RESTful changes:

Ziconius · Ziconius · commit 4ba47df26ad6 · 2020-06-14T14:12:59.000+01:00
- Email now has greater stability, docs updated in parallel.
 - Initial endpoint for implant interaction.
 - Updated vaules in restful API to be conistent between GET and POST
diff --git a/FudgeC2/Data/DatabaseCampaign.py b/FudgeC2/Data/DatabaseCampaign.py
@@ -143,3 +143,6 @@ def get_all_campaign_implant_templates_from_cid(self, cid):
             return False
         results = self.db_methods.__splice_implants_and_generated_implants__(implant)
         return results
+    def get_campaign_id_from_implant_id(self, imaplant_id):
+        campaign_id = self.Session.query(ImplantTemplate.cid).filter(ImplantTemplate.iid==GeneratedImplants.iid, GeneratedImplants.unique_implant_id == imaplant_id).one()
+        return campaign_id[0]
diff --git a/FudgeC2/Data/DatabaseImplant.py b/FudgeC2/Data/DatabaseImplant.py
@@ -312,6 +312,7 @@ def update_host_data(self, unique_implant_key, host_data):
 
     def Get_CampaignImplantResponses(self, cid):
         # Used by web app
+        # To be removed
         # -- TODO: Refactor
         a = self.Session.query(ImplantResponse).filter(ImplantResponse.cid == cid).all()
         return_list = []
@@ -326,3 +327,8 @@ def Get_CampaignImplantResponses(self, cid):
                 a['title'] = b[0]
             return_list.append(a)
         return return_list
+
+    def get_implant_responses(self, implant_id):
+        responses = self.Session.query(ImplantResponse).filter(ImplantResponse.uik == implant_id).all()
+        processed_responses = self.db_methods._sqlalc_rows_to_list(responses)
+        return processed_responses
diff --git a/FudgeC2/Data/models.py b/FudgeC2/Data/models.py
@@ -119,7 +119,7 @@ class ImplantCommands(Base):
 class ImplantResponse(Base):
     __tablename__ = 'implant_response'
     log_id = Column(INTEGER(11), nullable=False, index=True, primary_key=True)
-    cid = Column(INTEGER(11), nullable=False, index=True)
+    cid = Column(INTEGER(11), nullable=False, index=True) # This can be removed as implant_id should be the only linking element
     uik = Column(INTEGER(11), nullable=False, index=True)
     log_entry = Column(String(255), nullable=False)
     time = Column(INTEGER(11), nullable=False, index=True)
diff --git a/FudgeC2/ServerApp/ImplantManager.py b/FudgeC2/ServerApp/ImplantManager.py
@@ -37,6 +37,7 @@
 from FudgeC2.c2_server.resources.email import Email, EmailTest
 from FudgeC2.c2_server.resources.implants import Implants
 from FudgeC2.c2_server.resources.implants import ImplantDetails
+from FudgeC2.c2_server.resources.implants import ImplantResponses
 
 
 blueprint = Blueprint('api', __name__)
@@ -46,9 +47,10 @@
 api.add_resource(Users,'/api/v1/users/','/api/v1/users')
 api.add_resource(Email, '/api/v1/email')
 api.add_resource(EmailTest, '/api/v1/email/test')
-# In development
-api.add_resource(Implants, '/api/vi/implants')
-api.add_resource(ImplantDetails, '/api/vi/implants/<string:implant_id>')
+# In development these endpoints are not considered production ready.
+api.add_resource(Implants, '/api/v1/implants')
+api.add_resource(ImplantDetails, '/api/v1/implants/<string:implant_id>')
+api.add_resource(ImplantResponses, '/api/v1/implants/<string:implant_id>/responses')
 
 
 # -- Context Processors --#
diff --git a/FudgeC2/ServerApp/templates/settings/GlobalSettings.html b/FudgeC2/ServerApp/templates/settings/GlobalSettings.html
@@ -178,11 +178,11 @@ <h5 class="modal-title" id="FormModalTitle"></h5>
     event.preventDefault();
 
     var myBody = {
-        "server_host": document.getElementById('email_cfg_server').value,
-        "server_port": document.getElementById('email_cfg_port').value,
-        "server_email": document.getElementById('email_cfg_account').value,
-        "server_password": document.getElementById('email_cfg_password').value,
-        "server_from_addr": document.getElementById('email_cfg_from_addr').value,
+        "host": document.getElementById('email_cfg_server').value,
+        "port": document.getElementById('email_cfg_port').value,
+        "smtp_account": document.getElementById('email_cfg_account').value,
+        "password": document.getElementById('email_cfg_password').value,
+        "from_address": document.getElementById('email_cfg_from_addr').value,
         "check_config": true
     }
 
