A Project in Filling out Functions

Hello and welcome to the final activity for the python for security professionals. Course I am your Smee and host Joseph Perry. And this is the final official activity for the course. When you completed this, who have completed the class, there is still some extra activities on the side. Ah, packet sniffer.

I'll be adding other

sort of extra activities over the next few weeks so that you can keep testing your skills and improving.

This is the final sort of test exam. If you want to say

practical section of the course

s O, you should have a file should look like this.

We're gonna just start right off.

So I was nice, and I want had named all of your functions for you had prepared those. So

all you're going to be doing for the course of this project is filling out these functions.

Uh,

pretty straightforward job. And then I've got this comment in the beginning that we're gonna go through now, and that's basically just gonna cover exactly what you have to do.

So the final activity for the advanced python section is a drive wide after p like tool. It's have to be like because it's only going to be designed. We're only going to worry about text files. We're not goingto

transfer J pegs executed is that sort of thing. That's possible, but it's not what we're doing.

Um, you should be able to receive multiple connections each on their own threat, and you should take several commands.

Dr. Searched their search, download, upload and close. The 1st 4 will be commands you actually send across the network and then close will be

just for your old machine there for your own

server

client. Whatever. Well, you can send it across the network for more proper tear down,

but the 1st 4 have to be sent across Pretty. It's

pretty straightforward.

So

the first thing we're gonna do with it,

this is with anything else is

framework or drop sort of the sketch of this program.

So you see that I've got ah read filer create file received at a send out a search Dr Search Directory. Send file contents received file contents, handle connection and

Maine.

You have handle connection because that's going to unnecessary. Later on, multi threat

received file contents and sent file contents obviously correspond to download, upload, download upload.

Search directories do research. Search drivers drive searched the primary distinction between Dr Search under surge door searches much faster, but much more limited. So well, it's not necessarily faster. If you were to install this program in your in the route, See, Dr, then they'll take exactly the same amount of time.

What Dr Search does is it searches from the top of the C drive all the way down,

and as soon as it finds the file, it returns.

Do research starts at whatever director you're ending goes down from there.

So this activity is going to require the use. Multi threading, see ties, regular expressions and some libraries with which are unfamiliar. Those libraries. You see, I've already imported. You're familiar with this. You're familiar with this committee with this? Not this. Well, maybe a little bit, but not much. And not really with OS, particularly

so s especially is going to be extremely handy in the search driving search directory sections.

So these 1st 4 frame worked First force or the outlines they make sense.

These next four are a bit different. So send and receive data

are going to be how we're going to send well, exactly Sound like Senate received

information there are also useful for commands.

The idea is pretty simple

if you

I want to send a command. If you want to send an uncertain length string and python, it's very difficult to do

buffers get big. You never know how much data you need to receive. And when you're sending files, you could be sending it kilobyte file or

to bite file. You never know,

so these are designed so that they can actually get the size of the data you're about to send or receive and properly receive it

with a correctly sized buffer. So we're going to We're really going to be doing with these two comment that now is

implement

a new networking protocol,

which sounds very intimidating, but it's a very, very simple networking protocol. It's actually, I would argue, the easiest part of this assignment straightforward. Create file this one, Of course, going to be done with C Types

and Read file is going to be done with C types. Well,

greatfire refile most of the stuff that's going to be done in this project you've already dealt with. You've already handled it. You've already written this code.

If you want to cheat and be a lazy person, you can just go back and scavenge code from old projects.

I'm not saying you should. I'm not saying you shouldn't. I can tell you that if you get deeply into programming that will become your favorite thing to do because it saves a lot of time. But we're going to do this from scratch so that you can see it being done.

Eso

we have our

you know, we have our functions. We have our return statement for all the functions so that we can compile or so he can run without

all the functionality actually being built. So the first thing we want to do now is

create our commands lists that we're gonna be handling.

So we're going to just call that command list,

and we're gonna run through. So Dr Searched research, download, upload clothes

who?

