Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

File server handler needs reworking #160

Closed
c0okB opened this issue Sep 8, 2022 · 4 comments · Fixed by #161
Closed

File server handler needs reworking #160

c0okB opened this issue Sep 8, 2022 · 4 comments · Fixed by #161
Assignees
@jm33-m0
Labels
enhancement New feature or request

Comments

@c0okB
Copy link

c0okB commented Sep 8, 2022
edited by jm33-m0
Loading

In the put function(CChandle.go),I input put '/root/too/curl.exe' 'c:\users\public\curl.exe', the author's code directly splices the absolute path of the local file (such as /root/tool/curl.exe) to www/. Although the file has been transferred to the www/ at this time, when the agent downloads the file, it will download curl.exe on http://example.com/www//root/tool/curl.exe instead of http://example.com/www/curl.exe. But http://example.com/www//root/tool/ is 404
@jm33-m0
Copy link
Owner

jm33-m0 commented Sep 8, 2022

Thanks for reporting this, I will look into it shortly

@c0okB
Copy link
Author

c0okB commented Sep 8, 2022

`
if len(cmdSlice) < 4 {
sendResponse(fmt.Sprintf("args error: %v", cmdSlice))
return
}

	filename_length := len(cmdSlice[1])
	filename_index := strings.LastIndex(cmdSlice[1],"/")
	DownloadFilename := SubStr(cmdSlice[1],filename_index+1,filename_length)


	url := fmt.Sprintf("%swww/%s", emp3r0r_data.CCAddress, DownloadFilename)



	path := cmdSlice[2]
	size, err := strconv.ParseInt(cmdSlice[3], 10, 64)
	if err != nil {
		out = fmt.Sprintf("processCCData: cant get size of %s: %v", url, err)
		sendResponse(out)
		return
	}

`

@jm33-m0
Copy link
Owner

jm33-m0 commented Sep 8, 2022

I will rewrite the HTTP handler for better authentication, and when I am done there should be no problem with this upload function.

@jm33-m0 jm33-m0 added the enhancement New feature or request label Sep 8, 2022
@jm33-m0 jm33-m0 self-assigned this Sep 8, 2022
@jm33-m0
Copy link
Owner

jm33-m0 commented Sep 8, 2022
edited
Loading

TODO

  • Allow only connected agents to download files
  • Replace http.FileServer with a custom handler, so the /www path will change into something like /www/{token}
  • Examine other APIs for security issues

@jm33-m0 jm33-m0 changed the title Error in file upload function File server handler needs reworking Sep 8, 2022
@jm33-m0 jm33-m0 closed this as completed in cafeb9d Sep 9, 2022
@github-actions github-actions bot mentioned this issue Sep 9, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jm33-m0 jm33-m0

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

chore(master): release 1.19.0 jm33-m0/emp3r0r
2 participants
@jm33-m0 @c0okB