Hello and welcome to the final activity for the python for security professionals. Course I am your Smee and host Joseph Perry. And this is the final official activity for the course. When you completed this, who have completed the class, there is still some extra activities on the side. Ah, packet sniffer.
I'll be adding other
sort of extra activities over the next few weeks so that you can keep testing your skills and improving.
This is the final sort of test exam. If you want to say
practical section of the course
s O, you should have a file should look like this.
We're gonna just start right off.
So I was nice, and I want had named all of your functions for you had prepared those. So
all you're going to be doing for the course of this project is filling out these functions.
pretty straightforward job. And then I've got this comment in the beginning that we're gonna go through now, and that's basically just gonna cover exactly what you have to do.
So the final activity for the advanced python section is a drive wide after p like tool. It's have to be like because it's only going to be designed. We're only going to worry about text files. We're not goingto
transfer J pegs executed is that sort of thing. That's possible, but it's not what we're doing.
Um, you should be able to receive multiple connections each on their own threat, and you should take several commands.
Dr. Searched their search, download, upload and close. The 1st 4 will be commands you actually send across the network and then close will be
just for your old machine there for your own
client. Whatever. Well, you can send it across the network for more proper tear down,
but the 1st 4 have to be sent across Pretty. It's
the first thing we're gonna do with it,
this is with anything else is
framework or drop sort of the sketch of this program.
So you see that I've got ah read filer create file received at a send out a search Dr Search Directory. Send file contents received file contents, handle connection and
You have handle connection because that's going to unnecessary. Later on, multi threat
received file contents and sent file contents obviously correspond to download, upload, download upload.
Search directories do research. Search drivers drive searched the primary distinction between Dr Search under surge door searches much faster, but much more limited. So well, it's not necessarily faster. If you were to install this program in your in the route, See, Dr, then they'll take exactly the same amount of time.
What Dr Search does is it searches from the top of the C drive all the way down,
and as soon as it finds the file, it returns.
Do research starts at whatever director you're ending goes down from there.
So this activity is going to require the use. Multi threading, see ties, regular expressions and some libraries with which are unfamiliar. Those libraries. You see, I've already imported. You're familiar with this. You're familiar with this committee with this? Not this. Well, maybe a little bit, but not much. And not really with OS, particularly
so s especially is going to be extremely handy in the search driving search directory sections.
So these 1st 4 frame worked First force or the outlines they make sense.
These next four are a bit different. So send and receive data
are going to be how we're going to send well, exactly Sound like Senate received
information there are also useful for commands.
The idea is pretty simple
I want to send a command. If you want to send an uncertain length string and python, it's very difficult to do
buffers get big. You never know how much data you need to receive. And when you're sending files, you could be sending it kilobyte file or
to bite file. You never know,
so these are designed so that they can actually get the size of the data you're about to send or receive and properly receive it
with a correctly sized buffer. So we're going to We're really going to be doing with these two comment that now is
a new networking protocol,
which sounds very intimidating, but it's a very, very simple networking protocol. It's actually, I would argue, the easiest part of this assignment straightforward. Create file this one, Of course, going to be done with C Types
and Read file is going to be done with C types. Well,
greatfire refile most of the stuff that's going to be done in this project you've already dealt with. You've already handled it. You've already written this code.
If you want to cheat and be a lazy person, you can just go back and scavenge code from old projects.
I'm not saying you should. I'm not saying you shouldn't. I can tell you that if you get deeply into programming that will become your favorite thing to do because it saves a lot of time. But we're going to do this from scratch so that you can see it being done.
you know, we have our functions. We have our return statement for all the functions so that we can compile or so he can run without
all the functionality actually being built. So the first thing we want to do now is
create our commands lists that we're gonna be handling.
So we're going to just call that command list,
and we're gonna run through. So Dr Searched research, download, upload clothes
And I'm putting my quotes in a bit of a weird
order. We're putting in the mid a bit strangely
forgot him at the beginning. All right, so now we've got
commands. Listen, we're gonna break this out. Someone's a little neater.