And I'm putting my quotes in a bit of a weird

order. We're putting in the mid a bit strangely

forgot him at the beginning. All right, so now we've got

commands. Listen, we're gonna break this out. Someone's a little neater.

That's the five commands of this contain

It is possible if you wanted to,

you know, be able to take shortened commands you could take. You could write

shorter command's list and mapped those these commands. That's totally up to you.

Um,

so you got

all these commands here. Now, what you want to start do it is implementing them in. See, There's really anything called a switch case Sable. And fortunately, we don't have that in Python, so we're gonna have to do a bunch of if statements, which is not awesome. But that's okay.

So,

command, I was gonna equal Ryan, but,

well, it's gonna be all right. But for now, in reality, what we're going to do is command's going to be

we're going to get it from across the network. So actually, we can

do command equals received data,

and we'll just give it

fake socket right now.

So then we're just gonna dorie of statement. We're gonna build our table with of commands. So if

equals equals

and one thing we're gonna do

Ah, here's we're going to actually use the upper function there. The upper method of a string

that way, when receive data returns, the string, which is gonna be What? It returns. Of course.

Um,

we get the upper case of it that way. We don't have toe check case or force the user to send us a specific case. We just deal with that ourselves.

So if command equals equals

Dr Search,

let me know we're going to

church, Dr.

And that's going to require a file name,

which we're going to get.

We'll just do it this way.

Uh, what I meant to do

this one we're not going to do upper on, because obviously not all files or upper case. So this will be case sensitive. It is possible to write this not case sensitive, which is a lot more work. Not really. Something we need to worry about right now.

So

well received data, and then she's gonna go through and do this with all of

command. Equals, equals Do research,

Search, search directory.

If command

equals download

send because we're the servers. Send file contents,

and that'll be file name, user sock, user info.

So again, we're just gonna give it,

but it's asking for. And then we're actually in to come through and do this a bit more properly. Well,

actually, we're not gonna do this and made when we're done, but that's coming up.

User suck.

So just suck.

No, no, to use herself

user info,

go through and change all these to use or suck.

So what we're doing right now, it's pretty straightforward is we're building, uh, the actual command's list in the actual command receiver. So normally, that would go in Maine, Which is why we're building in Maine right now. But we're actually going to take it out of here. We're going to put it in

this handle connection here in just a minute.

And I'll explain why although

some of you will probably understand why right out of the gate,

don't brag,

upload,

and then we are going to want to actually find out. So we're receiving data here, but we're not receiving data that has any information. So we're also going to do a sends data

qualities

with user sock

file named.

And as we go, we'll make this a little bit more robust and make things make a little more sense.

They're not necessary a little more sense, but make them a little more functional.

And the final command, obviously we're gonna take is going to be,

and we're going to do something here.

Bit exits.

Are you

our connection, handler? So again, normally, this would happen to me because it's the flow control. However, in this particular case, flow controls actually going to be done by Handel connection because each user is goingto have this and we don't want it to be locked up

for anyone.

So

control Exodus out of here.

We're gonna drop that in handle, connection,

race a little bit more sense.

Next thing we want to consider before we actually do anything with these commands is how this command process is gonna work. So if we receive one command right now, we're gonna receive the command. Then we're gonna do whatever it says that we're gonna leave. Obviously, we don't want that

so

well,

we're going to do a while,

and you could do it. True. A lot of people will do it true. I don't like doing while truce.

They don't really leave a lot of room for

proper closing.

So I like to do

continue

bull just variable. Basically saying shall I continue or should I not?

Some people call this essential value

whatever works

so continue, bull

equals false,

and we're gonna actually change that. True for its starting value.

So while continual bull brother

A ll this stuff

and then whenever you choose to close, it will just set, continue pulled a false that while Luke will exit and you're no longer taking commands

nice and easy.

There is one other thing that we want to account for is we have all the functions. They're all of the proper commands listed here,

but

well, first of all, the actual chiefs want to change all these. LF, but one of the other things we haven't really accounted for yet is what if they send us a command, That is it good?

