crash.software
Projects
Pull Requests
Issues
Builds
goc2
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY goc2 Commits 85dfd006
🤬
Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)
  • ■ ■ ■ ■ ■ ■
    pkg/cli/cli.go
    1 1  package cli
    2 2   
    3 3  import (
     4 + "bytes"
    4 5   "encoding/json"
    5 6   "fmt"
    6 7   "io"
    7 8   "io/ioutil"
    8 9   "log"
     10 + "mime/multipart"
    9 11   "net/http"
    10 12   "net/url"
    11 13   "os"
     14 + "path/filepath"
    12 15   "strconv"
    13 16   "strings"
    14 17   "time"
    skipped 152 lines
    167 170   }
    168 171   
    169 172   if strings.Contains(cmdString, "upload ") {
    170  - uuid := shortuuid.New()
     173 + //uuid := shortuuid.New()
    171 174   parts := strings.Split(cmdString, " ")
    172 175   file := parts[1]
    173  - copy(file, "/tmp/"+uuid)
    174  - cmdString = "upload " + uuid
     176 + //copy(file, "/tmp/"+uuid)
     177 + tempfile := uploadFile(file, c2)
     178 + cmdString = "upload " + tempfile
    175 179   cmdid := sendCommand(cmdString, agent, c2)
    176 180   deadline := time.Now().Add(15 * time.Second)
    177 181   for {
    skipped 16 lines
    194 198   deadline := time.Now().Add(15 * time.Second)
    195 199   for {
    196 200   id, output := getOutput(c2+"/api/cmd/output/"+agent+"/"+cmdid, c2, cmdid)
     201 + if strings.Contains(output, "Location:") {
     202 + parts := strings.Split(output, " ")
     203 + path := parts[1]
     204 + file := filepath.Base(path)
     205 + downloadFile("/tmp/"+file, c2+"/files/"+file)
     206 + fmt.Println("Process Download" + file)
     207 + }
    197 208   if id == cmdid && output != "" || cmdString == "" {
    198 209   fmt.Fprintln(os.Stderr, output)
    199 210   wd := getAgentWorking(c2 + "/api/agent/" + agent)
    skipped 203 lines
    403 414   return nBytes, err
    404 415  }
    405 416   
     417 +func downloadFile(filepath string, url string) error {
     418 + 
     419 + // Get the data
     420 + resp, err := http.Get(url)
     421 + if err != nil {
     422 + fmt.Println("err:", err)
     423 + return err
     424 + }
     425 + defer resp.Body.Close()
     426 + 
     427 + // Create the file
     428 + out, err := os.Create(filepath)
     429 + if err != nil {
     430 + return err
     431 + }
     432 + defer out.Close()
     433 + 
     434 + // Write the body to file
     435 + _, err = io.Copy(out, resp.Body)
     436 + return err
     437 +}
     438 + 
     439 +func uploadFile(path string, c2 string) string {
     440 + extraParams := map[string]string{
     441 + "operator": "none",
     442 + }
     443 + request, err := newfileUploadRequest(c2+"/api/cmd/files", extraParams, "myFile", path)
     444 + if err != nil {
     445 + log.Fatal(err)
     446 + }
     447 + client := &http.Client{}
     448 + resp, err := client.Do(request)
     449 + if err != nil {
     450 + log.Fatal(err)
     451 + } else {
     452 + body := &bytes.Buffer{}
     453 + _, err := body.ReadFrom(resp.Body)
     454 + if err != nil {
     455 + log.Fatal(err)
     456 + }
     457 + resp.Body.Close()
     458 + //fmt.Println(resp.StatusCode)
     459 + //fmt.Println(resp.Header)
     460 + fmt.Println(body.String())
     461 + return body.String()
     462 + }
     463 + return ""
     464 +}
     465 + 
     466 +// Creates a new file upload http request with optional extra params
     467 +func newfileUploadRequest(uri string, params map[string]string, paramName, path string) (*http.Request, error) {
     468 + file, err := os.Open(path)
     469 + if err != nil {
     470 + return nil, err
     471 + }
     472 + defer file.Close()
     473 + 
     474 + body := &bytes.Buffer{}
     475 + writer := multipart.NewWriter(body)
     476 + part, err := writer.CreateFormFile(paramName, filepath.Base(path))
     477 + if err != nil {
     478 + return nil, err
     479 + }
     480 + _, err = io.Copy(part, file)
     481 + 
     482 + for key, val := range params {
     483 + _ = writer.WriteField(key, val)
     484 + }
     485 + err = writer.Close()
     486 + if err != nil {
     487 + return nil, err
     488 + }
     489 + 
     490 + req, err := http.NewRequest("POST", uri, body)
     491 + req.Header.Set("Content-Type", writer.FormDataContentType())
     492 + return req, err
     493 +}
     494 + 
  • ■ ■ ■ ■ ■ ■
    web/server.go
    skipped 26 lines
    27 27  func Start(port string) {
    28 28   router := httprouter.New()
    29 29   
    30  - router.ServeFiles("/files/*filepath", http.Dir("/tmp"))
     30 + router.ServeFiles("/files/*filepath", http.Dir("/tmp/c2"))
    31 31   
    32 32   //Main Entry
    33 33   router.POST("/api/cmd/files", apiFiles)
    skipped 48 lines
    82 82   fmt.Printf("MIME Header: %+v\n", handler.Header)
    83 83   
    84 84   // 3. write temporary file on our server
    85  - tempFile, err := ioutil.TempFile("/tmp", handler.Filename)
     85 + tempFile, err := ioutil.TempFile("/tmp/c2", handler.Filename)
    86 86   if err != nil {
    87 87   fmt.Println(err)
    88 88   }
    skipped 4 lines
    93 93   }
    94 94   tempFile.Write(fileBytes)
    95 95   
    96  - jsond := map[string]interface{}{
    97  - "status": "File Uploaded",
    98  - }
     96 + //jsond := map[string]interface{}{
     97 + // "file": tempFile,
     98 + //}
    99 99   
    100  - jsondata, err := json.Marshal(jsond)
     100 + //jsondata, err := json.Marshal(jsond)
    101 101   if err != nil {
    102 102   log.Fatalln(err)
    103 103   }
    104  - fmt.Fprintf(w, string(jsondata))
     104 + //fmt.Fprintf(w, string(jsondata))
     105 + fmt.Fprintf(w, tempFile.Name())
    105 106  }
    106 107   
    107 108  func apiCmdUpdate(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
    skipped 164 lines
Please wait...
Page is in error, reload to recover