#!/bin/bash # Variables pour php, à personnaliser si besoin upload_max_filesize="2G" max_input_time="10800" max_execution_time="10800" post_max_size="2G" # Pour avoir un retour du choix de l'utilisateur asksomething() { read -r -p "${1} [y/N] " response case "$response" in [yY][eE][sS]|[yY]) true ;; *) false ;; esac } showlicence() { echo "" cecho "-----------------------------------------------------------------------------" $light_gray echo "" cecho " DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE" $light_gray cecho " Version 2, December 2004" $light_gray echo "" cecho " Copyright (C) 2004 Sam Hocevar " $light_gray echo "" cecho "Everyone is permitted to copy and distribute verbatim or modified" $light_gray cecho "copies of this license document, and changing it is allowed as long" $light_gray cecho "as the name is changed." $light_gray echo "" cecho " DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE" $light_gray cecho " TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION" $light_gray echo "" cecho " 0. You just DO WHAT THE FUCK YOU WANT TO." $light_gray echo "" cecho "-----------------------------------------------------------------------------" $light_gray echo "" cecho " Fermeture du script dans 5 secondes" $light_green sleep 5s return } # Pour mettre de la couleur red="\033[0;31m" blue="\033[0;34m" light_blue="\033[1;34m" light_red="\033[1;31m" cyan="\033[0;36m" light_green="\033[1;32m" light_gray="\033[0;37m" green="\033[0;32m" yellow="\033[1;33m" light_purple="\033[1;35m" purple="\033[0;35m" reset_color="\033[0;00m" cecho () { local msg_par_defaut="" local message=${1:-$msg_par_defaut} # Message par défaut. local couleur=${2:-$reset_color} # Couleur par défaut si non spécifié. echo -e "$couleur $message" # Restaure le paramètre d'origine tput sgr0 # Retour à la normale. return } runserver() { # Recherche de l'adresse ipv4 du poste. local poste=`hostname -I | tr -s ' ' | cut -d' ' -f1` local serverport=8512 # default port local keepportallowedbyfirewall=false local openserver=false # Lancer un serveur monothread sur le port voulu (defaut : 8512) cecho " #############################################" $light_blue cecho " # #" $light_blue cecho " # #" $light_blue cecho " # Ouverture d'un serveur monothread #" $light_blue cecho " # #" $light_blue cecho " # author : Jerry Wham #" $light_blue cecho " # contact()ecyseo.net #" $light_blue cecho " # version 2021-11-16 #" $light_blue cecho " # #" $light_blue cecho " # #" $light_blue cecho " #############################################" $light_blue echo "" echo -n "Entrez le numéro du port que vous souhaiter utiliser, entre 8000 et 8999 :" # local userinput=$1 read userinput if [[ $userinput -lt 8000 || $userinput -gt 8999 ]]; # checks that the input is within the desired range then echo "" cecho "Votre saisie est en dehors de la plage autorisée." $light_red cecho "Le port sera celui par défaut : 8512." $light_red else serverport=$userinput fi # Commandes pour lancer le serveur local cmdphp="php -d upload_max_filesize="$upload_max_filesize" -d max_input_time="$max_input_time" -d max_execution_time="$max_execution_time" -d post_max_size="$post_max_size" -S" local cmdpython="python3 -m http.server $serverport" if [[ $poste == "" ]] ; then cmdphp="$cmdphp localhost" else # cmdpython="$cmdpython --bind $poste" cmdphp="$cmdphp $poste" fi cmdphp="$cmdphp:$serverport monothread-server.php" # Vérifie si le port est autorisé par le parefeu echo "" echo "Vérification de l'autorisation d'ouverture du port $serverport par le parefeu dans 2 secondes..." sleep 2s pkexec ufw status verbose | tr -d "[:space:]" | grep -q "$serverport""ALLOW" # Récupère le status de la commande précédente local status=$? echo "" # "0" : le port est ouvert. "1" : il est fermé if [[ $status == 1 ]]; then cecho "Le port est actuellement fermé." $light_red if asksomething "Autoriser l'ouverture du port $serverport ?"; then pkexec ufw allow $serverport if asksomething "Souhaitez-vous conserver cette règle lorsque le serveur sera fermé ?"; then keepportallowedbyfirewall=true fi openserver=true else echo "" cecho "Vous avez refusé l'ouverture du port." $light_red echo "Le serveur ne sera pas lancé. Le script va se terminer." showlicence notify-send -i info -t 20000 "Serveur fermé" exit fi else cecho "Le port $serverport est actuellement ouvert." $light_green if asksomething "Souhaitez-vous conserver cette règle lorsque le serveur sera fermé ?"; then keepportallowedbyfirewall=true fi openserver=true fi if [[ $openserver == true ]]; then # Choix du type de serveur # Et lancement de celui-ci echo "" echo " ---- *** ----" echo "" echo " Initialisation du serveur." cecho " Appuyer sur les touches ctrl+c pour le fermer..." $light_green echo "" echo " ---- *** ----" echo "" echo "Vous avez le choix entre un serveur