1 | 1 | | package cli |
2 | 2 | | |
3 | 3 | | import ( |
4 | | - | "bufio" |
5 | 4 | | "encoding/json" |
6 | 5 | | "fmt" |
| 6 | + | "io" |
7 | 7 | | "io/ioutil" |
8 | 8 | | "log" |
9 | 9 | | "net/http" |
10 | 10 | | "net/url" |
11 | 11 | | "os" |
| 12 | + | "strconv" |
| 13 | + | "strings" |
12 | 14 | | "time" |
| 15 | + | |
| 16 | + | "github.com/chzyer/readline" |
| 17 | + | "github.com/gookit/color" |
| 18 | + | "github.com/lithammer/shortuuid" |
13 | 19 | | ) |
14 | 20 | | |
15 | 21 | | var timeoutSetting = 1 |
| 22 | + | var agent string = "Not Connected" |
| 23 | + | var c2 string |
16 | 24 | | |
17 | | - | //var c2 = "https://e49a4a48f45d.ngrok.io" |
18 | | - | //var agent = "test" |
19 | | - | |
20 | | - | //ok |
| 25 | + | //Cmd ... |
21 | 26 | | type Cmd struct { |
22 | 27 | | ID string |
23 | 28 | | Command string |
| skipped 3 lines |
27 | 32 | | Output string |
28 | 33 | | } |
29 | 34 | | |
| 35 | + | //Agent ... |
30 | 36 | | type Agent struct { |
31 | 37 | | ID string |
32 | 38 | | Agent string |
33 | 39 | | Working string |
| 40 | + | Files string |
34 | 41 | | checkIn time.Time |
35 | 42 | | } |
36 | 43 | | |
| 44 | + | //ListAgents ... |
37 | 45 | | func ListAgents(c2 string) { |
38 | 46 | | getAgents(c2 + "/api/agents/") |
39 | 47 | | } |
| skipped 24 lines |
64 | 72 | | } |
65 | 73 | | } |
66 | 74 | | |
67 | | - | func Start(agent string, c2 string) { |
68 | | - | reader := bufio.NewReader(os.Stdin) |
69 | | - | timeout := time.Duration(timeoutSetting) * time.Second |
70 | | - | ticker := time.NewTicker(timeout) |
71 | | - | quit := make(chan struct{}) |
| 75 | + | var wd string = "" |
| 76 | + | |
| 77 | + | //Start ... |
| 78 | + | func Start(c2 string) { |
| 79 | + | |
| 80 | + | red := color.FgRed.Render |
| 81 | + | blue := color.FgBlue.Render |
| 82 | + | fmt.Println("Connected: " + red(c2)) |
| 83 | + | ascii := ` |
| 84 | + | ┏━━━┓╋╋╋┏━━━┳━━━┓ |
| 85 | + | ┃┏━┓┃╋╋╋┃┏━┓┃┏━┓┃ |
| 86 | + | ┃┃╋┗╋━━┓┃┃╋┗┻┛┏┛┃ |
| 87 | + | ┃┃┏━┫┏┓┃┃┃╋┏┳━┛┏┛ |
| 88 | + | ┃┗┻━┃┗┛┃┃┗━┛┃┃┗━┓ |
| 89 | + | ┗━━━┻━━┛┗━━━┻━━━┛ by grines` |
| 90 | + | print(ascii + "\n") |
| 91 | + | |
72 | 92 | | for { |
73 | | - | wd := getAgentWorking(c2 + "/api/agent/" + agent) |
74 | | - | fmt.Print(wd + "-" + agent + "$ ") |
75 | | - | select { |
76 | | - | case <-ticker.C: |
77 | | - | cmdString, err := reader.ReadString('\n') |
| 93 | + | var completer = readline.NewPrefixCompleter( |
| 94 | + | readline.PcItem("cd", |
| 95 | + | readline.PcItemDynamic(listFiles(c2, agent)), |
| 96 | + | ), |
| 97 | + | readline.PcItem("cat", |
| 98 | + | readline.PcItemDynamic(listFiles(c2, agent)), |
| 99 | + | ), |
| 100 | + | readline.PcItem("agent", |
| 101 | + | readline.PcItemDynamic(listAgents(c2)), |
| 102 | + | ), |
| 103 | + | ) |
| 104 | + | l, err := readline.NewEx(&readline.Config{ |
| 105 | + | Prompt: "\033[31m»\033[0m ", |
| 106 | + | HistoryFile: "/tmp/readline.tmp", |
| 107 | + | AutoComplete: completer, |
| 108 | + | InterruptPrompt: "^C", |
| 109 | + | EOFPrompt: "exit", |
| 110 | + | |
| 111 | + | HistorySearchFold: true, |
| 112 | + | FuncFilterInputRune: filterInput, |
| 113 | + | }) |
| 114 | + | if err != nil { |
| 115 | + | panic(err) |
| 116 | + | } |
| 117 | + | defer l.Close() |
| 118 | + | |
| 119 | + | log.SetOutput(l.Stderr()) |
| 120 | + | if agent != "Not Connected" { |
| 121 | + | wd := getAgentWorking(c2 + "/api/agent/" + agent) |