That's the five commands of this contain
It is possible if you wanted to,
you know, be able to take shortened commands you could take. You could write
shorter command's list and mapped those these commands. That's totally up to you.
all these commands here. Now, what you want to start do it is implementing them in. See, There's really anything called a switch case Sable. And fortunately, we don't have that in Python, so we're gonna have to do a bunch of if statements, which is not awesome. But that's okay.
command, I was gonna equal Ryan, but,
well, it's gonna be all right. But for now, in reality, what we're going to do is command's going to be
we're going to get it from across the network. So actually, we can
do command equals received data,
and we'll just give it
fake socket right now.
So then we're just gonna dorie of statement. We're gonna build our table with of commands. So if
and one thing we're gonna do
Ah, here's we're going to actually use the upper function there. The upper method of a string
that way, when receive data returns, the string, which is gonna be What? It returns. Of course.
we get the upper case of it that way. We don't have toe check case or force the user to send us a specific case. We just deal with that ourselves.
So if command equals equals
let me know we're going to
And that's going to require a file name,
which we're going to get.
We'll just do it this way.
Uh, what I meant to do
this one we're not going to do upper on, because obviously not all files or upper case. So this will be case sensitive. It is possible to write this not case sensitive, which is a lot more work. Not really. Something we need to worry about right now.
well received data, and then she's gonna go through and do this with all of
command. Equals, equals Do research,
Search, search directory.
send because we're the servers. Send file contents,
and that'll be file name, user sock, user info.
So again, we're just gonna give it,
but it's asking for. And then we're actually in to come through and do this a bit more properly. Well,
actually, we're not gonna do this and made when we're done, but that's coming up.
No, no, to use herself
go through and change all these to use or suck.
So what we're doing right now, it's pretty straightforward is we're building, uh, the actual command's list in the actual command receiver. So normally, that would go in Maine, Which is why we're building in Maine right now. But we're actually going to take it out of here. We're going to put it in
this handle connection here in just a minute.
And I'll explain why although
some of you will probably understand why right out of the gate,
and then we are going to want to actually find out. So we're receiving data here, but we're not receiving data that has any information. So we're also going to do a sends data
And as we go, we'll make this a little bit more robust and make things make a little more sense.
They're not necessary a little more sense, but make them a little more functional.
And the final command, obviously we're gonna take is going to be,
and we're going to do something here.
our connection, handler? So again, normally, this would happen to me because it's the flow control. However, in this particular case, flow controls actually going to be done by Handel connection because each user is goingto have this and we don't want it to be locked up
control Exodus out of here.
We're gonna drop that in handle, connection,
race a little bit more sense.
Next thing we want to consider before we actually do anything with these commands is how this command process is gonna work. So if we receive one command right now, we're gonna receive the command. Then we're gonna do whatever it says that we're gonna leave. Obviously, we don't want that
we're going to do a while,
and you could do it. True. A lot of people will do it true. I don't like doing while truce.
They don't really leave a lot of room for
bull just variable. Basically saying shall I continue or should I not?
Some people call this essential value
and we're gonna actually change that. True for its starting value.
So while continual bull brother
and then whenever you choose to close, it will just set, continue pulled a false that while Luke will exit and you're no longer taking commands
There is one other thing that we want to account for is we have all the functions. They're all of the proper commands listed here,
well, first of all, the actual chiefs want to change all these. LF, but one of the other things we haven't really accounted for yet is what if they send us a command, That is it good?
Well, that's pretty straightforward. All we're going to do is we're going to do
and else down here at the bottom
and we're going to send data
So one of the nice things about
what we're doing years that were building these functions without regard to the fact we're without consideration thanked We actually don't have these variables
because we're just building a function of the time. We don't actually need those variables
we don't have to care about, um, while we're doing each function.
So now we've actually got pretty much,
at least at the prototype stage we have handle connection built.
