User Controls
Problems with Django.(Lan you're the Django man)
-
2016-12-03 at 5:58 PM UTCAlright so i am building a Command and Control server/website/thingy and i am using Django but i am no web dev and i am having some problems.
What i want is a login page(which i got) and a main page(which i have partly) and i want my malware of choice to login via the login page and land on the main area where it retrieves a key.(More on that later).
So without further ado here is some technical shit that may help you help me.
Here is my directory structure.
Sophie@Ubuntu:~/root_command$ ls -lR
.:
total 64
drwxrwxr-x 4 system system 4096 dec 3 18:08 CNC
-rw-r--r-- 1 system system 36864 nov 23 04:03 db.sqlite3
-rwxr-xr-x 1 system system 810 nov 22 22:36 manage.py
drwxrwxr-x 2 system system 4096 dec 3 18:05 root_command
./CNC:
total 100
-rw-r--r-- 1 system system 64 nov 23 03:30 admin.py
-rw-r--r-- 1 system system 122 nov 23 02:17 apps.py
-rw-r--r-- 1 system system 0 nov 22 23:19 __init__.py
-rw-r--r-- 1 system system 128 nov 23 02:05 __init__.pyc
drwxrwxr-x 2 system system 4096 nov 22 23:19 migrations
-rw-r--r-- 1 system system 98 nov 22 23:19 models.py
drwxrwxr-x 2 system system 4096 dec 3 18:00 static
-rw-r--r-- 1 system system 60 nov 22 23:19 tests.py
-rw-r--r-- 1 system system 803 dec 3 18:08 views.py
-rw-r--r-- 1 system system 1019 dec 3 18:08 views.pyc
./CNC/migrations:
total 8
-rw-r--r-- 1 system system 0 nov 22 23:19 __init__.py
./CNC/static:
total 20
-rw-rw-r-- 1 system system 1044 dec 3 17:55 login.html
-rw-rw-r-- 1 system system 0 dec 3 18:00 main.html
./root_command:
total 92
-rw-r--r-- 1 system system 0 nov 22 22:36 __init__.py
-rw-r--r-- 1 system system 137 nov 22 22:36 __init__.pyc
-rw-r--r-- 1 system system 3114 nov 22 22:36 settings.py
-rw-r--r-- 1 system system 2583 nov 22 22:36 settings.pyc
-rw-r--r-- 1 system system 874 dec 3 18:03 urls.py
-rw-r--r-- 1 system system 1130 dec 3 18:05 urls.pyc
-rw-r--r-- 1 system system 402 nov 22 22:36 wsgi.py
-rw-r--r-- 1 system system 605 nov 22 23:01 wsgi.pyc
Here is urls.py
from django.conf.urls import url
from django.contrib import admin
from CNC import views
urlpatterns = [
url(r'^admin/', admin.site.urls),
url(r'^main/$', views.main),
url(r'^login/$', views.login_user),
]
Here is my views.py that lives in CNC.
from django.http import *
from django.shortcuts import render_to_response,redirect
from django.template import RequestContext
from django.contrib.auth.decorators import login_required
from django.contrib.auth import authenticate, login, logout
def login_user(request):
logout(request)
username = password = ''
if request.POST:
username = request.POST['username']
password = request.POST['password']
user = authenticate(username=username, password=password)
if user is not None:
if user.is_active:
login(request, user)
return HttpResponseRedirect('main.html')
return render_to_response('login.html', context_instance=RequestContext(request))
# I will be completing the following later
#@login_required(login_url='/login/')
#def main(request):
# ....
Here is my copy pasta of Lanny's user models.py with a few adjustments to reduce redundancy in my case.
from __future__ import unicode_literals
from django.db import models
from django.contrib import auth
class user(auth.models.AbstractBaseUser, auth.models.PermissionsMixin):
USERNAME_FIELD = 'username'
username = models.CharField(max_length=256, unique=True)
date_joined = models.DateTimeField(default=timezone.now)
is_active = models.BooleanField(default=True)
is_admin = models.BooleanField(default=False)
is_staff = models.BooleanField(default=False)
objects = auth.models.UserManager()
def get_long_name(self):
return self.username
def get_short_name(self):
return self.get_long_name()
def get_url(self):
return '/'
Probably will need to fine tune it at some point. Now here are some problems, when i want to migrate what i have so far to the database here is what i am getting.
Sophie@Ubuntu:~/root_command$ python manage.py migrate
Results in the following.
File "/home/system/root_command/root_command/urls.py", line 24, in <module>
url(r'^main/$', views.main),
AttributeError: 'module' object has no attribute 'main'
Why? I have a main.html, or is it because i need to make a model for the main page as well? If so how do i do that? And on the subject of models what do i all need to make a model for. Keep in mind the purpose of the site.
Let me reiterate, i need to be able to login either as admin to manage the database and see the keys and IDs i will store there(Oh yes i will need a model for keys and IDs, any suggestions as to how to write them?) or as 'user' and have a 2048 RSA key in Base64 generated for me.(How i will do this on a website i have no fucking clue.)
So user login -> posts ID -> key pair gets generated -> public key gets retrieved by the user and private key gets stored in the database.
Or admin login -> view IDs and corresponding private keys -> possibly change values in the DB or whatever.
