Skip to content

Commit 11be400

Browse files
committed
hotfixing
1 parent 4521397 commit 11be400

2 files changed

Lines changed: 25 additions & 1 deletion

File tree

lazyc2.py

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2061,12 +2061,36 @@ def _load_or_create_secret_key():
20612061
app.config['SESSION_COOKIE_HTTPONLY'] = True
20622062
app.config['REMEMBER_COOKIE_SECURE'] = True
20632063
app.config['SESSION_COOKIE_SAMESITE'] = 'Lax'
2064+
app.config['PROPAGATE_EXCEPTIONS'] = False
2065+
app.config['TRAP_HTTP_EXCEPTIONS'] = True
20642066
app.config["fd"] = None
20652067
app.config["child_pid"] = None
20662068
app.jinja_env.filters['fromjson'] = fromjson
20672069
app.jinja_env.filters['markdown'] = markdown_to_html
20682070
BASE_DIR = os.getcwd()
20692071
TOOLS_DIR = f'{BASE_DIR}/tools'
2072+
2073+
2074+
@app.errorhandler(404)
2075+
def _handle_404(_error):
2076+
return jsonify({"error": "not found"}), 404
2077+
2078+
2079+
@app.errorhandler(405)
2080+
def _handle_405(_error):
2081+
return jsonify({"error": "method not allowed"}), 405
2082+
2083+
2084+
@app.errorhandler(Exception)
2085+
def _handle_exception(error):
2086+
"""Generic error handler that never leaks stack traces or exception messages.
2087+
2088+
Even when ``config.enable_c2_debug`` is on, the response body stays
2089+
generic. Verbose details are still logged server-side for operators.
2090+
"""
2091+
if config.enable_c2_debug:
2092+
logger.exception("[c2] unhandled exception: %s", error)
2093+
return jsonify({"error": "internal server error"}), 500
20702094
BASE_DIR += "/sessions/"
20712095
UPLOAD_FOLDER = BASE_DIR + 'uploads'
20722096
app.config['UPLOAD_FOLDER'] = UPLOAD_FOLDER

payload.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,7 @@
2424
"enable_c2_implant_debug": true,
2525
"start_user": "grisun0",
2626
"start_pass": "grisgrisgris",
27-
"rhost": "127.0.0.1",
27+
"rhost": "10.0.0.1",
2828
"lhost": "127.0.0.1",
2929
"scope": [],
3030
"scope_enforcement": "warn",

0 commit comments

Comments
 (0)