python et un serveur php." echo "Le serveur php ajoute un routeur temporaire au dossier dans lequel le script est lancé." echo "Il permet d'envoyer des fichiers sur le poste." echo "Ce routeur est supprimé à l'arrêt du script." echo "" echo "Voulez-vous lancer un serveur python ?" if asksomething "Dans le cas contraire, un serveur php sera lancé"; then echo "" printf ' \U1F409\n' cecho " Lancement du serveur python." $light_green echo "" printf ' \U1F409\n' echo "" ($cmdpython) else touch monothread-server.php echo " 'audio/aac', 'avi' => 'video/x-msvideo', 'bz' => 'application/x-bzip', 'bmp' => 'image/bmp', 'csv' => 'text/csv', 'doc' => 'application/msword', 'docx' => 'application/vnd.openxmlformats-officedocument.wordprocessingml.document', 'dot' => 'application/msword', 'gif' => 'image/gif', 'ico' => 'image/x-icon', 'ics' => 'text/calendar', 'png' => 'image/png', 'jpeg' => 'image/jpeg', 'jpg' => 'image/jpeg', 'key' => 'application/octet-stream', 'md' => 'text/plain', 'mkv' => 'video/x-matroska', 'mp3' => 'audio/mpeg3', 'mpeg' => 'video/mpeg', 'numbers' => 'application/octet-stream', 'ods' => 'application/vnd.oasis.opendocument.spreadsheet', 'odt' => 'application/vnd.oasis.opendocument.text', 'odp' => 'application/vnd.oasis.opendocument.presentation', 'otp' => 'application/vnd.oasis.opendocument.presentation-template', 'ott' => 'application/vnd.oasis.opendocument.text-template', 'ogg' => 'application/ogg', 'pages' => 'application/octet-stream', 'pdf' => 'application/pdf', 'pot' => 'application/vnd.ms-powerpoint', 'pps' => 'application/vnd.ms-powerpoint', 'ppsx' => 'application/vnd.openxmlformats-officedocument.presentationml.slideshow', 'ppt' => 'application/vnd.ms-powerpoint', 'pptx' => 'application/vnd.openxmlformats-officedocument.presentationml.presentation', 'png' => 'image/png', 'sig' => 'application/octet-stream', 'sql' => 'application/octet-stream', 'tar' => 'application/x-tar', 'txt' => 'text/plain', 'wav' => 'audio/x-wav', 'xls' => 'application/vnd.ms-excel', 'xla' => 'application/vnd.ms-excel', 'xlb' => 'application/vnd.ms-excel', 'xlb' => 'application/x-excel', 'xlc' => 'application/vnd.ms-excel', 'xld' => 'application/vnd.ms-excel', 'xlk' => 'application/vnd.ms-excel', 'xll' => 'application/vnd.ms-excel', 'xlm' => 'application/vnd.ms-excel', 'xl' => 'application/vnd.ms-excel', 'xlsx' => 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet', 'xlt' => 'application/vnd.ms-excel', 'xlv' => 'application/vnd.ms-excel', 'xlw' => 'application/x-excel', 'zip' => 'application/zip', ]; /** * Check \$_FILES[][name] * * @param (string) \$filename - Uploaded file name. * @author Yousef Ismaeil Cliprz */ function check_file_uploaded_name(\$filename) { return (bool) ((!ctype_alnum(str_replace(array('.','-','_'), '', \$filename)) || !preg_match('/^(?:[a-z0-9._-]|\.(?!\.))+\$/iD',\$filename)) ? false : true); } /** * Check \$_FILES[][name] length. * * @param (string) \$filename - Uploaded file name. * @author Yousef Ismaeil Cliprz. */ function check_file_uploaded_length(\$filename) { return (bool) ((mb_strlen(\$filename,'UTF-8') > 225) ? false : true); } function getExtension(\$file) { \$e = explode('.',\$file); \$e = trim(end(\$e)); if (\$e == \$file) {return '';} return \$e; } # convert to octet (Merci Bronco @ warriordudimanche.net ^_^) function toOctet(\$size=null,\$default_unit=null){ if (!\$size){return;} \$size=strtolower(\$size); \$nb=intval(\$size); if ( stripos(\$size, 'k')===false && stripos(\$size, 'm')===false && stripos(\$size, 'g')===false ){ if (\$default_unit){\$size.=\$default_unit;} else{return \$nb;} } if (empty(\$nb)){return 0;} if (stripos(\$size, 'k')!==false){return \$nb*(1024);} if (stripos(\$size, 'm')!==false){return \$nb*(1024*1024);} if (stripos(\$size, 'g')!==false){return \$nb*(1024*1024*1024);} } function scanFileNameRecursivly(\$path = '', &\$name = array() ) { \$path = \$path == ''? dirname(__FILE__) : \$path; \$lists = @scandir(\$path); if(!empty(\$lists)){ foreach(\$lists as \$f){ if(is_dir(\$path.DIRECTORY_SEPARATOR.\$f) && '..' != \$f && '.' != \$f){ scanFileNameRecursivly(\$path.DIRECTORY_SEPARATOR.\$f, \$name); } else if ('..' != \$f && '.' != \$f && 'monothread-server.php' != \$f){ \$name[] = \$path.DIRECTORY_SEPARATOR.\$f; } } } return \$name; } function token() { return array_reduce(scanFileNameRecursivly(__DIR__),function(\$a) {return md5(\$a);}); } function clean(\$a) { return str_replace(__DIR__.'/','',\$a); } \$requestedAbsoluteFile = dirname(__FILE__) . \$_SERVER['REQUEST_URI']; if (!preg_match('/\.php\$/', \$requestedAbsoluteFile) && \$_SERVER['REQUEST_URI'] != '/') { header('Content-Type: '.mime_content_type(\$requestedAbsoluteFile)); \$fh = fopen(\$requestedAbsoluteFile, 'r'); fpassthru(\$fh); fclose(\$fh); return true; } \$files = scanFileNameRecursivly(__DIR__); \$newfile = ''; echo '🐘\">