So we're gonna work our way up. They're gonna come back down to maybe because man's gonna be kind of the trickier part, because that's what we're gonna do, some multi threading.
The next thing we're gonna do is we're going to do a received file contents. Soc File contents is
pretty straightforward. We get a file name and we got a sock a sock it.
And over that socket, we're going to receive contents of a file.
So the file name is going to be what we're going to create. And you see, we already have this create file. Well, let's create file here
so we don't have to implement Implement that in this function, which is nice. It makes it seem like we're not doing as much work. But of course we will have to do that work when we get to it. But hey, we'll cross that bridge when we come to it. So we're gonna do a create vile and again we could just do it with file name
Nice and easy. Nice and straight forward.
One thing that we may want to do is
if that returned something invalid. So we'll say
negative one is going to be our air condition for the rest of this program
S O. If it returns. Negative one. If it says this, air it out, then we want to return. Then we want to actually send some data,
which will be saying
file creation failed.
So there you go. That's the received file contents. Nice and easy. Pretty straightforward.
They were gonna do send file contents. Same general idea
the arguing we're gonna pass. That is, when do you read file with the file name.
those are to download upload commands, they're pretty much done. We're going to revisit those a little bit later. Now we're gonna start digging into kind of the more difficult, more challenging ones. So do research is not something we've learned how to do before.
It's going to be one that uses this library here.
gonna open a python interpreter over here.
So what you want to do is in OS. There's a really fantastic, um,
function, of course method.
Um, so we're gonna have a look at what that does.
We'll help, brother.
little crazy looking, but let's start at the top. So Walk has
four arguments. Top top down, which is auto set to troops on error, is none following Sequels False.
It's a tree generator. So it returns, innit? Aerator over. It returns a to pull rather
of this information here, which is Dirt path. Your name's file name.
So your path is a string. It's the path to that directory. It's the route pat specifically,
so starting at sea and then just going all the way down.
Uh, your names is a list of the subdirectories Inder path.
So whatever subdirectories exist here and file names a list of files that aren't directories
in your current director in the directory in which it's currently looking.
straightforward, pretty easy to use once you get the hang of things.
Always that walk takes
for Argument's is you mentioned Top Inder searches going to your current directory,
so we need to find a way to get our current record Well, let's see.
Let's try something along the lines of I know we're cheating a little bit since
kind of coming in. This was a priori knowledge, but, you know,
it's nice to be able to do that if you can't figure it out. If you don't know things like this, the easiest way is to just Google.
So there you go. So get current working director or get CWD returns the past your current working directory.
So let's walk top for this one. Top is going to be
No, start you on. It's gonna take his top down.
If the optional argument top down is true, we're not specified. The triple for the directory is generated before tripling any of its subdirectories. If it's false, it triples the directory after generates triples. For all the subdirectories,
top down is faster if you're looking for a specific file
for the obvious reason that if a file exists in your current directory
and you have to wait until you've gone through every single directory to actually start looking at the files,
that's gonna be slow.
So we generally want to leave top down it's true
military a very specific reason not to do
next. One is going to be on error.
So by default errors or ignored if you run into, uh,
permissions, aRer filed an existing somewhere, it just gets ignored. The reason for that is pretty straightforward. They're going to be Tom's of files. If you search from the C drive, we're going to be tons of files that you're not able to actually use.
Uh, that permissions, whatever.
And most of those areas aren't really handy. So on error generally equals none, because there's nothing you necessarily need to do. And we can revisit that if we find that there's actually some problem.
But for now, we can go with a safe non, and then the last one follow links is that's what it sounds like.
Follow links follow symbolic links on subdirectories. The danger of this is it says you're a caution
if you have Ah, subdirectory.
Um, actually, that's not the caution that I wanted, you see. So if you have a subdirectory that has a symbolic link to a directory above itself,
then you're going to hit an infinite loop. Knows Walk will never return it all go Terrible. So you generally don't want to follow links, So that's also gonna be false. So nice and easy. Most of these arguments are pre built for us. We can actually just not even put these in. If we want, we could just say, Oh, it's well, get current working directory.