@@ -216,11 +216,11 @@ <h5 class="modal-title" id="FormModalTitle"></h5>
     event.preventDefault();
 
     var myBody = {
-        "server_host": document.getElementById('email_cfg_server').value,
-        "server_port": document.getElementById('email_cfg_port').value,
-        "server_email": document.getElementById('email_cfg_account').value,
-        "server_password": document.getElementById('email_cfg_password').value,
-        "server_from_addr": document.getElementById('email_cfg_from_addr').value
+        "host": document.getElementById('email_cfg_server').value,
+        "port": document.getElementById('email_cfg_port').value,
+        "smtp_account": document.getElementById('email_cfg_account').value,
+        "password": document.getElementById('email_cfg_password').value,
+        "from_address": document.getElementById('email_cfg_from_addr').value
     }
 
     const a = email_config_endpoint(myBody)
diff --git a/FudgeC2/c2_server/resources/email.py b/FudgeC2/c2_server/resources/email.py
@@ -22,15 +22,19 @@ def get(self, gid=None):
             return {"message":data}, 302
 
     def post(self):
-        rj = request.json
+        rj = {}
+        try:
+            rj = request.json
+        except:
+            print(request.text)
+
         # Validate the contents of this and send to the Meail class
-        server_email = rj.get("server_email", None)
-        server_password = rj.get("server_password", None)
-        server_host = rj.get("server_host", None)
-        server_port = rj.get("server_port", None)
-        from_address = rj.get("server_from_addr", None)
+        server_email = rj.get("smtp_account", None)
+        server_password = rj.get("password", None)
+        server_host = rj.get("host", None)
+        server_port = rj.get("port", None)
+        from_address = rj.get("from_address", None)
         check_config= rj.get("check_config", False)
-        print(f"State:\n{server_host}\n{server_port}\n{server_email}\n{server_password}\n{from_address}\n{check_config}")
         state, msg = email_client.configure_email_client(server_host, server_port, server_email, server_password, from_address, check_config)
         if state:
             return {"result":msg}, 200
diff --git a/FudgeC2/c2_server/resources/implants.py b/FudgeC2/c2_server/resources/implants.py
@@ -9,6 +9,7 @@ class Implants(Resource):
     method_decorators = [login_required]
 
     def get(self):
+
         parser = reqparse.RequestParser()
         parser.add_argument('campaign_id', type=int, help='Campaign IDs are numeric.')
         args = parser.parse_args()
@@ -24,9 +25,10 @@ def get(self):
 
 class ImplantDetails(Resource):
     method_decorators = [login_required]
-
+    # Return the configuration of an implant
     def get(self, implant_id):
         # Take UID and return info on it.
+
         pass
         return {}
 
@@ -38,5 +40,11 @@ def get(self):
 
 class ImplantResponses(Resource):
     method_decorators = [login_required]
-    def get(self):
-        pass
+    def get(self, implant_id):
+        # get all implant responses (pagination will be implemented later
+        response_list = []
+        campaign_id = db.campaign.get_campaign_id_from_implant_id(implant_id)
+        if db.campaign.Verify_UserCanAccessCampaign(current_user.user_email, campaign_id):
+            response_list = db.implant.get_implant_responses(implant_id)
+
+        return {"data": response_list}
diff --git a/FudgeC2/email_client/email_client.py b/FudgeC2/email_client/email_client.py
@@ -44,7 +44,6 @@ def decorate(self, *args, **kwargs):
             if self.enable is not False:
                 func(self, *args, **kwargs)
             else:
-                print("NOT CONFIGURED")
                 return False
         return decorate
 
diff --git a/FudgeC2/email_client/email_notifications.py b/FudgeC2/email_client/email_notifications.py
@@ -52,4 +52,4 @@ def send_email_new_user_account(self, name, email, password):
  Thank you,
  """
         result = ec.send_email(email, email_text)
-        return result
+        return result