Wut do?
Post last edited by Sophie at 2016-12-03T18:00:46.768344+00:00 -
2016-12-03 at 7:48 PM UTC
Originally posted by Sophie Probably will need to fine tune it at some point. Now here are some problems, when i want to migrate what i have so far to the database here is what i am getting.
Sophie@Ubuntu:~/root_command$ python manage.py migrate
Results in the following.
File "/home/system/root_command/root_command/urls.py", line 24, in <module>
url(r'^main/$', views.main),
AttributeError: 'module' object has no attribute 'main'
Why? I have a main.html, or is it because i need to make a model for the main page as well? If so how do i do that?
So your urls.py is a mapping from url patterns to things that handle requests, django calls these views. The second argument to `url()` needs to be a function that takes a request object and returns a response object, it is not the name of an html file. So the immediate issue is that when you write `views.main` python is looking in the views model for a main function and failing to find it, hence the exception. So you can either comment out your second urlpattern as well or make views.main a function that just does nothing so it can at least be found in urls.py
Also note that templates (html files you want to serve as responses, so login.html and main.html) belong in `CNC/templates` rather than `CNC/static`.And on the subject of models what do i all need to make a model for. Keep in mind the purpose of the site.
So a model just represents a table in the database, so you'll want to make a model for every "type" of information you want to store persistently. So I imagine the only model you'll need is one to holds keys and who they go to. It will obviously need a column (field, from the django perspective) for the private key. If every bot deployed is going to have a unique username/password then you'll want to store a foreign key to the users table, if they're going to autogen ids or something you'll just store that in a charfield or whatever.
For viewing keys, django comes with a nifty admin interface, you've probably seen it before. The getting started guide details how to register models so they appear in the admin interface. That's probably plenty for your use case. -
2016-12-03 at 8:02 PM UTC
Originally posted by Lanny So your urls.py is a mapping from url patterns to things that handle requests, django calls these views. The second argument to `url()` needs to be a function that takes a request object and returns a response object, it is not the name of an html file. So the immediate issue is that when you write `views.main` python is looking in the views model for a main function and failing to find it, hence the exception. So you can either comment out your second urlpattern as well or make views.main a function that just does nothing so it can at least be found in urls.py
Also note that templates (html files you want to serve as responses, so login.html and main.html) belong in `CNC/templates` rather than `CNC/static`.
So a model just represents a table in the database, so you'll want to make a model for every "type" of information you want to store persistently. So I imagine the only model you'll need is one to holds keys and who they go to. It will obviously need a column (field, from the django perspective) for the private key. If every bot deployed is going to have a unique username/password then you'll want to store a foreign key to the users table, if they're going to autogen ids or something you'll just store that in a charfield or whatever.
For viewing keys, django comes with a nifty admin interface, you've probably seen it before. The getting started guide details how to register models so they appear in the admin interface. That's probably plenty for your use case.
Thanks i will mull this over. Then when i am not frustrated because i can't Django for shit i will revisit this and do what you said. Also yeah they are going to autogen IDs, also i wouldn't know how to give the bots each unique usernames and passwords and at the same time have their values predetermined in the database. Unless the website assigns usernames and passwords or something and the bots just phone home to get their credentials or something. -
2016-12-03 at 8:06 PM UTCYou guys know anything about brute force wifi cracks with reaver? Is there a better program?
-
2016-12-03 at 8:07 PM UTCThe routers I try have AP rate limitation and/or the WPS just locks after a few tries
-
2016-12-03 at 8:12 PM UTCAhh this worked.
from django.conf.urls import url
from django.contrib import admin
from CNC import views
urlpatterns = [
url(r'^admin/', admin.site.urls),
url(r'^main/$', views.main),
url(r'^login/$', views.login_user),
]
from django.http import *
from django.shortcuts import render_to_response,redirect
from django.template import RequestContext
from django.contrib.auth.decorators import login_required
from django.contrib.auth import authenticate, login, logout
def login_user(request):
logout(request)
username = password = ''
if request.POST:
username = request.POST['username']
password = request.POST['password']
user = authenticate(username=username, password=password)
if user is not None:
if user.is_active:
login(request, user)
return HttpResponseRedirect(main)
return render_to_response('login.html', context_instance=RequestContext(request))
@login_required(login_url='/login/')
def main(request):
return render_to_response('main.html', context_instance=RequestContext(request))
Well that was easy. Pfft. Ok so model for keys is next on the TODO list.
Post last edited by Sophie at 2016-12-03T20:18:35.254651+00:00 -
2016-12-03 at 8:13 PM UTC
Originally posted by mmQ You guys know anything about brute force wifi cracks with reaver? Is there a better program?
https://www.aircrack-ng.org/doku.php?id=tutorial -
2016-12-05 at 2:28 AM UTC
Originally posted by mmQ You guys know anything about brute force wifi cracks with reaver? Is there a better program?
Make a thread feggot. You don't want to brute force. If the AP uses WPA and isn't shit you are out of luck, but a lot of them are shit. Use the pixie dust option -K, if it works it will work quick. If it doesn't move to the next.
reaver -i mon0 -b 00:AA:BB:11:22:33 -vv -K 1