Now, we mentioned us. Walk returns a triple. Ah, triple triple specifically or a three to pull.
So you don't have to say triple triple, which is kinda hard to say. So we're going to need to return all those values. So the first thing is going to return his dirt path. So we're gonna call that route because,
hey, I'm used to Lenox. Uh, your names will call that nurse,
and then file names will call that files
nice and easy, and then we're going to look in files. So this we're gonna bust out some ari
ari dot Compile. Luckily, this is actually super easy Ari to do ari dot compile file name
and I was going to do
of ari ob dje so that we have it actually returned somewhere.
So it's going to return a file name.
and they were going to search through
We're gonna call this file name.
No, actually, we've already got a final name. That'll just get confusing.
and pattern is going to be our e o b j
string is going to be I and the flags,
we're going to return that file because that means we found it.
And super handy. It actually over here.
Screw that up to the tops of my highlighting. Doesn't work in python dopers.
if you want to get the dirt path with the name combined in one handy string, all you have to do is OS path join.
So we're gonna do it o s dot path, not join
dirt path dot Nate, order path name. So that would just be route
file. Uh, root. I rather
and that's going to return the entire path to name.
if we go through all of the files, we don't get anything that we're going to turn negative one, which is, remember, is our default air condition.
So that's searching The directory, um,
seems pretty easy, and we'll see if it runs in the errors in a little while. But for now, that's searching the directory.
This one searching the drive
pretty much the same. Except that its again a lot slower. So for this one, we're going to do root
equals O s dot walk O s. This is going to be C and double backslash, so we don't escape.
And then we're going to do the same thing with regular expressions, ari dot Compile
and then we're going to do for I and files
if you are in a search.
os dot path, not join roots.
If that fails, return negative one.
So they're searching the directory and searching the drive quick and dirty, quick and easy. We use OS walk to travel through and find whatever and find all of the files.
And then when it finally returns, we go through and we compile,
uh, regular expression
and we track all of these eyes
But there's actually a bit of a faster way to do this, and it's it's kind of a tricky one for that A lot of people wouldn't think of,
So they're a bunch of different ways we can do this, but again, we're getting generators back.
So what we actually want to d'oh
is do a second for Luke
for Rutgers files in OS Walk.
We're going to do that.
So what that's going to do is, rather than wait until it's all finished and, you know, have tons and tons of data to look through, which would take some more editing in and of itself, we're going to look through on every single return from O s walk. It's a lot faster to do it this way, and it's
relatively neat looking code.
So the next we're going to do is dealing with the sending and receiving of data.
is not exactly a Z Z is just doing sock dot Send
the reason for that.
The reason it's not quite that easy is because again, we don't know how much data were sending. So we're gonna send, we know. How much did it were sending? We don't really care how much it was ending, but the other side doesn't know how much state it's gonna receive so it could receive the wrong amount. Too much too little. It could wipe out the, you know, could receive commands later in the buffer could do all sorts of things.
So we're going to do to avoid that is we're going to get the length of the data and we're going to tell our far side
how much data to get.
We're going to do that First of all by
data, land equals leading data,
and we're going to do instruct
And if you remember all the way back then
going to send in an imager
we're just gonna put
actresses for sending this data. We can kind of cheat a little bit and just do socked out. Send
So what this is actually going to do for us and it's really, really handing is going to send the length of the data immediately followed by the data itself.
And this is the entire networking protocol that we just created. It's a very, very simple one. But it's one that makes python now a viable your regular link
language for network communications.
So when we received it, we now know what sending data looks like. So when you receive data, we just basically do the opposite.
we're gonna come in there because instruct is actually gonna unpack it to pull. Ah, Struck's
because we know that an imager is going to be four
socket received four
And then we can actually just
socked out. Received
So this is exactly what it looks like. We're just gonna get the exact thing that we packed a minute ago. We're going to unpack it into data, Len, and they were just gonna receive that amount.
