Esempio n. 1
0
 def register_attemp(self):
     if self.chances == 0:
         data = mwx.rwjson('info.json')
         data['ips'].append(self.address)
         mwx.rwjson('info.json', data)
         return True
     self.chances -= 1
     return False
Esempio n. 2
0
def security_check():
    if request.environ.get('HTTP_X_FORWARDED_FOR') in [None, '']:
        g.ip = request.remote_addr
    else:
        g.ip = request.environ['HTTP_X_FORWARDED_FOR']

    ips = mwx.rwjson('info.json')['ips']
    if g.ip in ips:
        abort(403)

    host = mwx.rwjson('info.json')['host']
    if not host:
        if session.get('id', False) != h.hexdigest():
            abort(403)
Esempio n. 3
0
def settings():
    inf = mwx.rwjson('info.json')
    if request.method == 'POST':
        form = forms.SettingsForm(request.form)
        if not form.validate_on_submit():
            abort(400)
        inf['host'] = True if form.host.data == '1' else False
        inf['show_hidden_files'] = True if form.show_hidden_files.data == '1' else False
        inf['theme'] = form.theme.data
        mwx.rwjson('info.json', inf)
        return redirect(f'http://{request.host}')

    form = forms.SettingsForm()
    data = {
        'host': '1' if inf['host'] else '0',
        'show_hidden_files': '1' if inf['show_hidden_files'] else '0',
        'theme': inf['theme']
    }
    return render_template('settings.html', form=form, data=data)
Esempio n. 4
0
def editor():
    if not isinstance(request.args.get('path', False), str):
        abort(400)
    form = forms.FileForm()
    if request.args.get('file', False):
        form = forms.FileForm()
        form.name.data = request.args['file']
        form.content.data = mwx.rwfile(
            os.path.join(home, 'Pylocalhost', request.args['path'],
                         request.args['file']))
    if request.method == 'POST':
        form = forms.FileForm(request.form)
        if not form.validate_on_submit():
            abort(400)
        try:
            mwx.rwfile(
                os.path.join(home, 'Pylocalhost', request.args['path'],
                             form.name.data), form.content.data)
            return redirect(f'http://{request.host}/' + request.args['path'])
        except:
            return '<span style="font-weight:bold;color:red;">An Error occurred while saving file!</span>'
    inf = mwx.rwjson('info.json')
    return render_template('editor.html', form=form, theme=inf['theme'])
Esempio n. 5
0
# In the name of Allah

from mwx import rwjson

print(rwjson('/etc/pylocalhost/info.json')['password'])
Esempio n. 6
0
# In the name of Allah

from functools import wraps
from flask import session, abort
import mwx
import hashlib

h = hashlib.sha256()
h.update(str(mwx.rwjson('info.json')['password']).encode('utf-8'))


def secure_api(func):
    @wraps(func)
    def decorator(*args, **kwargs):
        if str(session.get('id', False)) != h.hexdigest():
            abort(403)
        return func(*args, **kwargs)

    return decorator


class DangerousIP:
    def __init__(self, address):
        self.address = address
        self.chances = 4

    def register_attemp(self):
        if self.chances == 0:
            data = mwx.rwjson('info.json')
            data['ips'].append(self.address)
            mwx.rwjson('info.json', data)
Esempio n. 7
0
def explorer(p):
    root = os.path.join(home, 'Pylocalhost')
    path = os.path.join(root, p)
    show_hidden_files = mwx.rwjson('info.json')['show_hidden_files']
    jupyter_installed = '1' if mwx.rwjson(
        'info.json')['jupyter_installed'] else '0'
    if request.args.get('dl') == 'true':
        return redirect(f'http://{request.host}/d/' + p)
    if request.args.get('run') == 'true':
        if session.get('id', False) != h.hexdigest():
            abort(403)
        if p.lower().endswith('.py'):
            try:
                return '<span style="font-weight:bold;color:green;">Python script ran successsfully here is the output:</span><br><br>' + os.popen(
                    f'{python} {home}/Pylocalhost/{p}').read(), 200
            except:
                return '<span style="font-weight:bold;color:red;">Could not run script successfully!</span>', 500
        elif p.lower().endswith('.js'):
            if not os.popen('which node').read().startswith('/'):
                return '<span style="font-weight:bold;color:red;">You don\'t have NodeJS installed on your system!</span>'
            try:
                return '<span style="font-weight:bold;color:green;">Javascript ran successfully here is the output:</span><br><br>' + os.popen(
                    f'node {home}/Pylocalhost/{p}').read(), 200
            except:
                return '<span style="font-weight:bold;color:red;">Could not run script successfully!</span>', 500
        else:
            return '<span style="font-weight:bold;color: red;">PyLocalHost is only able to run Javascript or Python scripts</span>', 400

    if request.args.get('sysopen') == 'true':
        if session.get('id', False) != h.hexdigest():
            abort(403)
        try:
            env = dict(os.environ)
            env['DISPLAY'] = ":0"
            subprocess.Popen(f'xdg-open {path}', env=env, shell=True)
            return 'Requesting from system was successful', 200
        except:
            return 'Requesting from system was not successful', 500
    if request.args.get('rm') == 'true':
        if session.get('id', False) != h.hexdigest():
            abort(403)
        try:
            os.popen(f'rm -rf {path}')
            return redirect(f'http://{request.host}/' + p + '/../')
        except:
            return 'Requesting from system was not successful', 500
    if os.path.isdir(path) or os.path.ismount(path):
        if request.args.get('notebook') == 'true':
            if session.get('id', False) != h.hexdigest():
                abort(403)
            try:
                env = dict(os.environ)
                env['DISPLAY'] = ":0"
                x = subprocess.Popen(
                    f'cd {path} && /etc/pylocalhost/.venv/bin/jupyter notebook',
                    env=env,
                    shell=True)
                notebooks.append(x)
                return 'Requesting from system was successfull', 200
            except:
                return 'Requesting from system was not successfull!', 500
        if request.args.get('srvdir') == 'true':
            return redirect(f'http://{request.host}/s/' + p)
        ls = mwx.browse(path, show_hidden_files)
        return jsonify(ls) if request.args.get(
            'api') == 'true' else render_template('explorer.html',
                                                  ls=ls,
                                                  p=p,
                                                  rp=f'http://{request.host}',
                                                  jupyter=jupyter_installed)
    elif os.path.isfile(path) or os.path.islink(path):
        return redirect(f'http://{request.host}/s/' + p)
    else:
        return render_template('404.html', p=p), 404
Esempio n. 8
0
# In the name of Allah

from flask import Flask, abort, render_template, request, jsonify, redirect, session, g
from datetime import timedelta
import os
import forms
import mwx
import subprocess
import hashlib
import utils

home = mwx.rwjson('info.json')['home']
python = mwx.rwjson('info.json')['python']
password = mwx.rwjson('info.json')['password']
h = hashlib.sha256()
h.update(password.encode('utf-8'))
notebooks = []
dangerous_ips = []

app = Flask(__name__)
app.config['SECRET_KEY'] = mwx.rwjson('info.json')['secret']


@app.before_request
def security_check():
    if request.environ.get('HTTP_X_FORWARDED_FOR') in [None, '']:
        g.ip = request.remote_addr
    else:
        g.ip = request.environ['HTTP_X_FORWARDED_FOR']

    ips = mwx.rwjson('info.json')['ips']