Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
import java.io.DataOutputStream;
import java.net.HttpURLConnection;
import java.net.URL;
sub oplog::saveToDisk {
local('$timestamp $localIP $destIP $userContext $command $operator $oplog_id $logfile $data $header $handle $error');
$timestamp = $1;
$localIP = $2;
$destIP = $3;
$userContext = $4;
$command = $5;
$operator = $6;
$oplog_id = "CHANGEME";
$logfile = script_resource("offline_logs.csv");
if(!-isFile $logfile){
println("[-] Activity tracker not detected, creating new file");
$error = createNewFile($logfile);
$header = "oplog_id,start_date,end_date,source_ip,dest_ip,tool,user_context,command,description,output,comments,operator_name\n";
if (checkError($error))
{
println($error);
}
$handle = openf(">>$logfile");
writeb($handle, $header);
closef($handle);
}
$data = $oplog_id;
$data .= ",";
$data .= $timestamp;
$data .= ",";
$data .= $timestamp;
$data .= ",\"";
$data .= $localIP;
$data .= "\",\"";
$data .= $destIP;
$data .= "\",";
$data .= "beacon";
$data .= ",\"";
$data .= $userContext;
$data .= "\",\"";
$data .= $command;
$data .= "\",";
$data .= ",";
$data .= ",";
$data .= ",\"";
$data .= $operator;
$data .= "\"\n";
$handle = openf(">>$logfile");
writeb($handle, $data);
closef($handle);
}
on beacon_input {
local('$url $oplog_id $url $operator $data $api_key $urlobj $con $wr $responseCode $resp_code $localIP $destIP $userContext $command $logfile $header');
$url = "CHANGEME";
$oplog_id = "CHANGEME";
if([$url isEmpty]) {
return;
}
if($oplog_id == 0) {
return;
}
if ([$3 startsWith: "<--"] || [$3 startsWith: "#"]) {
return;
}
$url .= "/oplog/api/entries/";
local('$bid $hostname $user $desc $mtime $hostname');
$bid = $1;
$operator = $2;
$desc = $3;
$mtime = $4;
$hostname = binfo($bid, 'computer');
$user = binfo($bid, 'user');
$data = "{";
$data .= "\"source_ip\":\"";
$data .= localip();
$data .= "\",";
$data .= "\"dest_ip\":\"";
$data .= $hostname;
$data .= "\",";
$data .= "\"tool\":\"beacon\",";
$data .= "\"user_context\":\"";
$data .= $user;
$data .= "\",";
$data .= "\"command\":\"";
$data .= $desc;
$data .= "\",";
$data .= "\"output\":\"\",";
$data .= "\"comments\":\"\",";
$data .= "\"operator_name\":\"";
$data .= $operator;
$data .= "\",";
$data .= "\"oplog_id\":";
$data .= $oplog_id;
$data .= "}";
$resp_code = oplog::post_command($data);
if($resp_code != 201) {
println("[Error] Response code from Oplog API: " . $responseCode);
oplog::saveToDisk($mtime, localip(), $hostname, $user, $desc, $operator);
}
}
sub oplog::post_command {
local('$1 $urlobj $con $wr $responseCode $api_key $url');
$url = "CHANGEME";
if([$url isEmpty]) {
return;
}
$url .= "/oplog/api/entries/";
$api_key = "CHANGEME";
$urlobj = [new URL: $url];
try
{
$con = [$urlobj openConnection];
[$con setRequestProperty: "User-Agent", "BEACON"];
[$con setRequestMethod: "POST"];
[$con setDoOutput: true];
[$con setConnectTimeout: 5000];
[$con setRequestProperty: "Content-Type", "application/json"];
[$con setRequestProperty: "Authorization", "Api-Key " . $api_key];
$wr = [new DataOutputStream: [$con getOutputStream]];
[$wr writeBytes: $1];
[$wr flush];
[$wr close];
}
catch $exception
{
return 0;
}
$responseCode = [$con getResponseCode];
return $responseCode;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment