Modified locations of server modules

2015-01-03 21:14:17 -05:00 · 2015-01-03 21:14:17 -05:00 · eafe26261c
parent eb2bfdb9d9
commit eafe26261c
7 changed files with 80 additions and 6 deletions
--- a/1
+++ b/1
@ -1,6 +1,7 @@
 [1.3.2015]
    Added...: SFTP Server module has been added to the framework!
    Added...: SFTP Client module has been added to the framework.
+    Modified: Modified server web modules to have their required libraries in the "web" folder.

 [12.27.2014]
    Added...: Datatype module template has been added to the framework for creating datatype modules.
--- a/protocols/servers/http_server.py
+++ b/protocols/servers/http_server.py
@ -6,8 +6,8 @@ This is the code for the web server

 import socket
 import sys
-from protocols.servers.serverlibs import base_handler
-from protocols.servers.serverlibs import threaded_http
+from protocols.servers.serverlibs.web import base_handler
+from protocols.servers.serverlibs.web import threaded_http
 from threading import Thread


--- a/protocols/servers/https_server.py
+++ b/protocols/servers/https_server.py
@ -8,8 +8,8 @@ import socket
 import ssl
 import sys
 from common import helpers
-from protocols.servers.serverlibs import base_handler
-from protocols.servers.serverlibs import threaded_http
+from protocols.servers.serverlibs.web import base_handler
+from protocols.servers.serverlibs.web import threaded_http
 from threading import Thread


@ -33,7 +33,7 @@ class Server:
    def serve_on_port(self):
        try:
            cert_path = helpers.ea_path() +\
-                '/protocols/servers/serverlibs/server.pem'
+                '/protocols/servers/serverlibs/web/server.pem'
            server = threaded_http.ThreadingHTTPServer(
                ("0.0.0.0", 443), base_handler.GetHandler)
            server.socket = ssl.wrap_socket(
--- a/protocols/servers/serverlibs/web/init.py
+++ b/protocols/servers/serverlibs/web/init.py
--- a/protocols/servers/serverlibs/web/base_handler.py
+++ b/protocols/servers/serverlibs/web/base_handler.py
@ -0,0 +1,67 @@
+import os
+import time
+from BaseHTTPServer import BaseHTTPRequestHandler
+from common import helpers
+
+
+class GetHandler(BaseHTTPRequestHandler):
+    # Some of the http server code came from Dave Kennedy's AES shell
+    # over http - the server specific code
+
+    # should be performing GET requests Help from
+    # http://pymotw.com/2/BaseHTTPServer/
+    def do_GET(self):
+
+        # 404 since we aren't serving up any pages, only receiving data
+        self.send_response(404)
+        self.end_headers()
+        return
+
+    # handle post request
+    def do_POST(self):
+
+        # Gather the Posted URI from the agent/browser
+        # parsed_path = urlparse.urlparse(self.path)
+        uri_posted = self.path
+        uri_posted = uri_posted.replace("/", "")
+        #incoming_ip = self.client_address[0]
+        # current directory
+        exfil_directory = os.path.join(helpers.ea_path(), "data")
+        loot_path = exfil_directory + "/"
+
+        # Info for this from -
+        # http://stackoverflow.com/questions/13146064/simple-
+        # python-webserver-to-save-file
+        if uri_posted == "post_data.php":
+
+            self.send_response(200)
+            self.end_headers()
+
+            # Check to make sure the agent directory exists, and a loot
+            # directory for the agent.  If not, make them
+            if not os.path.isdir(loot_path):
+                os.makedirs(loot_path)
+
+            # Get the date info
+            current_date = time.strftime("%m/%d/%Y")
+            current_time = time.strftime("%H:%M:%S")
+            screenshot_name = current_date.replace("/", "") +\
+                "_" + current_time.replace(":", "") + "web_data.txt"
+
+            # Read the length of the screenshot file being uploaded
+            screen_length = self.headers['content-length']
+            screen_data = self.rfile.read(int(screen_length))
+
+            # Write out the file
+            with open(loot_path + screenshot_name, 'w') as cc_data_file:
+                cc_data_file.write(screen_data)
+
+        # All other Post requests
+        else:
+
+            self.send_response(404)
+            self.end_headers()
+
+            print "Odd... someone else is trying to access this web server..."
+            print "Might want to check that out..."
+        return
--- a/protocols/servers/serverlibs/web/threaded_http.py
+++ b/protocols/servers/serverlibs/web/threaded_http.py
@ -0,0 +1,6 @@
+from BaseHTTPServer import HTTPServer
+from SocketServer import ThreadingMixIn
+
+
+class ThreadingHTTPServer(ThreadingMixIn, HTTPServer):
+    pass
--- a/setup/setup.sh
+++ b/setup/setup.sh
@ -8,7 +8,7 @@ cd pyftpdlib
 python setup.py install
 cd ..
 rm -rf pyftpdlib
-cd ../protocols/servers/serverlibs
+cd ../protocols/servers/serverlibs/web
 clear
 echo "[*] Generating SSL Certificate"
 openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes