From 4738f213dc506f5fa05974eb1f0a824f7d0a8a40 Mon Sep 17 00:00:00 2001 From: REDD Date: Mon, 25 Jan 2021 20:26:51 -0800 Subject: [PATCH 1/3] Adds Payload Library & features. Adds new features such as, Backup Current Payload, Restore Payload, Download Payload, and Delete Payload along with a new "Tab" called "Library". I would of added this to the www folder... BUT someone has it locked. I figured the SharkJack needed a little "shark love" since it hasn't been updated in over a year. Cheers. --- www-beta/library.sh | 228 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 228 insertions(+) create mode 100644 www-beta/library.sh diff --git a/www-beta/library.sh b/www-beta/library.sh new file mode 100644 index 0000000..7e78fa5 --- /dev/null +++ b/www-beta/library.sh @@ -0,0 +1,228 @@ +#!/bin/bash + +echo -e "Content-type: text/html\n\n" +PAYLOAD_DIR="/root/library" +MAIN_PAYLOAD="/root/payload" + +# Adding library folder to the Root Directory. +if [[ ! -d "$PAYLOAD_DIR" ]]; then + mkdir -p "$PAYLOAD_DIR" +fi + +# (internal) routine to store POST data +function cgi_get_POST_vars() +{ + # only handle POST requests here + [ "$REQUEST_METHOD" != "POST" ] && return + + # save POST variables (only first time this is called) + [ ! -z "$QUERY_STRING_POST" ] && return + + # skip empty content + [ -z "$CONTENT_LENGTH" ] && return + + # check content type + # FIXME: not sure if we could handle uploads with this.. + [ "${CONTENT_TYPE}" != "application/x-www-form-urlencoded" ] && \ + echo "bash.cgi warning: you should probably use MIME type "\ + "application/x-www-form-urlencoded!" 1>&2 + + # convert multipart to urlencoded + local handlemultipart=0 # enable to handle multipart/form-data (dangerous?) + if [ "$handlemultipart" = "1" -a "${CONTENT_TYPE:0:19}" = "multipart/form-data" ]; then + boundary=${CONTENT_TYPE:30} + read -N $CONTENT_LENGTH RECEIVED_POST + # FIXME: don't use awk, handle binary data (Content-Type: application/octet-stream) + QUERY_STRING_POST=$(echo "$RECEIVED_POST" | awk -v b=$boundary 'BEGIN { RS=b"\r\n"; FS="\r\n"; ORS="&" } + $1 ~ /^Content-Disposition/ {gsub(/Content-Disposition: form-data; name=/, "", $1); gsub("\"", "", $1); print $1"="$3 }') + + # take input string as is + else + read -N $CONTENT_LENGTH QUERY_STRING_POST + fi + + return +} + +# (internal) routine to decode urlencoded strings +function cgi_decodevar() +{ + [ $# -ne 1 ] && return + local v t h + # replace all + with whitespace and append %% + t="${1//+/ }%%" + while [ ${#t} -gt 0 -a "${t}" != "%" ]; do + v="${v}${t%%\%*}" # digest up to the first % + t="${t#*%}" # remove digested part + # decode if there is anything to decode and if not at end of string + if [ ${#t} -gt 0 -a "${t}" != "%" ]; then + h=${t:0:2} # save first two chars + t="${t:2}" # remove these + v="${v}"`echo -e \\\\x${h}` # convert hex to special char + fi + done + # return decoded string + echo "${v}" + return +} + +# routine to get variables from http requests +# usage: cgi_getvars method varname1 [.. varnameN] +# method is either GET or POST or BOTH +# the magic varible name ALL gets everything +function cgi_getvars() +{ + [ $# -lt 2 ] && return + local q p k v s + # get query + case $1 in + GET) + [ ! -z "${QUERY_STRING}" ] && q="${QUERY_STRING}&" + ;; + POST) + cgi_get_POST_vars + [ ! -z "${QUERY_STRING_POST}" ] && q="${QUERY_STRING_POST}&" + ;; + BOTH) + [ ! -z "${QUERY_STRING}" ] && q="${QUERY_STRING}&" + cgi_get_POST_vars + [ ! -z "${QUERY_STRING_POST}" ] && q="${q}${QUERY_STRING_POST}&" + ;; + esac + shift + s=" $* " + # parse the query data + while [ ! -z "$q" ]; do + p="${q%%&*}" # get first part of query string + k="${p%%=*}" # get the key (variable name) from it + v="${p#*=}" # get the value from it + q="${q#$p&*}" # strip first part from query string + # decode and assign variable if requested + [ "$1" = "ALL" -o "${s/ $k /}" != "$s" ] && \ + export "$k"="`cgi_decodevar \"$v\"`" + done + return +} + +# register all GET and POST variables +cgi_getvars BOTH ALL + +if [[ $REQUEST_METHOD == 'POST' ]]; then + if [ -n "$DEL" ]; then + REM_DIR=$(echo "$DEL" | sed -r "s/(.+)\/.+/\1/" ) + rm -rf "$REM_DIR" + fi +fi + +if [[ $REQUEST_METHOD == 'POST' ]]; then + if [ -n "$RESTORE" ]; then + cp -rf "$RESTORE" /root/payload/payload.sh + fi +fi + +if [[ $REQUEST_METHOD == 'POST' ]]; then + if [ -n "$BACKUPNAME" ]; then + mkdir -p $PAYLOAD_DIR/$BACKUPNAME + cp -rf /root/payload/payload.* "$PAYLOAD_DIR/$BACKUPNAME/payload.sh" + fi +fi +if [[ $REQUEST_METHOD == 'POST' ]]; then + if [ -n "$UPLOAD" ]; then + mkdir -p "$PAYLOAD_DIR/Uploaded-Payload" + cp "UPLOAD" "$PAYLOAD_DIR/Uploaded-Payload/payload.sh" + fi +fi + +cat < + + + + Hak5 Shark Jack + + + + + + + + + + +
+
+
+

Payload Library

+
+
+ $(find $PAYLOAD_DIR -type f -exec echo {} \; | while read line; do SHORT=$(basename $(dirname $line));echo "
$SHORT
"; done)
+
+
+ Backup current Payload into Payload Library: +
+ + +
+
+
+
+ + + +EOF From cd4df4ff5a67e05a340c7b1936fb074f7ff3b879 Mon Sep 17 00:00:00 2001 From: REDD Date: Tue, 26 Jan 2021 17:36:48 -0800 Subject: [PATCH 2/3] Fixes errors with spacing in Backup names. --- www-beta/library.sh | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/www-beta/library.sh b/www-beta/library.sh index 7e78fa5..25be64f 100644 --- a/www-beta/library.sh +++ b/www-beta/library.sh @@ -122,7 +122,7 @@ fi if [[ $REQUEST_METHOD == 'POST' ]]; then if [ -n "$BACKUPNAME" ]; then - mkdir -p $PAYLOAD_DIR/$BACKUPNAME + mkdir -p "$PAYLOAD_DIR/$BACKUPNAME" cp -rf /root/payload/payload.* "$PAYLOAD_DIR/$BACKUPNAME/payload.sh" fi fi @@ -160,12 +160,20 @@ cat <