And then we get to create violent I create. Viable again is where we're gonna start using C types. Says where we're gonna implement some windows. A p I stuff,
um, stuff you're familiar with. If you did the other course are the other videos of this course.
First thing we need to do,
in any case, we're handling file, especially when we're actually creating violence.
Well, it sounds like create the file, so we know it's going to be windy, yellow
dot Colonel 32. And we know this because I did the slides, right? Hopefully
ah, Colonel 30 to create file A
and we know the first arguing to create Via Lay. Well, we might know the first argument create finally can independently are is
and the rest of arguments. We're going to cheat, and we're gonna get off the Internet
and get it. We're here. Internet.
stick that over here for a minute.
The first few minutes file name is we mentioned. Second arguments going to be the desired access way. Obviously want all access,
which we remember is being zero x 1000000
Nice. We're gonna do share mode. We don't really want to share
late people. I guess.
So we're gonna do zero.
I'm not great. Come. I'm not great at insults. I admit it. So, yeah, uh, sharing is gonna be zero security attributes. This could be no, which is awesome because we love when it's no. Lola. 00 is easy.
And the creation disposition for creating a file we're going to do create always
another is a danger in this.
If we do create, if we caught this on a filing that already exists, we're gonna wipe that pile out.
Pardon me? We're gonna wipe that viol out. So it is optional. It's totally up to you if you want to do open always. Which means if I already exists, gonna open it just to upend.
I like to live life on the edge, so we're gonna create always. But again, it's up to you how you want to do it.
Flies and attributes obviously want to file a tribute Normal, which we read here is being zero x 80
to do do do do do do
template file, which is again zero.
All right, so there's a created file.
And if we remember, we need a file handle
because that's what this returns which you see right here.
Turns out he's an open handle.
If it fails, the return value is invalid. Handle,
which I think has hidden somewhere is negative one.
because evil native one
negative one, which we soak immediately. Said as our error message
s So we've created a file now. We already received the data when this function is called. So we're next of course, going to write the file
first, we're gonna give the right file niceties. He's going to be the handle that we created just a minute ago, which is file handle. Next. Are you were going to give It is going to be a buffer
that buffers we see here, excavating the data to be written.
That's going to be data
number of bites, too, right?
number by its written, if we remember, is an out that we have to have a pointer for
You will see it zero
and was going to pass that by reference.
And then l p overlapped we're not going to worry about
after we write. And of course, we want to make sure we can check the return value. It functions seeds. It's non zero. If it fails, it returned zero.
negative one because no matter what kind of error messages other people use,
uh, or no matter what kind of error messages your other functions use a function you call use. You want all of your error returns to be consistent within your own program. So anytime you have something that could return an error, make sure that you're returning the same,
sort of standard error. Or you can return specific error codes. However you do it, you just need to be consistent.
That's creating a file. So we see we create a file, we write a pile. Next thing for us that we need to do
I shall do that here.
Windy l l doubt Colonel 32
because we never want to leave a handle open because that could be very bad.
Run out of resources,
which is not super likely to happen, but resource leaks are bad and we don't want resource leaks, so we'll be good. We'll get rid of it.
That's create piled up,
creates the vial with create, always disposition, and then it
This is going to read file, which is gonna be
almost exactly the same. Just instead of right file, we're gonna read file
and the creation disposition obviously will be a little bit different.
But otherwise it's pretty much the same function.
directs 1000000 Jo Jo.
And for this one, we're gonna want to go ahead and do it.
We're gonna do open, always open existing. That'll be a three. You don't want to send them an empty file. So if they send us a file name that we don't have,
we're going to return in there. We're gonna say, Hey, that file doesn't exist.
pilot Cherie, it's normal and zero
again, if I'll handle equals Negative one.
So this is the unfortunate fact of programming in general. Is that
a lot of the time, the code, your writing is that the super exciting code? It's just sort of
slugging through all the potential errors and problems and doing the boring stuff.