Well, that's pretty straightforward. All we're going to do is we're going to do

and else down here at the bottom

and we're going to send data

invalid command.

So one of the nice things about

what we're doing years that were building these functions without regard to the fact we're without consideration thanked We actually don't have these variables

because we're just building a function of the time. We don't actually need those variables

we don't have to care about, um, while we're doing each function.

So now we've actually got pretty much,

at least at the prototype stage we have handle connection built.

So we're gonna work our way up. They're gonna come back down to maybe because man's gonna be kind of the trickier part, because that's what we're gonna do, some multi threading.

The next thing we're gonna do is we're going to do a received file contents. Soc File contents is

pretty straightforward. We get a file name and we got a sock a sock it.

And over that socket, we're going to receive contents of a file.

So the file name is going to be what we're going to create. And you see, we already have this create file. Well, let's create file here

so we don't have to implement Implement that in this function, which is nice. It makes it seem like we're not doing as much work. But of course we will have to do that work when we get to it. But hey, we'll cross that bridge when we come to it. So we're gonna do a create vile and again we could just do it with file name

and then

we're going to do

receive data.

User suck.

Nice and easy. Nice and straight forward.

One thing that we may want to do is

if that returned something invalid. So we'll say

negative one is going to be our air condition for the rest of this program

S O. If it returns. Negative one. If it says this, air it out, then we want to return. Then we want to actually send some data,

which will be saying

file creation failed.

So there you go. That's the received file contents. Nice and easy. Pretty straightforward.

They were gonna do send file contents. Same general idea

going to do

it will

send data.

You suck.

And

the arguing we're gonna pass. That is, when do you read file with the file name.

So

those are to download upload commands, they're pretty much done. We're going to revisit those a little bit later. Now we're gonna start digging into kind of the more difficult, more challenging ones. So do research is not something we've learned how to do before.

It's going to be one that uses this library here.

Uh,

gonna open a python interpreter over here.

Import os.

So what you want to do is in OS. There's a really fantastic, um,

method called walk

function, of course method.

Um, so we're gonna have a look at what that does.

We'll help, brother.

Okay, so

little crazy looking, but let's start at the top. So Walk has

four arguments. Top top down, which is auto set to troops on error, is none following Sequels False.

It's a tree generator. So it returns, innit? Aerator over. It returns a to pull rather

of this information here, which is Dirt path. Your name's file name.

So your path is a string. It's the path to that directory. It's the route pat specifically,

so starting at sea and then just going all the way down.

Uh, your names is a list of the subdirectories Inder path.

So whatever subdirectories exist here and file names a list of files that aren't directories

in your current director in the directory in which it's currently looking.

So it's a pretty

straightforward, pretty easy to use once you get the hang of things.

Always that walk takes

for Argument's is you mentioned Top Inder searches going to your current directory,

so we need to find a way to get our current record Well, let's see.

Let's try something along the lines of I know we're cheating a little bit since

kind of coming in. This was a priori knowledge, but, you know,

it's nice to be able to do that if you can't figure it out. If you don't know things like this, the easiest way is to just Google.

So there you go. So get current working director or get CWD returns the past your current working directory.

So let's walk top for this one. Top is going to be

os dot Get

CW deep

nice and easy.

No, start you on. It's gonna take his top down.

If the optional argument top down is true, we're not specified. The triple for the directory is generated before tripling any of its subdirectories. If it's false, it triples the directory after generates triples. For all the subdirectories,

top down is faster if you're looking for a specific file

for the obvious reason that if a file exists in your current directory

and you have to wait until you've gone through every single directory to actually start looking at the files,

that's gonna be slow.

So we generally want to leave top down it's true

military a very specific reason not to do

next. One is going to be on error.

So by default errors or ignored if you run into, uh,

permissions, aRer filed an existing somewhere, it just gets ignored. The reason for that is pretty straightforward. They're going to be Tom's of files. If you search from the C drive, we're going to be tons of files that you're not able to actually use.

Uh, that permissions, whatever.

And most of those areas aren't really handy. So on error generally equals none, because there's nothing you necessarily need to do. And we can revisit that if we find that there's actually some problem.

But for now, we can go with a safe non, and then the last one follow links is that's what it sounds like.

Follow links follow symbolic links on subdirectories. The danger of this is it says you're a caution

if you have Ah, subdirectory.

Um, actually, that's not the caution that I wanted, you see. So if you have a subdirectory that has a symbolic link to a directory above itself,

then you're going to hit an infinite loop. Knows Walk will never return it all go Terrible. So you generally don't want to follow links, So that's also gonna be false. So nice and easy. Most of these arguments are pre built for us. We can actually just not even put these in. If we want, we could just say, Oh, it's well, get current working directory.

Now, we mentioned us. Walk returns a triple. Ah, triple triple specifically or a three to pull.

So you don't have to say triple triple, which is kinda hard to say. So we're going to need to return all those values. So the first thing is going to return his dirt path. So we're gonna call that route because,

hey, I'm used to Lenox. Uh, your names will call that nurse,

and then file names will call that files

nice and easy, and then we're going to look in files. So this we're gonna bust out some ari

ari dot Compile. Luckily, this is actually super easy Ari to do ari dot compile file name

and I was going to do

of ari ob dje so that we have it actually returned somewhere.

So it's going to return a file name.

Um,

and they were going to search through

I n vials.

If I

We're gonna call this file name.

No, actually, we've already got a final name. That'll just get confusing.

If

Ari that search

and pattern is going to be our e o b j

string is going to be I and the flags,

we're going to return that file because that means we found it.

And super handy. It actually over here.

Screw that up to the tops of my highlighting. Doesn't work in python dopers.

Ah,

if you want to get the dirt path with the name combined in one handy string, all you have to do is OS path join.

So we're gonna do it o s dot path, not join

dirt path dot Nate, order path name. So that would just be route

file. Uh, root. I rather

and that's going to return the entire path to name.

Uh,

if we go through all of the files, we don't get anything that we're going to turn negative one, which is, remember, is our default air condition.

So that's searching The directory, um,

seems pretty easy, and we'll see if it runs in the errors in a little while. But for now, that's searching the directory.

This one searching the drive

is

pretty much the same. Except that its again a lot slower. So for this one, we're going to do root

yours files

equals O s dot walk O s. This is going to be C and double backslash, so we don't escape.

And then we're going to do the same thing with regular expressions, ari dot Compile

file

name

and then we're going to do for I and files

if you are in a search.

Sorry. Kobi Jane.

Hi.

Return

os dot path, not join roots.

Ah,

If that fails, return negative one.

So they're searching the directory and searching the drive quick and dirty, quick and easy. We use OS walk to travel through and find whatever and find all of the files.

And then when it finally returns, we go through and we compile,

uh, regular expression

and we track all of these eyes

and we hunt.

But there's actually a bit of a faster way to do this, and it's it's kind of a tricky one for that A lot of people wouldn't think of,

So they're a bunch of different ways we can do this, but again, we're getting generators back.

So what we actually want to d'oh

is do a second for Luke

for Rutgers files in OS Walk.

We're going to do that.

So what that's going to do is, rather than wait until it's all finished and, you know, have tons and tons of data to look through, which would take some more editing in and of itself, we're going to look through on every single return from O s walk. It's a lot faster to do it this way, and it's

relatively neat looking code.

There you go.

So the next we're going to do is dealing with the sending and receiving of data.

So sending data

is not exactly a Z Z is just doing sock dot Send

the reason for that.

The reason it's not quite that easy is because again, we don't know how much data were sending. So we're gonna send, we know. How much did it were sending? We don't really care how much it was ending, but the other side doesn't know how much state it's gonna receive so it could receive the wrong amount. Too much too little. It could wipe out the, you know, could receive commands later in the buffer could do all sorts of things.

So we're going to do to avoid that is we're going to get the length of the data and we're going to tell our far side

how much data to get.

We're going to do that First of all by

data, land equals leading data,

and we're going to do instruct

struck that pack.

And if you remember all the way back then

going to send in an imager

we're going to do,

we're just gonna put

data, Len

there,

actresses for sending this data. We can kind of cheat a little bit and just do socked out. Send

So what this is actually going to do for us and it's really, really handing is going to send the length of the data immediately followed by the data itself.

And this is the entire networking protocol that we just created. It's a very, very simple one. But it's one that makes python now a viable your regular link

language for network communications.

So when we received it, we now know what sending data looks like. So when you receive data, we just basically do the opposite.

We say data, Len,

we're gonna come in there because instruct is actually gonna unpack it to pull. Ah, Struck's

equal struck's

dot Unpack

socket. I perceive

four

because we know that an imager is going to be four

socket received four

and

and then data.

And then we can actually just

cheat a little bit

and just return

socked out. Received

data, Len.

So this is exactly what it looks like. We're just gonna get the exact thing that we packed a minute ago. We're going to unpack it into data, Len, and they were just gonna receive that amount.

That's an easy.

And then we get to create violent I create. Viable again is where we're gonna start using C types. Says where we're gonna implement some windows. A p I stuff,

um, stuff you're familiar with. If you did the other course are the other videos of this course.

First thing we need to do,

in any case, we're handling file, especially when we're actually creating violence.

Well, it sounds like create the file, so we know it's going to be windy, yellow

dot Colonel 32. And we know this because I did the slides, right? Hopefully

ah, Colonel 30 to create file A

and we know the first arguing to create Via Lay. Well, we might know the first argument create finally can independently are is

file name

and the rest of arguments. We're going to cheat, and we're gonna get off the Internet

and get it. We're here. Internet.

Here we are.

So

stick that over here for a minute.

The first few minutes file name is we mentioned. Second arguments going to be the desired access way. Obviously want all access,

which we remember is being zero x 1000000

Nice. We're gonna do share mode. We don't really want to share

sharing this for

late people. I guess.

So we're gonna do zero.

I'm not great. Come. I'm not great at insults. I admit it. So, yeah, uh, sharing is gonna be zero security attributes. This could be no, which is awesome because we love when it's no. Lola. 00 is easy.

And the creation disposition for creating a file we're going to do create always

another is a danger in this.

If we do create, if we caught this on a filing that already exists, we're gonna wipe that pile out.

Pardon me? We're gonna wipe that viol out. So it is optional. It's totally up to you if you want to do open always. Which means if I already exists, gonna open it just to upend.

I like to live life on the edge, so we're gonna create always. But again, it's up to you how you want to do it.

Flies and attributes obviously want to file a tribute Normal, which we read here is being zero x 80

I am

to do do do do do do

template file, which is again zero.

All right, so there's a created file.

And if we remember, we need a file handle

because that's what this returns which you see right here.

Turns out he's an open handle.

If it fails, the return value is invalid. Handle,

which I think has hidden somewhere is negative one.

Yep, native one.

So we can

file handle

because evil native one

return

negative one, which we soak immediately. Said as our error message

s So we've created a file now. We already received the data when this function is called. So we're next of course, going to write the file

first, we're gonna give the right file niceties. He's going to be the handle that we created just a minute ago, which is file handle. Next. Are you were going to give It is going to be a buffer

that buffers we see here, excavating the data to be written.

That's going to be data

number of bites, too, right?

Just going to eat.

Leading data

number by its written, if we remember, is an out that we have to have a pointer for

So we could do

data written.

You will see it zero

and was going to pass that by reference.

And then l p overlapped we're not going to worry about

after we write. And of course, we want to make sure we can check the return value. It functions seeds. It's non zero. If it fails, it returned zero.

So

we can do

mul success

that if

rule success

you zero

we returned

negative one because no matter what kind of error messages other people use,

uh, or no matter what kind of error messages your other functions use a function you call use. You want all of your error returns to be consistent within your own program. So anytime you have something that could return an error, make sure that you're returning the same,

uh,

sort of standard error. Or you can return specific error codes. However you do it, you just need to be consistent.

