admin/conquest
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added randomization to profile strings by replacing '#' with random alphanumerical chars.

Browse Source
This commit is contained in:
Jakob Friedl
2025-08-15 16:18:15 +02:00
parent c7980d219d
commit 22c15dd82c
7 changed files with 33 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/server/api/routes.nim
View File

@@ -80,7 +80,7 @@ proc httpGet*(ctx: Context) {.async.} =
# Add headers, as defined in the team server profile
for header, value in cq.profile.getTable("http-get.server.headers"):
ctx.response.setHeader(header, value.getStr())
ctx.response.setHeader(header, value.getStringValue())
await ctx.respond(Http200, prefix & response & suffix, ctx.response.headers)
ctx.handled = true # Ensure that HTTP response is sent only once
@@ -113,7 +113,7 @@ proc httpPost*(ctx: Context) {.async.} =
# Add response headers, as defined in team server profile
for header, value in cq.profile.getTable("http-post.server.headers"):
ctx.response.setHeader(header, value.getStr())
ctx.response.setHeader(header, value.getStringValue())
if cast[PacketType](header.packetType) == MSG_REGISTER:
if not register(string.toBytes(ctx.request.body)):

12
src/server/core/listener.nim
View File

@@ -61,19 +61,19 @@ proc listenerStart*(cq: Conquest, host: string, portStr: string) =
# Define API endpoints based on C2 profile
# GET requests
for endpoint in cq.profile.getArray("http-get.endpoints"):
listener.addRoute(endpoint.getStr(), routes.httpGet)
listener.addRoute(endpoint.getStringValue(), routes.httpGet)
# POST requests
var postMethods: seq[HttpMethod]
for reqMethod in cq.profile.getArray("http-post.request-methods"):
postMethods.add(parseEnum[HttpMethod](reqMethod.getStr()))
postMethods.add(parseEnum[HttpMethod](reqMethod.getStringValue()))
# Default method is POST
if postMethods.len == 0:
postMethods = @[HttpPost]
for endpoint in cq.profile.getArray("http-post.endpoints"):
listener.addRoute(endpoint.getStr(), routes.httpPost, postMethods)
listener.addRoute(endpoint.getStringValue(), routes.httpPost, postMethods)
listener.registerErrorHandler(Http404, routes.error404)
@@ -113,19 +113,19 @@ proc restartListeners*(cq: Conquest) =
# TODO: Store endpoints for already running listeners is DB (comma-separated) and use those values for restarts
# GET requests
for endpoint in cq.profile.getArray("http-get.endpoints"):
listener.get(endpoint.getStr(), routes.httpGet)
listener.get(endpoint.getStringValue(), routes.httpGet)
# POST requests
var postMethods: seq[HttpMethod]
for reqMethod in cq.profile.getArray("http-post.request-methods"):
postMethods.add(parseEnum[HttpMethod](reqMethod.getStr()))
postMethods.add(parseEnum[HttpMethod](reqMethod.getStringValue()))
# Default method is POST
if postMethods.len == 0:
postMethods = @[HttpPost]
for endpoint in cq.profile.getArray("http-post.endpoints"):
listener.addRoute(endpoint.getStr(), routes.httpPost, postMethods)
listener.addRoute(endpoint.getStringValue(), routes.httpPost, postMethods)
listener.registerErrorHandler(Http404, routes.error404)

4
src/server/core/server.nim
View File

@@ -153,8 +153,8 @@ proc startServer*(profilePath: string) =
try:
# Load and parse profile
let profile = parseFile(profilePath)
styledEcho(fgGreen, styleBright, "[+] Using profile \"", profile["name"].getStr(), "\" (", profilePath ,").")
styledEcho(fgGreen, styleBright, "[+] ", profile["private_key_file"].getStr(), ": Private key found.")
styledEcho(fgGreen, styleBright, "[+] Using profile \"", profile.getString("name"), "\" (", profilePath ,").")
styledEcho(fgGreen, styleBright, "[+] ", profile.getString("private_key_file"), ": Private key found.")
# Initialize framework context
cq = Conquest.init(profile)