| 122 | + | l.SetPrompt(red(wd) + " <" + blue(agent) + "*> ") |
| 123 | + | } else { |
| 124 | + | l.SetPrompt(" <" + blue(agent) + "*> ") |
| 125 | + | } |
| 126 | + | line, err := l.Readline() |
| 127 | + | if err == readline.ErrInterrupt { |
| 128 | + | if len(line) == 0 { |
| 129 | + | break |
| 130 | + | } else { |
| 131 | + | continue |
| 132 | + | } |
| 133 | + | } else if err == io.EOF { |
| 134 | + | break |
| 135 | + | } |
| 136 | + | |
| 137 | + | line = strings.TrimSpace(line) |
| 138 | + | switch { |
| 139 | + | case strings.HasPrefix(line, "mode "): |
| 140 | + | switch line[5:] { |
| 141 | + | case "vi": |
| 142 | + | l.SetVimMode(true) |
| 143 | + | case "emacs": |
| 144 | + | l.SetVimMode(false) |
| 145 | + | default: |
| 146 | + | println("invalid mode:", line[5:]) |
| 147 | + | } |
| 148 | + | case strings.HasPrefix(line, "agent "): |
| 149 | + | parts := strings.Split(line, " ") |
| 150 | + | agent = parts[1] |
| 151 | + | case line == "login": |
| 152 | + | pswd, err := l.ReadPassword("please enter your password: ") |
78 | 153 | | if err != nil { |
79 | | - | fmt.Fprintln(os.Stderr, err) |
| 154 | + | break |
80 | 155 | | } |
81 | | - | err = sendCommand(cmdString, agent, c2) |
82 | | - | if err != nil { |
83 | | - | fmt.Fprintln(os.Stderr, err) |
| 156 | + | println("you enter:", strconv.Quote(string(pswd))) |
| 157 | + | case strings.HasPrefix(line, "setprompt"): |
| 158 | + | if len(line) <= 10 { |
| 159 | + | log.Println("setprompt <prompt>") |
| 160 | + | break |
84 | 161 | | } |
| 162 | + | l.SetPrompt(line[10:]) |
| 163 | + | case strings.HasPrefix(line, "say"): |
| 164 | + | line := strings.TrimSpace(line[3:]) |
| 165 | + | if len(line) == 0 { |
| 166 | + | log.Println("say what?") |
| 167 | + | break |
| 168 | + | } |
| 169 | + | go func() { |
| 170 | + | for range time.Tick(time.Second) { |
| 171 | + | log.Println(line) |
| 172 | + | } |
| 173 | + | }() |
| 174 | + | case line == "bye": |
| 175 | + | goto exit |
| 176 | + | case line == "sleep": |
| 177 | + | log.Println("sleep 4 second") |
| 178 | + | time.Sleep(4 * time.Second) |
| 179 | + | case line == "": |
| 180 | + | default: |
| 181 | + | cmdString := line |
| 182 | + | if cmdString == "exit" { |
| 183 | + | os.Exit(1) |
| 184 | + | } |
| 185 | + | |
| 186 | + | if strings.Contains(cmdString, "upload ") { |
| 187 | + | fmt.Println("Upload file to remote") |
| 188 | + | fmt.Println(cmdString) |
| 189 | + | break |
| 190 | + | } |
| 191 | + | |
| 192 | + | cmdid := sendCommand(cmdString, agent, c2) |
85 | 193 | | deadline := time.Now().Add(15 * time.Second) |
86 | 194 | | for { |
87 | | - | data := getJSON(c2+"/api/cmd/output/"+agent, c2) |
88 | | - | if data == "True" || cmdString == "\n" { |
| 195 | + | id, output := getOutput(c2+"/api/cmd/output/"+agent+"/"+cmdid, c2, cmdid) |
| 196 | + | if id == cmdid && output != "" || cmdString == "" { |
| 197 | + | fmt.Fprintln(os.Stderr, output) |
| 198 | + | wd := getAgentWorking(c2 + "/api/agent/" + agent) |
| 199 | + | l.SetPrompt(red(wd) + " <" + blue(agent) + "*> ") |
89 | 200 | | break |
90 | 201 | | } |
91 | 202 | | if time.Now().After(deadline) { |
92 | | - | fmt.Fprintln(os.Stderr, "*Wait*") |
| 203 | + | fmt.Fprintln(os.Stderr, "*Timeout*") |
93 | 204 | | break |
94 | 205 | | } |
95 | 206 | | } |
96 | | - | case <-quit: |
97 | | - | return |
| 207 | + | } |
| 208 | + | } |
| 209 | + | exit: |