But the end result tends to be pretty awesome and worth the time.
So we're gonna do a re file.
So the reed file arguments are going to be similar to write follow, but not exactly the same.
So again it will be windy. L l Colonel 32
LP buffer LP Buffer, if you remember, is the pointer to buffer that receives the data
which we have to do a little bit of magic to create.
We'll call it data, since that seems to be a pretty consistent
variable named Terry. Oh, sorry. Blanked on my own
s so we'll call it data. And then we just have to
create a string buffer
and then the size that we want to put on that we can go ahead and say 40 96. It's larger than that. It's too large.
So read file, and then we're going to that's appointed to the buffet. So we're going to buy ref
D word. Number of bites to read. We know it will be 40 96 at most.
We need a pointer. Don't. Number of bites Red
That's what I wanted to do.
You'll see int zero.
And then, of course, we by raft
and then zero for l b overlapped.
And we see that this is a bull. If it succeeds,
turns non zero. If it fails, returned zero.
Now, the return on this one's gonna be a little bit different since, rather than returning data in general, we're actually going to do a return of data dot value.
So we're just returning the actual text makes a little bit easier for python to Parsons.
So I've got actually, most of the sort of the code for the server is written. Now,
the final step for the server is going to be actually multi threading it.
I'm kind of going back and cleaning some stuff up later, but for now, it'll mostly be multi threading.
what do we do for multi threading?
Well, first thing, obviously, is going to be threatening
which, and we're gonna go ahead and close this up for a minute.
We can import are threating library,
and we're going to need to do threatening got thread. So let's go ahead and bring up helping help on that since
So we see group target name arguments, keyword arguments for boasts.
target we remember to be a function group. We want to leave his none.
threading that thread,
target what we need to figure out a way to target.
Well, we know what the targets actually gonna be. We know it's going to be handled connection. We know, and we're going to handle the connection whenever we receive one.
That's not no one that should be done there.
and then it needs a name which again is going to be
And he needs arguments. So the arguments that handle connection needs will be user socking user info,
uh, cured arguments none, and then verbose. None. So we could just
So that's the thread being created. But now we actually need
well, the cause of the threat,
because the threat is going to be receiving a connection. So
you gotta make some sockets
He's going to eagle socket, not socket
suck strange. It's gonna be obviously a TCP server.
We're gonna do a service sock
dot bind You could do in a report you like.
I'm going to go ahead but mine
on 55555 on the local office. Of course,
we're going to do server sock.
and we give it eight
server sock dot except
and that's where we're going to get user sock
and user info. User sock is the actual socket user in vote is the address information.
So we've created a thread for handle, connection,
direction. God, stick up here
and that's really where it is.
which we can do by, Well, first, your reaction to give it a name
Con threat equals threading, not threat. And then we'll do con thread dot
So you see, we're passing control of the user socking user and go off.
And then, of course, all we've got to do is
and this time a while True is acceptable, since it's the actual sort of
just general running. We've got plenty of different things that we could put an exit in if we want to for clothes here or whatever.
The reason the server doesn't actually have any exit exit spots
is because it's a server just because one client dies or one client tries to shut us down. We don't want that
we can just say, you know what? We're safe. Without a close on this, we'll just leave it run
so it creates a sock in it, binds a socket, listens except
and then starts a thread using that accepted socket.
They're using that accepted client.
Now, we're just gonna walk through the logic of our program.
starts handled connection in its own thread with user sock user info,
handle connection. Receives data
either the client's going to tell it. Give me a command or we're going to sell it. Give me command.
Uh, I prefer the server does all the work in the client is nothing but sort of an interface to it.
So we will do send data
so that we received the command. Then we say, Okay, let's say it's a drive search.
So we're going to send the user file name asking for the file name,
and they're going to send back
that'll be the end of it. So we actually have to
do a little bit more work. So what A search. Dr Return.
Well, hopefully, sir, strive returns the path.
