def end(self, successful):
self['happened_before'] = tz_utcnow().isoformat()
# self['successful'] = successful
if not successful:
return None
return self
def login_user(username, password) -> str:
try:
site_user = SiteUser.objects.get(username=username)
except SiteUser.DoesNotExist:
return False
if not _verify(password.encode(), site_user.password, site_user.salt):
return False
site_user.update(last_login=tz_utcnow())
return True
def __init__(self, obj, action, host, start_time=None, fields=None):
if start_time is None:
start_time = tz_utcnow().isoformat()
if fields is None:
fields = {}
super().__init__()
self['id'] = str(uuid.uuid4())
self['nodetype'] = 'event'
self['host'] = host
self['object'] = obj
self['action'] = action
self['happened_after'] = start_time
self.update(**fields)
async def action(operation, rat, time_delta, dest_host, user, rat_file, cred, domain, schtask_g, rat_g):
delta = timedelta(seconds=time_delta['seconds'],
microseconds=time_delta['microseconds'],
days=time_delta['days'])
task_name = 'caldera_task1'
exe_path = rat_file.path
arguments = '-d'
t = tz_utcnow() - delta + timedelta(seconds=120)
await operation.execute_shell_command(rat, *schtasks.create(task_name, exe_path, arguments=arguments,
remote_host=dest_host.fqdn,
user=user.username, user_domain=domain.windows_domain,
password=cred.password, start_time=t,
remote_user="******"))
await schtask_g({"name": task_name, 'exe_path': exe_path, "arguments": arguments, "user": user,
"cred": cred, "start_time": t})
await rat_g()
return True
async def rat_login(self, request):
token = None
try:
token = auth.Token(request.cookies.get('AUTH'), self.auth_key)
except:
pass
data = await request.json()
if "agent" in data:
ip, port = request.transport.get_extra_info('peername')
try:
lookup_hostname = socket.gethostbyaddr(ip)[0].split(".")[0].lower()
except socket.herror as herr:
lookup_hostname = data['hostname']
for x in ("fqdn", "hostname", "windows_domain", "dns_domain"):
if x in data:
data[x] = data[x].lower()
if "hostname" in data:
if data["hostname"] != lookup_hostname:
print("Agent reported hostname as '{}' but it actually is '{}'".format(data["hostname"],
lookup_hostname))
else:
data['hostname'] = lookup_hostname
domain_dict = {k: data[k] for k in ('windows_domain', 'dns_domain')}
domain_dict.update({'is_simulated': False})
with self.api_logic.dao as con:
# Check if the domain exists, if it doesn't create a new one
domain = con.find('domain', key='dns_domain', value=domain_dict['dns_domain'])
if len(domain) == 0:
domain = con.create('domain', dict(dns_domain=domain_dict['dns_domain'],
windows_domain=domain_dict['windows_domain'],
is_simulated=domain_dict['is_simulated']))
else:
domain = ObjectId(domain[0]['id'])
# Check if the host exists in the database, if it doesn't create a new object. If it does, update time
host = con.find('host', key='fqdn', value=data['fqdn'])
if len(host) == 0:
host = con.create('host', dict(hostname=data['hostname'],
status="active",
IP=ip,
last_seen=util.tz_utcnow(),
fqdn=data['fqdn'],
domain=domain))
else:
con.update('host', id=host[0]['id'], data=dict(last_seen=datetime.now()))
host = ObjectId(host[0]['id'])
# check if the existing agent is registered, if not, create a new entry
agent = con.find('agent', key='host', value=host)
if len(agent) == 0:
agent = con.create('agent', dict(host=host,
alive=True,
check_in=datetime.now()))
else:
agent = ObjectId(agent[0]['id'])
token = auth.login_generic(self.auth_key, ["agent"], {'_id': agent})
if token is not None:
resp = web.Response(text=token)
resp.set_cookie('AUTH', value=token, secure=True)
else:
resp = web.HTTPForbidden()
return resp