Dossier /

'; if (isset(\$_FILES['upfile']['tmp_name'])) { if (!isset(\$_POST['token'])) { throw new RuntimeException('Invalid parameters.'); } if (\$_POST['token'] != token()) { throw new RuntimeException('Invalid parameters.'); } try { // Undefined | Multiple Files | \$_FILES Corruption Attack // If this request falls under any of them, treat it invalid. if ( !isset(\$_FILES['upfile']['error']) || is_array(\$_FILES['upfile']['error']) ) { throw new RuntimeException('Invalid parameters.'); } // Check \$_FILES['upfile']['error'] value. switch (\$_FILES['upfile']['error']) { case UPLOAD_ERR_OK: break; case UPLOAD_ERR_NO_FILE: throw new RuntimeException('No file sent.'); case UPLOAD_ERR_INI_SIZE: case UPLOAD_ERR_FORM_SIZE: throw new RuntimeException('Exceeded filesize limit.'); default: throw new RuntimeException('Unknown errors.'); } // You should also check filesize here. if (\$_FILES['upfile']['size'] > 1000000) { throw new RuntimeException('Exceeded filesize limit.'); } // DO NOT TRUST \$_FILES['upfile']['mime'] VALUE !! // Check MIME Type by yourself. \$finfo = new finfo(FILEINFO_MIME_TYPE); \$mimetype = \$finfo->file(\$_FILES['upfile']['tmp_name']); if (false === \$ext = array_search( \$mimetype, \$allowedExtensions, true )) { throw new RuntimeException('Invalid file format '.\$mimetype.'. You could had this type of file in allowedExtensions.'); } \$extension = getExtension(trim(\$_FILES['upfile']['name'])); if (!isset(\$allowedExtensions[\$extension]) || \$allowedExtensions[\$extension] != \$allowedExtensions[\$ext]) { throw new RuntimeException('Invalid file format.'); } else { \$ext = \$extension; } if (check_file_uploaded_name(\$_FILES['upfile']['name']) === false || check_file_uploaded_length(\$_FILES['upfile']['name']) === false) { throw new RuntimeException('Invalid file name.'); } \$newfile = sprintf('%s.%s', str_replace('.'.\$ext,'',trim(\$_FILES['upfile']['name'])).'-'.md5(sha1_file(\$_FILES['upfile']['tmp_name']).date('Ymdhis')), \$ext ); // You should name it uniquely. // DO NOT USE \$_FILES['upfile']['name'] WITHOUT ANY VALIDATION !! // Obtain safe unique name from its binary data. if (!move_uploaded_file( \$_FILES['upfile']['tmp_name'], './'.\$newfile )) { throw new RuntimeException('Failed to move uploaded file.'); } \$reply = 'File is uploaded successfully.'; } catch (RuntimeException \$e) { \$reply = \$e->getMessage(); } echo '

'.\$reply.'

'; } ?>

\">

upload_max_filesize =
max_input_time =
max_execution_time =
post_max_size =

'; foreach (\$files as \$i => \$file) { if ('.' !== \$file && '..' !== \$file && 'monothread-server.php' !== \$file) { \$f = str_replace(__DIR__.'/','',\$file); echo '
  • '.(isset(\$_POST['new']) && \$_POST['new'] == \$f ? ''.\$f.'' : \$f).'
    • '; } } ?> '; echo ''; echo ' '; } ?>
    🔝
    " >> monothread-server.php echo "" printf ' \U1F418\n' cecho " Lancement du serveur php." $light_blue echo "" printf ' \U1F418\n' echo "" ($cmdphp) rm monothread-server.php fi if [[ $keepportallowedbyfirewall == false ]]; then echo "" if asksomething "Autoriser la fermeture du port $serverport ?"; then pkexec ufw deny $serverport else cecho "Le port restera ouvert lorsque ce script sera terminé" $light_blue sleep 3s fi fi showlicence notify-send -i info -t 20000 "Serveur fermé" exit fi } runserver