect('msgs:inbox', page=1)
else:
msg = _('Form validation Failure')
elif request.method == "GET":
msg = ""
msgform = MsgForm(instance=request.user.profile)
return render(request, "msgs/send_msg.html", {
'msgform': msgform,
'recipient': recipient,
'msg': msg,
})
def write_team_reply(request):
"""API write_team_reply"""
if not request.user.is_authenticated:
return JsonResponse({'status': 'false'}, status=401)
if request.method == 'POST':
id = request.POST['article_id']
reply_id = rt_id = int(request.POST['reply_id'])
reply_to = ''
form = TeamReplyEditForm(request.POST)
if form.is_valid():
article = get_object_or_404(Team, pk=id)
if (article.status == '5hidden' or article.status == '6deleted') \
and not request.user.is_staff:
return JsonResponse({'status': 'false'}, status=402)
reply = form.save(commit=False)
parent_id = reply_id
while parent_id != 0:
parent = get_object_or_404(TeamReply, pk=parent_id)
if parent:
if parent_id == reply_id and request.user != parent.user:
reply_to = parent.user.username
parent_id = parent.reply_id
if parent_id == 0:
reply_id = parent.id
else:
return JsonResponse({'status': 'false'}, status=400)
reply.reply_id = reply_id
reply.reply_to = reply_to
reply.status = '1normal'
reply.user = request.user
reply.ip = get_ipaddress(request)
reply.save()
article.reply_count += 1
article.save()
if article.user != request.user and reply_id == 0:
if article.user.profile.alarm_board:
if article.user.profile.alarm_list != '':
article.user.profile.alarm_list += ','
alarm_text = 'bt:%d' % article.id
article.user.profile.alarm_list += alarm_text
article.user.profile.alarm = True
article.user.profile.save()
elif reply_to != request.user.username and reply_id > 0:
user = User.objects.filter(username=reply_to)
if user:
if user[0].profile.alarm_reply:
if user[0].profile.alarm_list != '':
user[0].profile.alarm_list += ','
alarm_text = 'rt:%d' % rt_id
user[0].profile.alarm_list += alarm_text
user[0].profile.alarm = True
user[0].save()
request.user.profile.last_reply_at = timezone.now()
request.user.profile.point += settings.POINT_REPLY
request.user.profile.save()
replies = TeamReply.objects.filter(article_id=id).annotate(
custom_order=Case(
When(reply_id=0, then='id'),
default='reply_id',
output_field=IntegerField(),
)
).order_by('custom_order', 'id')
return render_to_response(
'teams/show_team_reply.html',
{
'user': request.user,
'article_user': article.user,
'replies': replies,
'count': replies.count()
}
)
return JsonResponse({'status': 'false'}, status=400)
else:
return error_to_response(request)
def write_comment(request):
"""API write_comment"""
if request.method == 'POST':
id = request.POST['post_id']
comment_id = r_id = int(request.POST['comment_id'])
username = request.POST['username']
form = CommentEditForm(request.POST)
if form.is_valid():
post = get_object_or_404(Blog, pk=id)
if post.status != '1normal' and not request.user.is_staff:
return JsonResponse({'status': 'false'}, status=402)
comment = form.save(commit=False)
parent_id = comment_id
while parent_id != 0:
parent = get_object_or_404(Comment, pk=parent_id)
if parent:
parent_id = parent.comment_id
if parent_id == 0:
comment_id = parent.id
else:
return JsonResponse({'status': 'false'}, status=400)
comment.comment_id = comment_id
comment.ip = get_ipaddress(request)
comment.status = '1normal'
if request.user.is_authenticated:
comment.userid = request.user.username
else:
comment.username = username
if check_spam(request, comment):
comment.status = '7spam'
comment.save()
post.comment_count += 1
post.save()
if comment.status != '7spam':
if post.user != request.user and comment_id == 0:
if post.user.profile.alarm_list != '':
post.user.profile.alarm_list += ','
alarm_text = 'l:%d' % post.id
post.user.profile.alarm_list += alarm_text
post.user.profile.alarm = True
post.user.profile.save()
elif comment_id > 0:
comment_to = get_object_or_404(Comment, pk=comment_id)
if comment_to and comment_to.userid:
user = User.objects.filter(username=comment_to.userid)
if user and user[0] is not request.user:
if user[0].profile.alarm_reply:
if user[0].profile.alarm_list != '':
user[0].profile.alarm_list += ','
alarm_text = 'c:%d' % r_id
user[0].profile.alarm_list += alarm_text
user[0].profile.alarm = True
user[0].save()
q = Q(status='1normal')
comments = Comment.objects.filter(post_id=id).filter(q).annotate(
custom_order=Case(
When(comment_id=0, then='id'),
default='comment_id',
output_field=IntegerField(),
)
).order_by('custom_order', 'id')
return render_to_response(
'blogs/show_comment.html',
{
'user': request.user,
'post_user': post.user.username,
'comments': comments,
'count': comments.count()
}
)
return JsonResponse({'status': 'false'}, status=400)
else:
return error_to_response(request)