Well, actually going to first of all,
People, Sequels, native one.
Then we're going to send data
Then we're gonna go ahead and do essentially the same thing for do research.
All right, so now we've got download. So we've got our searches or now
robust. They're capable of saying, Hey, something worked. Something didn't work. Whatever.
So now we've got download, so we send them a file name
that they want to get from us,
and then we send them to file contents.
So if the file contents fail, do we have a condition where they might fail?
it's right here, So file contents has just send data.
Well, hang on a minute.
Now we look at it and we say, OK,
Okay, so we send data for file name, and then we receive data for the actual file name,
user sock, user info.
Then we attempts to send them
the file contents, which again is just a send data user saw Creed file
read file, of course, takes us. And this is what happened when youse are functions, arguments, you can kind of get into some deep nests.
Theoretically, it works. We wrote it all out, so we assume it works now because that functions done We don't have to relive through it every time.
So download is done.
They sent us a file name and again, we just make it work.
Sort of. Melissa things. Servers should be good to execute.
now we contest that as soon as we have a client, which is going to be sort of a faster
and you will actually already have the clients.
So pause for just one second as I write the basic code for that.
All right, so So quick coding later and the client is ready to go. You will have the client, of course, available to you right out of gate. You won't have to coat it because this is actually just the same code. There's some minor changes to it to make it a client's, but in general is pretty much the same code. There's no reason for you to write it twice.
So now that we've written it and I made some minor corrections for those who didn't notice if you were like me, just kind of
parents of the code not paying too much attention.
Um probably missed. This should be windy. DLL Colonel there to do close handle. Oops.
And then in our actual Dr Walker down here
in with Os, get current working director, we need to call.
now then, of course, any other areas that come up just, you know, take care of you. I trust you. So we're going to a python final server, not pi. Takes no arguments going to start running.
We're going to Python
final client dot pie
and then that one we're going to give an argument of. Well, first, all you can see what happens. You give it no argument. It's gonna say, Hey, we need a dress.
So given are you move 1 to 70 years or one that rob runs pretty ugly, but 1 to 7.0 point 0.1 That's low. Closed I p nice and easy.
And now what's command?
if we give it a bad commands, it'll just tell us it's an invalid command. Not really, Andy. So one thing that we might want to add you might want out in your own code or later iterations is an actual command list.
But we already know the command list. We're gonna shoot a little So first, the 1st 1 we're going to do is gonna be a long one
in the same dry air in the same directory that has the client has your client and server code in it. You should have a test file.
just says this is a test document. If you're reading this in a new doctor program works
nice and easy is the first thing we're gonna do is we're going to do a drive search.
You can read that All capsule a row, case
whatever Weird combo you want,
Dr Search. And it's gonna ask for a file name. We're gonna test dot t x t again. This is case sensitive, and it does require the file extensions to make sure you give both of those
And that's gonna hang out for what?
So a reminder is that this Dr search is going to go all the way through the city directory. Everything in see? It's going to look for it.
That is a slow, slow process.
And we kind of just wait for a little while.
And there it comes up.
So see users. Joe documents, Jeannie advanced test dot text is the 1st 1 I found. So that's where we run into
is already a test document from a different code,
doing much the same thing.
So we go back to our final projects and let's try that again.
Let's see if it's going to find a different one. And again
it takes a little while running. Nice thing about this is because you're running it in a python interpreter. It actually remembers the commands. You give it
pretty quick and easy. Pretty handy Drive, search
We're all awaiting Those of you interested in this sort of security worker and security work in general may check out some of the other class here inside. We're not I ti umm of course, one of them I taught, which is the post exploitation hacking. It's sort of a tool demo,
um, for a lot of the different things that you would use in the post extradition process.
Turns out, while I was talking, it finished. And now it found it in the photo we looking in that is one of the dangerous is that with this regular expression it on Lee looks for the first iteration of a file.
There are tricks associate with that ways to avoid it. But again, this is a pretty simple, basic project.
