1- import random , string , time , datetime , json , threading , sys
1+ import random , string , time , datetime , json , threading , sys , os
22
33class KThread (threading .Thread ):
44 """
@@ -84,7 +84,7 @@ def crappy_domain_id_hack():
8484
8585 @rest_api .errorhandler (Exception )
8686 def exception_handler (error ):
87- return repr (error )
87+ return repr (error )+ " \n "
8888
8989 @rest_api .errorhandler (404 )
9090 def not_found (error ):
@@ -249,11 +249,14 @@ def manip_creds(cred_id):
249249
250250
251251 elif request .method == 'PUT' :
252- req_cred = json .loads (request .data )
252+ try :
253+ req_cred = json .loads (request .data )
254+ except :
255+ return jsonify (success = False , error = "Expected valid JSON object as data." )
253256 new_cred = {}
254257 for k in req_cred :
255258 if k .lower () not in self .cred_mapping :
256- return jsonify (success = False , error = "Unknown field: %s. " % str (k ))
259+ return jsonify (success = False , error = "Unknown field: %s" % str (k ))
257260 if k .lower () == "extra" :
258261 for subk in req_cred [k ]:
259262 if subk .lower () not in self .cred_mapping :
@@ -262,11 +265,11 @@ def manip_creds(cred_id):
262265 return jsonify (success = False , error = "No Extra field available for \" %s\" ." % str (subk ))
263266 new_cred [self .cred_mapping [k .lower ()]] = req_cred [k ]
264267
265- new_keys = new_cred .keys ()
268+ new_keys = list ( new_cred .keys () )
266269
267270 # new cred
268- if cred_id > len (self .shell .creds_keys ) or cred_id < 0 :
269- if "Username" not in new_keys and "Domain" not in new_keys :
271+ if cred_id >= len (self .shell .creds_keys ) or not self . shell . creds_keys :
272+ if "Username" not in new_keys or "Domain" not in new_keys :
270273 return jsonify (success = False , error = "Username and Domain are required to add a new credential." )
271274 else :
272275 new_cred_key = (new_cred ["Domain" ].lower (), new_cred ["Username" ].lower ())
@@ -281,14 +284,35 @@ def manip_creds(cred_id):
281284 if "IP" not in new_keys :
282285 new_cred ["IP" ] = "Manually added"
283286
287+ cred = {}
288+ cred ["IP" ] = ""
289+ cred ["Domain" ] = ""
290+ cred ["Username" ] = ""
291+ cred ["Password" ] = ""
292+ cred ["NTLM" ] = ""
293+ cred ["SHA1" ] = ""
294+ cred ["DCC" ] = ""
295+ cred ["DPAPI" ] = ""
296+ cred ["LM" ] = ""
297+ cred ["Extra" ] = {}
298+ cred ["Extra" ]["IP" ] = []
299+ cred ["Extra" ]["Password" ] = []
300+ cred ["Extra" ]["NTLM" ] = []
301+ cred ["Extra" ]["SHA1" ] = []
302+ cred ["Extra" ]["DCC" ] = []
303+ cred ["Extra" ]["DPAPI" ] = []
304+ cred ["Extra" ]["LM" ] = []
305+
306+ for k in new_cred :
307+ cred [k ] = new_cred [k ]
308+
284309 self .shell .creds_keys .append (new_cred_key )
285- self .shell .creds [new_cred_key ] = new_cred
310+ self .shell .creds [new_cred_key ] = cred
286311 return jsonify (success = True , cred_id = self .shell .creds_keys .index (new_cred_key ))
287312
288313 # update cred
289314 else :
290315 old_cred_key = self .shell .creds_keys [cred_id ]
291- merge_flag = False
292316 if "Username" in new_keys or "Domain" in new_keys :
293317 if "Username" in new_keys and "Domain" in new_keys :
294318 new_cred_key = (new_cred ["Domain" ].lower (), new_cred ["Username" ].lower ())
@@ -297,14 +321,6 @@ def manip_creds(cred_id):
297321 new_cred_key = (old_cred_key [0 ], new_cred ["Username" ].lower ())
298322 elif "Domain" in new_keys :
299323 new_cred_key = (new_cred ["Domain" ].lower (), old_cred_key [1 ])
300- if self .shell .domain_info and [d for d in domain_info if new_cred_key [0 ] in d ]:
301- domain_key = [d for d in domain_info if new_cred_key [0 ] in d ][0 ]
302- other_domain = [d for d in domain_key if d != new_cred [0 ]][0 ]
303- new_cred_key_2 = (other_domain , new_cred_key [1 ])
304- if new_cred_key in self .shell .creds_keys or new_cred_key_2 in self .shell .creds_keys :
305- merge_flag = True
306- if new_cred_key_2 in self .shell .creds_keys :
307- new_cred_key = new_cred_key_2
308324 else :
309325 new_cred_key = old_cred_key
310326
@@ -315,35 +331,18 @@ def manip_creds(cred_id):
315331 if k not in "Username" , "Domain" , "Extra" ]:
316332 if new_val in old_cred ["Extra" ][k ]:
317333 old_cred ["Extra" ][k ].remove (new_val )
318- old_cred ["Extra" ][k ].append (old_cred [k ])
334+ if new_val != old_cred [k ]:
335+ old_cred ["Extra" ][k ].append (old_cred [k ])
319336 elif k == "Extra" :
320337 for subk in new_keys [k ]:
321338 old_cred [k ][subk ] = old_cred [k ][subk ] + new_val [subk ]
322339
323340 if k != "Extra" :
324341 old_cred [k ] = new_val
325342
326- if merge_flag :
327- merge_cred = dict (self .shell .creds [new_cred_key ])
328- for k in merge_cred :
329- if k in ["Username" , "Domain" , "Extra" ]:
330- continue
331- merge_cred ["Extra" ][k ].append (merge_cred [k ])
332- for k in old_cred :
333- if k in ["Username" , "Domain" ]:
334- continue
335- if k == "Extra" :
336- for subk in old_cred [k ]:
337- merge_cred [k ][subk ] = merge_cred [k ][subk ] + old_cred [k ][subk ]
338- else :
339- merge_cred [k ] = old_cred [k ]
340- del self .shell .creds [old_cred_key ]
341- self .shell .creds_keys .remove (old_cred_key )
342- self .shell .creds [new_cred_key ] = merge_cred
343- else :
344- del self .shell .creds [old_cred_key ]
345- self .shell .creds [new_cred_key ] = old_cred
346- self .shell .creds_keys [cred_id ] = new_cred_key
343+ del self .shell .creds [old_cred_key ]
344+ self .shell .creds [new_cred_key ] = old_cred
345+ self .shell .creds_keys [cred_id ] = new_cred_key
347346
348347 return jsonify (success = True )
349348
0 commit comments