| 210 | + | } |
| 211 | + | |
| 212 | + | func listFiles(c2 string, agent string) func(string) []string { |
| 213 | + | return func(line string) []string { |
| 214 | + | resp, err := http.Get(c2 + "/api/agent/" + agent) |
| 215 | + | if resp.Status == "200 OK" { |
| 216 | + | |
| 217 | + | if err != nil { |
| 218 | + | log.Println(err) |
| 219 | + | } |
| 220 | + | if resp.Body != nil { |
| 221 | + | defer resp.Body.Close() |
| 222 | + | } |
| 223 | + | |
| 224 | + | body, readErr := ioutil.ReadAll(resp.Body) |
| 225 | + | if readErr != nil { |
| 226 | + | fmt.Println(readErr) |
| 227 | + | } |
| 228 | + | |
| 229 | + | var results Agent |
| 230 | + | jsonErr := json.Unmarshal(body, &results) |
| 231 | + | if jsonErr != nil { |
| 232 | + | fmt.Println(jsonErr) |
| 233 | + | } |
| 234 | + | |
| 235 | + | names := strings.Split(results.Files, ",") |
| 236 | + | return names |
98 | 237 | | } |
| 238 | + | return nil |
99 | 239 | | } |
100 | 240 | | } |
101 | 241 | | |
102 | | - | func sendCommand(cmd string, agent string, c2 string) error { |
103 | | - | resp, err := http.PostForm(c2+"/api/cmd/new", |
104 | | - | url.Values{"cmd": {cmd}, "agent": {agent}}) |
| 242 | + | // Function constructor - constructs new function for listing given directory |
| 243 | + | func listAgents(c2 string) func(string) []string { |
| 244 | + | return func(line string) []string { |
| 245 | + | resp, err := http.Get(c2 + "/api/agents") |
| 246 | + | if resp.Status == "200 OK" { |
| 247 | + | if err != nil { |
| 248 | + | fmt.Println(err) |
| 249 | + | } |
| 250 | + | if resp.Body != nil { |
| 251 | + | defer resp.Body.Close() |
| 252 | + | } |
105 | 253 | | |
106 | | - | if err != nil { |
107 | | - | panic(err) |
| 254 | + | body, readErr := ioutil.ReadAll(resp.Body) |
| 255 | + | if readErr != nil { |
| 256 | + | fmt.Println(readErr) |
| 257 | + | } |
| 258 | + | |
| 259 | + | var results []Agent |
| 260 | + | jsonErr := json.Unmarshal(body, &results) |
| 261 | + | if jsonErr != nil { |
| 262 | + | fmt.Println(jsonErr) |
| 263 | + | } |
| 264 | + | |
| 265 | + | names := make([]string, 0) |
| 266 | + | for _, d := range results { |
| 267 | + | names = append(names, d.Agent) |
| 268 | + | } |
| 269 | + | return names |
| 270 | + | } |
| 271 | + | return nil |
108 | 272 | | } |
109 | | - | if resp.Body != nil { |
110 | | - | defer resp.Body.Close() |
| 273 | + | } |
| 274 | + | |
| 275 | + | func filterInput(r rune) (rune, bool) { |
| 276 | + | switch r { |
| 277 | + | // block CtrlZ feature |
| 278 | + | case readline.CharCtrlZ: |
| 279 | + | return r, false |
111 | 280 | | } |
112 | | - | return nil |
| 281 | + | return r, true |
113 | 282 | | } |
114 | 283 | | |
115 | | - | func getJSON(url string, c2 string) string { |
| 284 | + | func sendCommand(cmd string, agent string, c2 string) string { |
| 285 | + | randid := shortuuid.New() |
| 286 | + | resp, err := http.PostForm(c2+"/api/cmd/new", |
| 287 | + | url.Values{"cmdid": {randid}, "cmd": {cmd}, "agent": {agent}}) |
116 | 288 | | |
117 | | - | resp, err := http.Get(url) |
118 | 289 | | if err != nil { |
119 | 290 | | panic(err) |
120 | 291 | | } |
121 | 292 | | if resp.Body != nil { |
122 | 293 | | defer resp.Body.Close() |
123 | 294 | | } |
| 295 | + | return randid |
| 296 | + | } |
124 | 297 | | |
125 | | - | body, readErr := ioutil.ReadAll(resp.Body) |
126 | | - | if readErr != nil { |
127 | | - | log.Fatal(readErr) |
