Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
malwaredllc
GitHub Repository: malwaredllc/byob
 Path: blob/master/web-gui/buildyourownbotnet/users/routes.py
1292 views
1
import os

2
import json

3
import requests

4
from flask import (

5
	Blueprint, flash, redirect, render_template, 

6
	request, url_for, send_from_directory

7
)

8
from flask_login import login_user, logout_user, current_user, login_required

9
from buildyourownbotnet import client, c2

10
from buildyourownbotnet.core.dao import user_dao

11
from buildyourownbotnet.users.forms import RegistrationForm, LoginForm, UpdateAccountForm, ResetPasswordForm

12
from buildyourownbotnet.models import db, bcrypt, User, Session

13


14


15
# Blueprint

16
users = Blueprint('users', __name__)

17


18
# Globals

19
OUTPUT_DIR = os.path.abspath('buildyourownbotnet/output')

20


21


22
# Routes

23
@users.route("/register", methods=["GET", "POST"])

24
def register():

25
	"""Register user"""

26


27
	form = RegistrationForm()

28
	if form.validate_on_submit():

29
		# only allow 1 user on locally hosted version

30
		if len(User.query.all()) == 0:

31
			# add user to database

32
			hashed_password = bcrypt.generate_password_hash(form.password.data).decode('utf-8')

33
			user = User(username=form.username.data, password=hashed_password)

34
			db.session.add(user)

35
			db.session.commit()

36


37
			# create user directory

38
			user_dir = os.path.join(OUTPUT_DIR, user.username)

39
			if not os.path.exists(user_dir):

40
				os.makedirs(user_dir)

41


42
			# create user src directory

43
			src_dir = os.path.join(user_dir, 'src')

44
			if not os.path.exists(src_dir):

45
				os.makedirs(src_dir)

46


47
			# create user exfiltrated files directory

48
			files_dir = os.path.join(user_dir, 'files')

49
			if not os.path.exists(files_dir):

50
				os.makedirs(files_dir)

51


52
			# initialize c2 session storage

53
			c2.sessions[user.username] = {}

54


55
			# notify user and redirect to login

56
			flash("You have successfully registered!", 'info')

57
			logout_user()

58
			return redirect(url_for('users.login'))

59
		else:

60
			flash("User already exists on this server.", 'danger')

61


62
	return render_template("register.html", form=form, title="Register")

63
	

64


65
@users.route("/login", methods=['GET', 'POST'])

66
def login():

67
	"""Log user in"""

68
	if current_user.is_authenticated:

69
		return redirect(url_for('main.sessions'))

70


71
	form = LoginForm()

72
	if form.validate_on_submit():

73
		user = user_dao.get_user(username=form.username.data)

74
		if user and bcrypt.check_password_hash(user.password, form.password.data):

75
			login_user(user)

76
			next_page = request.args.get('next')

77
			return redirect(next_page) if next_page else redirect(url_for('main.sessions'))

78
		flash("Invalid username/password.", 'danger')

79
	return render_template("login.html", form=form, title="Log In"), 403

80


81


82
@users.route("/account", methods=['GET','POST'])

83
@login_required

84
def account():

85
	"""Account configuration page."""

86
	form = ResetPasswordForm()

87
	if form.validate_on_submit():

88


89
		# update user's password in the database

90
		user = User.query.filter_by(username=current_user.username).first()

91
		hashed_password = bcrypt.generate_password_hash(form.password.data).decode('utf-8')

92
		user.password = hashed_password

93
		db.session.commit()

94
		flash("Your password has been updated.", "success")

95
		db.session.commit()

96
	return render_template("account.html", 

97
							title="Account",

98
							form=form)

99


100


101
@users.route('/logout')

102
@login_required

103
def logout():

104
	"""Log out"""

105
	logout_user()

106
	return render_template("home.html")

107


108