We don't want to go too far overboard, So Okay, now we know test that text exists.
And the plan will ask you for a local file name so that if you're testing on one machine, you don't just override it and you wouldn't be able to tell if it works. So you're gonna download, test that text into test one dot text and we just hit enter
test one was created.
We're going to try uploading,
and that's going to be
So now we've got three different test files, all which you can see we're properly created. So we know those functions work.
Obviously, we still want to do do research. Just make sure that works.
Sure enough, the show's immediately were test out. Texas.
So what happens if we give it
Well, first of all, I could give it about file naming the command's list. It's gonna tell us? No.
During surgery, you had a bad file name. It's a file not found.
We're not gonna do that with Dr Story because it will search for a very long time and try and find it for us.
What if we did? Ah, download
Look at that. So it says there's a breakdown here. Something didn't work that we wanted it to
and everything falls apart.
So we found an issue. We found a bug,
and this is one of those insidious bugs that's really hard to track down,
but we're gonna have a go at it.
So we know that the data went all the way here and we see that the air came up in line 60 and send data. So what called that line 82.
Read. File. File name.
that's one of the air conditions.
Problem is that we didn't actually give it
anything to do with that air condition.
Send file contents right now is a pretty empty
pretty easy to fix. That
date is now going to equal
the return from Reed file.
just killing python, there s so if if data equals negative one,
we're going to return. We're going to send find found. Otherwise, we're just going to send the data.
So we do Python final serve it up. I
by the final client not pie
and it doesn't seem to work.
so, David, who's equals negative one? We're gonna send data
Planet served up high line 85. Lyon 85 is the issue.
Okay, read file. File name.
So we're going to try and open the file. But I was not there. Then we return negative one.
If it can't read the file here,
return negative one.
So it seems the returning a good one.
Well, obviously, the easiest way to figure that out for sure is just going to be
So we're just gonna print data
and again we're gonna do our little
but the final server python pile client
So we look, it sure is negative. One prints, negative one. So what's the issue?
Data equals equals negative one. We should send a file not found.
And yet for some reason, we're not
who's to say for sure that we're not?
In reality? What's happening is that whether or not we send data file, not found or not,
we don't return. We have an issue there, so we need to return Negative one.
This is the sort of thing that you're going to get used to when you're doing testing on software,
tons and tons of quick changes and see if it works
areas. Now, I've got a print file not found,
and it doesn't work down here.
The reason for that is
Jeannie Dance Project
is that it did create the local file.
So that's a bit of a bug in the code. But if we open the local file with
new, we're gonna see us is filing a pound.
So it's still spits out the air and everything works. So now the server is
functional again, and it's saying, Hey, there's a problem.
So we're not going to get sent data that doesn't exist when I can have a breakdown on that.
uploading is sort of the clients job. So you're not gonna have to worry about that. Any bugs and that in your server, other than making sure you actually
do created which we make major of earlier.
So with that, the surface is actually done.
Now, there are some clean up things that you can do to make it a little bit prettier. Um, change what? Your commands are taking more commands, that sort of thing.
But with that, you've actually completed the server. And with the server, you've completed the final task in this class
So to sort of recap what we did in this in this server recovered sockets we cover multi is threating,
which was actually ended up being quite a bit easier than you might have expected. We cover multi threading we covered.
See types, file creation, all sorts of things.
Um, if you have any questions about this there any question about any of the class I've taught or any of those videos in this class Or if you'd like more information, please. Police police were called for you to contact me on my page on cyberia. Got I T.
if you've enjoyed this class, recommend it to your friend shared on Facebook's and emails how you communicate smoke signals. I don't judge whatever works for you. Works for us.
Just get the word out and let other people learn how to be python security professionals, just like you now are.
So congratulations on completing the course.
Thank you for taking the time to watch it. Thank you for taking the time to do these
practice exercises if you did them. Thank you for watching if you didn't
and as always, do your best to get out there and break some stuff.