Closed c0okB closed 1 year ago
Thanks for reporting this, I will look into it shortly
` if len(cmdSlice) < 4 { sendResponse(fmt.Sprintf("args error: %v", cmdSlice)) return }
filename_length := len(cmdSlice[1])
filename_index := strings.LastIndex(cmdSlice[1],"/")
DownloadFilename := SubStr(cmdSlice[1],filename_index+1,filename_length)
url := fmt.Sprintf("%swww/%s", emp3r0r_data.CCAddress, DownloadFilename)
path := cmdSlice[2]
size, err := strconv.ParseInt(cmdSlice[3], 10, 64)
if err != nil {
out = fmt.Sprintf("processCCData: cant get size of %s: %v", url, err)
sendResponse(out)
return
}
`
I will rewrite the HTTP handler for better authentication, and when I am done there should be no problem with this upload function.
TODO
http.FileServer
with a custom handler, so the /www
path will change into something like /www/{token}
In the put function(CChandle.go),I input
put '/root/too/curl.exe' 'c:\users\public\curl.exe'
, the author's code directly splices the absolute path of the local file (such as/root/tool/curl.exe
) towww/
. Although the file has been transferred to thewww/
at this time, when the agent downloads the file, it will downloadcurl.exe
onhttp://example.com/www//root/tool/curl.exe
instead ofhttp://example.com/www/curl.exe
. Buthttp://example.com/www//root/tool/
is 404