128 | | - | } |
| 298 | + | func getOutput(url string, c2 string, cmd string) (string, string) { |
129 | 299 | | |
130 | | - | var results []Cmd |
131 | | - | jsonErr := json.Unmarshal(body, &results) |
132 | | - | if jsonErr != nil { |
133 | | - | log.Fatal(jsonErr) |
134 | | - | } |
| 300 | + | resp, err := http.Get(url) |
| 301 | + | if resp.Status == "200 OK" { |
| 302 | + | if err != nil { |
| 303 | + | panic(err) |
| 304 | + | } |
| 305 | + | if resp.Body != nil { |
| 306 | + | defer resp.Body.Close() |
| 307 | + | } |
| 308 | + | |
| 309 | + | body, readErr := ioutil.ReadAll(resp.Body) |
| 310 | + | if readErr != nil { |
| 311 | + | log.Fatal(readErr) |
| 312 | + | } |
| 313 | + | |
| 314 | + | var results []Cmd |
| 315 | + | jsonErr := json.Unmarshal(body, &results) |
| 316 | + | if jsonErr != nil { |
| 317 | + | log.Fatal(jsonErr) |
| 318 | + | } |
135 | 319 | | |
136 | | - | for _, d := range results { |
137 | | - | if len(d.Output) > 0 { |
| 320 | + | for _, d := range results { |
138 | 321 | | //fmt.Println(d.Output) |
139 | | - | fmt.Fprintln(os.Stderr, d.Output) |
140 | | - | updateCmdStatus(d.Cmdid, c2) |
141 | | - | return "True" |
| 322 | + | //fmt.Fprintln(os.Stderr, d.Output) |
| 323 | + | //updateCmdStatus(d.Cmdid, c2) |
| 324 | + | return d.Cmdid, d.Output |
| 325 | + | //fmt.Println(d.Cmdid + ": " + d.Output) |
| 326 | + | //updateCmdStatus(d.Cmdid) |
142 | 327 | | } |
143 | | - | //fmt.Println(d.Cmdid + ": " + d.Output) |
144 | | - | //updateCmdStatus(d.Cmdid) |
| 328 | + | |
| 329 | + | // Print the HTTP response status. |
| 330 | + | //fmt.Println("Response status:", resp.Status) |
| 331 | + | //return "True" |
145 | 332 | | } |
| 333 | + | return "False", "False" |
146 | 334 | | |
147 | | - | // Print the HTTP response status. |
148 | | - | //fmt.Println("Response status:", resp.Status) |
149 | | - | return "False" |
150 | 335 | | } |
151 | 336 | | |
152 | 337 | | func getAgentWorking(url string) string { |
153 | 338 | | |
154 | 339 | | resp, err := http.Get(url) |
155 | | - | if err != nil { |
156 | | - | fmt.Println(err) |
157 | | - | } |
158 | | - | if resp.Body != nil { |
159 | | - | defer resp.Body.Close() |
160 | | - | } |
| 340 | + | if resp.Status == "200 OK" { |
| 341 | + | |
| 342 | + | if err != nil { |
| 343 | + | fmt.Println(err) |
| 344 | + | } |
| 345 | + | if resp.Body != nil { |
| 346 | + | defer resp.Body.Close() |
| 347 | + | } |
161 | 348 | | |
162 | | - | body, readErr := ioutil.ReadAll(resp.Body) |
163 | | - | if readErr != nil { |
164 | | - | log.Fatal(readErr) |
165 | | - | } |
| 349 | + | body, readErr := ioutil.ReadAll(resp.Body) |
| 350 | + | if readErr != nil { |
| 351 | + | log.Fatal(readErr) |
| 352 | + | } |
166 | 353 | | |
167 | | - | var results Agent |
168 | | - | jsonErr := json.Unmarshal(body, &results) |
169 | | - | if jsonErr != nil { |
170 | | - | log.Fatal(jsonErr) |
171 | | - | } |
| 354 | + | var results Agent |
| 355 | + | jsonErr := json.Unmarshal(body, &results) |
| 356 | + | if jsonErr != nil { |
| 357 | + | log.Fatal(jsonErr) |
| 358 | + | } |
172 | 359 | | |
173 | | - | //fmt.Println(results.Working) |
| 360 | + | //fmt.Println(results.Working) |
174 | 361 | | |
175 | | - | return results.Working |
| 362 | + | return results.Working |
| 363 | + | } |
| 364 | + | return "False" |
176 | 365 | | |
177 | 366 | | } |
178 | 367 | | |
| skipped 12 lines |