1 | 1 | | package cli |
2 | 2 | | |
3 | 3 | | import ( |
| 4 | + | "bytes" |
4 | 5 | | "encoding/json" |
5 | 6 | | "fmt" |
6 | 7 | | "io" |
7 | 8 | | "io/ioutil" |
8 | 9 | | "log" |
| 10 | + | "mime/multipart" |
9 | 11 | | "net/http" |
10 | 12 | | "net/url" |
11 | 13 | | "os" |
| 14 | + | "path/filepath" |
12 | 15 | | "strconv" |
13 | 16 | | "strings" |
14 | 17 | | "time" |
| skipped 152 lines |
167 | 170 | | } |
168 | 171 | | |
169 | 172 | | if strings.Contains(cmdString, "upload ") { |
170 | | - | uuid := shortuuid.New() |
| 173 | + | //uuid := shortuuid.New() |
171 | 174 | | parts := strings.Split(cmdString, " ") |
172 | 175 | | file := parts[1] |
173 | | - | copy(file, "/tmp/"+uuid) |
174 | | - | cmdString = "upload " + uuid |
| 176 | + | //copy(file, "/tmp/"+uuid) |
| 177 | + | tempfile := uploadFile(file, c2) |
| 178 | + | cmdString = "upload " + tempfile |
175 | 179 | | cmdid := sendCommand(cmdString, agent, c2) |
176 | 180 | | deadline := time.Now().Add(15 * time.Second) |
177 | 181 | | for { |
| skipped 16 lines |
194 | 198 | | deadline := time.Now().Add(15 * time.Second) |
195 | 199 | | for { |
196 | 200 | | id, output := getOutput(c2+"/api/cmd/output/"+agent+"/"+cmdid, c2, cmdid) |
| 201 | + | if strings.Contains(output, "Location:") { |
| 202 | + | parts := strings.Split(output, " ") |
| 203 | + | path := parts[1] |
| 204 | + | file := filepath.Base(path) |
| 205 | + | downloadFile("/tmp/"+file, c2+"/files/"+file) |
| 206 | + | fmt.Println("Process Download" + file) |
| 207 | + | } |
197 | 208 | | if id == cmdid && output != "" || cmdString == "" { |
198 | 209 | | fmt.Fprintln(os.Stderr, output) |
199 | 210 | | wd := getAgentWorking(c2 + "/api/agent/" + agent) |
| skipped 203 lines |
403 | 414 | | return nBytes, err |
404 | 415 | | } |
405 | 416 | | |
| 417 | + | func downloadFile(filepath string, url string) error { |
| 418 | + | |
| 419 | + | // Get the data |
| 420 | + | resp, err := http.Get(url) |
| 421 | + | if err != nil { |
| 422 | + | fmt.Println("err:", err) |
| 423 | + | return err |
| 424 | + | } |
| 425 | + | defer resp.Body.Close() |
| 426 | + | |
| 427 | + | // Create the file |
| 428 | + | out, err := os.Create(filepath) |
| 429 | + | if err != nil { |
| 430 | + | return err |
| 431 | + | } |
| 432 | + | defer out.Close() |
| 433 | + | |
| 434 | + | // Write the body to file |
| 435 | + | _, err = io.Copy(out, resp.Body) |
| 436 | + | return err |
| 437 | + | } |
| 438 | + | |
| 439 | + | func uploadFile(path string, c2 string) string { |
| 440 | + | extraParams := map[string]string{ |
| 441 | + | "operator": "none", |
| 442 | + | } |
| 443 | + | request, err := newfileUploadRequest(c2+"/api/cmd/files", extraParams, "myFile", path) |
| 444 | + | if err != nil { |
| 445 | + | log.Fatal(err) |
| 446 | + | } |
| 447 | + | client := &http.Client{} |
| 448 | + | resp, err := client.Do(request) |
| 449 | + | if err != nil { |
| 450 | + | log.Fatal(err) |
| 451 | + | } else { |
| 452 | + | body := &bytes.Buffer{} |
| 453 | + | _, err := body.ReadFrom(resp.Body) |
| 454 | + | if err != nil { |
| 455 | + | log.Fatal(err) |
| 456 | + | } |
| 457 | + | resp.Body.Close() |
| 458 | + | //fmt.Println(resp.StatusCode) |
| 459 | + | //fmt.Println(resp.Header) |
| 460 | + | fmt.Println(body.String()) |
| 461 | + | return body.String() |
| 462 | + | } |
| 463 | + | return "" |
| 464 | + | } |
| 465 | + | |
| 466 | + | // Creates a new file upload http request with optional extra params |
| 467 | + | func newfileUploadRequest(uri string, params map[string]string, paramName, path string) (*http.Request, error) { |
| 468 | + | file, err := os.Open(path) |
| 469 | + | if err != nil { |
| 470 | + | return nil, err |
| 471 | + | } |
| 472 | + | defer file.Close() |
| 473 | + | |
| 474 | + | body := &bytes.Buffer{} |
| 475 | + | writer := multipart.NewWriter(body) |
| 476 | + | part, err := writer.CreateFormFile(paramName, filepath.Base(path)) |
| 477 | + | if err != nil { |
| 478 | + | return nil, err |
| 479 | + | } |
| 480 | + | _, err = io.Copy(part, file) |
| 481 | + | |
| 482 | + | for key, val := range params { |
| 483 | + | _ = writer.WriteField(key, val) |
| 484 | + | } |
| 485 | + | err = writer.Close() |
| 486 | + | if err != nil { |
| 487 | + | return nil, err |
| 488 | + | } |
| 489 | + | |
| 490 | + | req, err := http.NewRequest("POST", uri, body) |
| 491 | + | req.Header.Set("Content-Type", writer.FormDataContentType()) |
| 492 | + | return req, err |
| 493 | + | } |
| 494 | + | |