File server handler needs reworking

jm33-m0 / emp3r0r

Linux/Windows post-exploitation framework made by linux user

https://infosec.exchange/@jm33

MIT License

1.26k stars 232 forks source link

File server handler needs reworking #160

Closed c0okB closed 1 year ago

c0okB commented 1 year ago

In the put function（CChandle.go）,I input put '/root/too/curl.exe' 'c:\users\public\curl.exe', the author's code directly splices the absolute path of the local file (such as /root/tool/curl.exe) to www/. Although the file has been transferred to the www/ at this time, when the agent downloads the file, it will download curl.exe on http://example.com/www//root/tool/curl.exe instead of http://example.com/www/curl.exe. But http://example.com/www//root/tool/ is 404

jm33-m0 commented 1 year ago

Thanks for reporting this, I will look into it shortly

c0okB commented 1 year ago

` if len(cmdSlice) < 4 { sendResponse(fmt.Sprintf("args error: %v", cmdSlice)) return }

    filename_length := len(cmdSlice[1])
    filename_index := strings.LastIndex(cmdSlice[1],"/")
    DownloadFilename := SubStr(cmdSlice[1],filename_index+1,filename_length)

    url := fmt.Sprintf("%swww/%s", emp3r0r_data.CCAddress, DownloadFilename)

    path := cmdSlice[2]
    size, err := strconv.ParseInt(cmdSlice[3], 10, 64)
    if err != nil {
        out = fmt.Sprintf("processCCData: cant get size of %s: %v", url, err)
        sendResponse(out)
        return
    }

jm33-m0 commented 1 year ago

I will rewrite the HTTP handler for better authentication, and when I am done there should be no problem with this upload function.

jm33-m0 commented 1 year ago

TODO

[x] Allow only connected agents to download files
[x] Replace http.FileServer with a custom handler, so the /www path will change into something like /www/{token}
[x] Examine other APIs for security issues