@app.route("/pinning")
def do_pinning():
if "client_ip" in state:
return json_error(500, "Agent has already been pinned to an IP!")
state["client_ip"] = request.client_ip
return json_success("Successfully pinned Agent",
client_ip=request.client_ip)
@app.route("/extract", methods=["POST"])
def do_extract():
# 上一步创建的随机文件夹C:\\tmppx7scxC:tmppx7scx
if "dirpath" not in request.form:
return json_error(400, "No dirpath has been provided")
if "zipfile" not in request.files:
return json_error(400, "No zip file has been provided")
try:
with zipfile.ZipFile(request.files["zipfile"], "r") as archive:
archive.extractall(request.form["dirpath"])
except:
return json_exception("Error extracting zip file")
return json_success("Successfully extracted zip file")
上传分析配置文件analysis.conf
执行store命令, 写入analysis.conf
@app.route("/store", methods=["POST"])
def do_store():
# filepath: C:/tmppx7scx/analysis.conf
if "filepath" not in request.form:
return json_error(400, "No filepath has been provided")
# file: analysis.conf
if "file" not in request.files:
return json_error(400, "No file has been provided")
try:
with open(request.form["filepath"], "wb") as f:
shutil.copyfileobj(request.files["file"], f, 10*1024*1024)
except:
return json_exception("Error storing file")
return json_success("Successfully stored file")
analysis.conf内容
[analysis]
category = file
target = /tmp/cuckoo-tmp-pwnmelife/tmpZ3SA0v/maze.exe (host端的样本地址)
package = exe
file_type = PE32 executable (GUI) Intel 80386, for MS Windows
file_name = maze.exe
clock = 20200620T09:28:00
id = 1
terminate_processes = False
options = apk_entry=:,procmemdump=yes,route=none
enforce_timeout = False
timeout = 120
ip = 192.168.56.1
pe_exports =
port = 2042
上传样本
执行store命令, 写入maze.exe
@app.route("/store", methods=["POST"])
def do_store():
# filepath: C:\Users\bill\AppData\Local\Temp\maze.exe
if "filepath" not in request.form:
return json_error(400, "No filepath has been provided")
# file: sample.bin
if "file" not in request.files:
return json_error(400, "No file has been provided")
try:
with open(request.form["filepath"], "wb") as f:
shutil.copyfileobj(request.files["file"], f, 10*1024*1024)
except:
return json_exception("Error storing file")
return json_success("Successfully stored file")
执行分析脚本
def do_execpy():
# filepath: C:/tmppx7scx/analyzer.py
if "filepath" not in request.form:
return json_error(400, "No Python file has been provided")
# Execute the command asynchronously? As a shell command?
# async: yes
async = "async" in request.form
# cwd : C:/tmppx7scx
cwd = request.form.get("cwd")
stdout = stderr = None
args = [
sys.executable,
request.form["filepath"],
]
# async = yes, 不返回执行结果
# async = false, 返回执行结果
try:
if async:
subprocess.Popen(args, cwd=cwd)
else:
p = subprocess.Popen(args, cwd=cwd,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
stdout, stderr = p.communicate()
except:
return json_exception("Error executing command")
return json_success("Successfully executed command",
stdout=stdout, stderr=stderr)