Added error logging to FudgeC2, this will be expanded during new testing process.

Added operating hours to the implant - operators can now configure the implant
to only beacon during specificed hours
Tweaks to style and formatting of the web interface.

Author: Ziconius

.gitignore

@@ -4,6 +4,7 @@
 *.xml
 *.db
 *.pyc
+*.log
 Dev_docs/*
 .__pycharm__/*
 __pycache__/*

FudgeC2/Controller.py

@@ -1,20 +1,27 @@
 #!/usr/bin/python3
+import logging.config
 import _thread
 import time
 import os
+import yaml
 
 from Storage.settings import Settings
-from ServerApp import ImplantManager
 
+with open(Settings.logging_config, 'r') as f:
+    config = yaml.safe_load(f.read())
+    logging.config.dictConfig(config)
+
+from ServerApp import ImplantManager
 from NetworkProfiles.NetworkListenerManagement import NetworkListenerManagement
-NLM = NetworkListenerManagement.instance
+
+logger = logging.getLogger(__name__)
 
 
 def check_tls_certificates(cert, key):
-    cert_result = os.path.isfile(os.getcwd() + "/Storage/" + cert)
-    key_result = os.path.isfile(os.getcwd() + "/Storage/" + key)
+    cert_result = os.path.isfile(f"{os.getcwd()}/Storage/{cert}")
+    key_result = os.path.isfile(f"{os.getcwd()}/Storage/{key}")
     if key_result is False or cert_result is False:
-        print("Warning: Missing crypto keys for TLS listeners. These will fail to boot.")
+        logger.warning("Missing private keys for TLS listeners, this will cause them to fail.")
     return
 
 
@@ -27,7 +34,8 @@ def check_key_folders():
         if not os.path.isdir(Settings.implant_resource_folder):
             os.mkdir(f"{Settings.implant_resource_folder}")
         return True
-    except:
+    except Exception as Error:
+        logger.warning(f"Exception setting up important directories: {Error}")
         return False
 
 
@@ -39,21 +47,22 @@ def start_controller():
                 port=Settings.server_app_port,
                 threaded=True,
                 ssl_context=Settings.server_app_ssl)
-    return
 
 
-Manager = ImplantManager.app
-NLM.startup_auto_run_listeners()
+if __name__ == "__main__":
+    NLM = NetworkListenerManagement.instance
+    Manager = ImplantManager.app
+    NLM.startup_auto_run_listeners()
 
-try:
-    check_tls_certificates(Settings.tls_listener_cert, Settings.tls_listener_key)
-    check_key_folders()
-    _thread.start_new_thread(start_controller, ())
-except Exception as E:
-    print(f"Error: Unable to start FudgeC2 server thread, exception: {E}")
-    exit()
+    try:
+        check_tls_certificates(Settings.tls_listener_cert, Settings.tls_listener_key)
+        check_key_folders()
+        _thread.start_new_thread(start_controller, ())
+    except Exception as E:
+        print(f"Unable to start FudgeC2 server thread: {E}")
+        exit()
 
-while 1:
-    # Hold the application threads open
-    time.sleep(15)
-    pass
+    while 1:
+        # Hold the application threads open
+        time.sleep(15)
+        pass

FudgeC2/Data/DatabaseImplant.py

@@ -40,7 +40,8 @@ def create_new_implant_template(self, user, cid, config):
             kill_date=config['kill_date'],
             initial_delay=config['initial_delay'],
             obfuscation_level=config['obfuscation_level'],
-            network_profiles=config['protocol']
+            network_profiles=config['protocol'],
+            operating_hours=config['operating_hours']
         )
         self.Session.add(new_implant)
         try:

FudgeC2/Data/ErrorLogging.py

@@ -0,0 +1,19 @@
+import logging
+
+
+logger = logging.getLogger('error_logging')
+logger.setLevel(logging.DEBUG)
+
+
+fh = logging.FileHandler('spam.log')
+fh.setLevel(logging.DEBUG)
+# create console handler with a higher log level
+ch = logging.StreamHandler()
+ch.setLevel(logging.ERROR)
+# create formatter and add it to the handlers
+formatter = logging.Formatter('%(asctime)s - %(name)s - %(levelname)s - %(message)s')
+fh.setFormatter(formatter)
+ch.setFormatter(formatter)
+# add the handlers to the logger
+logger.addHandler(fh)
+logger.addHandler(ch)

FudgeC2/Data/models.py

@@ -77,6 +77,7 @@ class ImplantTemplate(Base):
     network_profiles = Column(TextPickleType(), nullable=False)
     obfuscation_level = Column(INTEGER(1), nullable=False)
     encryption = Column(TextPickleType(), nullable=False)
+    operating_hours = Column(TextPickleType(), nullable=False)
 
 
 class GeneratedImplants(Base):

FudgeC2/Implant/ImplantGenerator.py

@@ -40,7 +40,8 @@ class ImplantGenerator:
         "obf_upload_file": "upload-file",
         "obf_download_file": "download-file",
         "obf_screen_capture": "screen-capture",
-        "obf_kill_date": "implant_kill_date"
+        "obf_kill_date": "implant_kill_date",
+        "obf_operating_hours": "working_time_function"
         }
 
     execute_command = '''
@@ -87,10 +88,37 @@ class ImplantGenerator:
         [string]::join('',[ChaR[]](101, 120, 105, 116)) |& ((gv ‘*MDr*’).NamE[3,11,2] -join '')
     }  
 }
+'''
+    operating_hours = '''
+function {{ ron.obf_operating_hours }}(){
+    #Write-host "Are we at working time yet?"
+    while ($true){
+        $start_string = "{{ operating_hours['oh_start'] }}:00"
+        $stop_string =  "{{ operating_hours['oh_stop'] }}:00"
+        $start = [datetime]::parseexact($start_string, 'HH:mm:ss', $null)
+        $stop = [datetime]::parseexact($stop_string, 'HH:mm:ss', $null)
+    
+        if ($start -lt $stop){
+            #Write-Host "9-5"
+            if( ( (get-date) -ge $start ) -And ((get-date) -le $stop) ){  
+            return }
+        } else {
+            $stop = $stop.AddDays(1)
+            # Write-Host "5-9"
+            # Write-Host $stop
+            if ( ((get-date) -lt $stop) -And ( (Get-Date) -gt $start ) ) { 
+            return}
+        }
+        start-sleep(3);
+    }
+}
 '''
 
     select_protocol = '''
 function {{ ron.obf_select_protocol }}($b){
+    {% if operating_hours['oh_start'] is defined %}
+{{ ron.obf_operating_hours }}
+    {% endif %}
     {% if kill_date %}{{ ron.obf_kill_date }}{% endif %}
     sleep (Get-Random -Minimum (${{ ron.obf_sleep }} *0.90) -Maximum (${{ ron.obf_sleep }} *1.10))
     return get-random($b)
@@ -181,6 +209,9 @@ def _process_modules(self, implant_data, randomised_function_names):
         if implant_data['kill_date'] is not None:
             implant_functions.append(self.kill_date)
 
+        if len(implant_data['operating_hours']) == 2:
+            implant_functions.append(self.operating_hours)
+
         constructed_implant = self._manage_implant_function_order(implant_data, implant_functions)
 
         protocol_string = ""
@@ -248,6 +279,7 @@ def generate_implant_from_template(self, implant_data):
             proto_core=protocol_switch,
             obfuscation_level=implant_data['obfuscation_level'],
             obf_variables=variable_list,
+            operating_hours=implant_data['operating_hours'],
             kill_date=implant_data['kill_date'],
             kill_date_encoded=base64.b64encode(str(implant_data['kill_date']).encode()).decode()
         )

FudgeC2/ServerApp/modules/ApplicationManager.py

@@ -1,9 +1,11 @@
 import requests
 from distutils.version import LooseVersion
+import logging
 
 from Data.Database import Database
 from Storage.settings import Settings
 
+logger = logging.getLogger(__name__)
 
 class AppManager:
     db = None

FudgeC2/ServerApp/modules/ImplantManagement.py

@@ -3,7 +3,10 @@
 from Implant.ImplantFunctionality import ImplantFunctionality
 from NetworkProfiles.NetworkProfileManager import NetworkProfileManager
 
