add data/payloads dir (mitre#776)

* add data/payloads dir * small changes to exfil handler to make upload logic more usable by plugins
Seo-Faper · Nov 18, 2019 · 77ad3f7 · 77ad3f7
1 parent f8c4f3a
commit 77ad3f7
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 6 deletions.
diff --git a/.gitignore b/.gitignore
@@ -19,4 +19,6 @@ conf/*.yml
 !conf/default.yml
 data/object_store
 data/results/*
-!data/results/.gitkeep
+!data/results/.gitkeep
+data/payloads/*
+!data/payloads/.gitkeep
diff --git a/app/service/file_svc.py b/app/service/file_svc.py
@@ -34,21 +34,24 @@ async def download(self, request):
         except Exception as e:
             return web.HTTPNotFound(body=e)
 
-    async def upload(self, request):
+    async def upload_exfil(self, request):
+        exfil_dir = await self._create_exfil_sub_directory(request.headers)
+        return await self.save_multipart_file_upload(request, exfil_dir)
+
+    async def save_multipart_file_upload(self, request, target_dir):
         """
         Accept a multipart file via HTTP and save it to the server
         :param request:
-        :return: None
+        :param target_dir: The path of the directory to save the uploaded file to.
         """
         try:
             reader = await request.multipart()
-            exfil_dir = await self._create_exfil_sub_directory(request.headers)
             while True:
                 field = await reader.next()
                 if not field:
                     break
                 filename = field.filename
-                with open(os.path.join(exfil_dir, filename), 'wb') as f:
+                with open(os.path.join(target_dir, filename), 'wb') as f:
                     while True:
                         chunk = await field.read_chunk()
                         if not chunk:

diff --git a/data/payloads/.gitkeep b/data/payloads/.gitkeep
diff --git a/server.py b/server.py
@@ -59,7 +59,7 @@ async def init(address, port, services, users):
     app.on_startup.append(background_tasks)
 
     app.router.add_route('*', '/file/download', services.get('file_svc').download)
-    app.router.add_route('POST', '/file/upload', services.get('file_svc').upload)
+    app.router.add_route('POST', '/file/upload', services.get('file_svc').upload_exfil)
 
     await attach_plugins(app, services)
     runner = web.AppRunner(app)