-import datetime
+import logging
+from datetime import datetime
+
+logger = logging.getLogger(__name__)
 
 class ImplantManagement:
     # -- The implant management class is responsible for performing pre-checks and validation before sending data
@@ -24,6 +27,7 @@ def _form_validated_obfucation_level_(self, form):
                 obfuscation_value = 4
             return obfuscation_value
         except:
+            logger.warning(f"{self}")
             return None
 
     def _validate_command(self, command):
@@ -58,16 +62,40 @@ def _validate_template_kill_date(self, form):
             try:
                 # Checking to ensure a the time is not before current time.
                 #  This time must match the webapp submission format.
-                user_time = datetime.datetime.strptime(form['kill_date'], '%d/%m/%Y, %H:%M')
-                current_time = datetime.datetime.now()
+                print(form)
+                user_time = datetime.strptime(form['kill_date'], '%d/%m/%Y, %H:%M')
+                current_time = datetime.now()
                 if user_time < current_time:
                     return None
                 else:
                     # Reformatting the datetime to match implant datetime format string
-                    return datetime.datetime.strftime(user_time, '%Y-%m-%d %H:%M:%S')
+                    return datetime.strftime(user_time, '%Y-%m-%d %H:%M:%S')
             except Exception as E:
+                print(E)
+                error_logging.error(f"kill_date vaule not in form: {__name__}", E)
                 return None
 
+    def _validate_template_operating_hours(self, form):
+        # This returns a dict no matter what.
+        time_dict = {}
+        timemask = "%H:%M"
+        if "oh_start" in form and "oh_stop" in form:
+            time_dict['oh_start'] = form['oh_start']
+            time_dict['oh_stop'] = form['oh_stop']
+            try:
+                start = datetime.strptime(time_dict['oh_start'], timemask)
+                stop = datetime.strptime(time_dict['oh_stop'], timemask)
+                # Ensure the start is less than stop
+                if start >= stop:
+                    print(f"Start {start} is greater than stop {stop}")
+                return time_dict
+            except Exception as e:
+                print(f"Formatting error: {e}")
+                return {}
+        else:
+            return {}
+
+
     def get_network_profile_options(self):
         return self.NetProMan.get_implant_template_code()
 
@@ -135,7 +163,8 @@ def create_new_implant(self, cid, form, user):
             "obfuscation_level": None,
             "encryption": [],
             "protocol": {},
-            "kill_date": None
+            "kill_date": None,
+            "operating_hours": None
         }
         try:
             User = self.db.user.Get_UserObject(user)
@@ -148,6 +177,7 @@ def create_new_implant(self, cid, form, user):
             if "CreateImplant" in form:
                 obfuscation_level = self._form_validated_obfucation_level_(form)
                 implant_configuration['kill_date'] = self._validate_template_kill_date(form)
+                implant_configuration['operating_hours'] = self._validate_template_operating_hours(form)
 
                 if obfuscation_level is None:
                     raise ValueError('Missing, or invalid obfuscation level.')

FudgeC2/ServerApp/static/core-style.css

@@ -1,5 +1,5 @@
 body {
-    background-color: #035371;
+    background-color: #669AD5;
     padding:0px;
 }
 

FudgeC2/ServerApp/templates/CreateImplant.html

@@ -86,6 +86,36 @@ <h3>Create Implant Template</h3>
                 });
             </script>
 
+
+            <span class="font-weight-bold">Operating hours</span><br>
+            <span class="font-italic">Configure the operating time frame in which your implant will function in. These times will be read and Leave blank to disable operating hour functionality</span>
+            <div class="form-group">
+                <span>Start time</span>
+                <div class="input-group date" id="oh_start" data-target-input="nearest">
+                    <input type="text" class="form-control datetimepicker-input" data-target="#datetimepicker1" name="oh_start"/>
+                    <div class="input-group-append" data-target="#oh_start" data-toggle="datetimepicker">
+                        <div class="input-group-text"><i class="fa fa-calendar"></i></div>
+                    </div>
+                </div>
+                <span>Stop time</span>
+                <div class="input-group date" id="oh_stop" data-target-input="nearest">
+                    <input type="text" class="form-control datetimepicker-input" data-target="#datetimepicker1" name="oh_stop"/>
+                    <div class="input-group-append" data-target="#oh_stop" data-toggle="datetimepicker">
+                        <div class="input-group-text"><i class="fa fa-calendar"></i></div>
+                    </div>
+                </div>
+            </div>
+            <script type="text/javascript">
+                $(function () {
+                    $('#oh_start').datetimepicker( {
+                        format: 'HH:mm'
+                    });
+                    $('#oh_stop').datetimepicker( {
+                        format: 'HH:mm'
+                    });
+                });
+            </script>
+
             {% if profiles%}
             <h4>Network Profiles<span class="text-danger">*</span></h4>
             <div>To include a network profile in your implant simple enter the port it's listener will be listening on. At least one profile is required per implant template, any blank entries are not included.</div>