That's creating a file. So we see we create a file, we write a pile. Next thing for us that we need to do

is

so

I shall do that here.

Windy l l doubt Colonel 32

that close handle

because we never want to leave a handle open because that could be very bad.

Run out of resources,

which is not super likely to happen, but resource leaks are bad and we don't want resource leaks, so we'll be good. We'll get rid of it.

That's create piled up,

creates the vial with create, always disposition, and then it

rates the data.

This is going to read file, which is gonna be

almost exactly the same. Just instead of right file, we're gonna read file

and the creation disposition obviously will be a little bit different.

But otherwise it's pretty much the same function.

In order to create

file a

file name

directs 1000000 Jo Jo.

And for this one, we're gonna want to go ahead and do it.

We're gonna do open, always open existing. That'll be a three. You don't want to send them an empty file. So if they send us a file name that we don't have,

we're going to return in there. We're gonna say, Hey, that file doesn't exist.

So

and then

zero x 80

pilot Cherie, it's normal and zero

again, if I'll handle equals Negative one.

So this is the unfortunate fact of programming in general. Is that

a lot of the time, the code, your writing is that the super exciting code? It's just sort of

slugging through all the potential errors and problems and doing the boring stuff.

But the end result tends to be pretty awesome and worth the time.

So we're gonna do a re file.

So the reed file arguments are going to be similar to write follow, but not exactly the same.

So again it will be windy. L l Colonel 32

Colonel 32.

Read File

Handle

LP buffer LP Buffer, if you remember, is the pointer to buffer that receives the data

which we have to do a little bit of magic to create.

We'll call it data, since that seems to be a pretty consistent

variable named Terry. Oh, sorry. Blanked on my own

language. There

s so we'll call it data. And then we just have to

create a string buffer

which is create

string buffer,

and then the size that we want to put on that we can go ahead and say 40 96. It's larger than that. It's too large.

So read file, and then we're going to that's appointed to the buffet. So we're going to buy ref

data

D word. Number of bites to read. We know it will be 40 96 at most.

We need a pointer. Don't. Number of bites Red

Data red.

That's what I wanted to do.

You'll see int zero.

And then, of course, we by raft

data red

and then zero for l b overlapped.

And we see that this is a bull. If it succeeds,

turns non zero. If it fails, returned zero.

So bull

success.

Now, the return on this one's gonna be a little bit different since, rather than returning data in general, we're actually going to do a return of data dot value.

So we're just returning the actual text makes a little bit easier for python to Parsons.

So I've got actually, most of the sort of the code for the server is written. Now,

the final step for the server is going to be actually multi threading it.

I'm kind of going back and cleaning some stuff up later, but for now, it'll mostly be multi threading.

So

what do we do for multi threading?

Well, first thing, obviously, is going to be threatening

which, and we're gonna go ahead and close this up for a minute.

We can import are threating library,

and we're going to need to do threatening got thread. So let's go ahead and bring up helping help on that since

been a minute.

So we see group target name arguments, keyword arguments for boasts.

So

target we remember to be a function group. We want to leave his none.

So before you did

threading that thread,

none

target what we need to figure out a way to target.

Well, we know what the targets actually gonna be. We know it's going to be handled connection. We know, and we're going to handle the connection whenever we receive one.

That's not no one that should be done there.

So handle

connection,

and then it needs a name which again is going to be

done.

And he needs arguments. So the arguments that handle connection needs will be user socking user info,

uh, cured arguments none, and then verbose. None. So we could just

close it out there.

So that's the thread being created. But now we actually need

well, the cause of the threat,

because the threat is going to be receiving a connection. So

you gotta make some sockets

server sock.

He's going to eagle socket, not socket

socket that f i net

socket dot

Suck,

suck strange. It's gonna be obviously a TCP server.

We're gonna do a service sock

dot bind You could do in a report you like.

I'm going to go ahead but mine

on 55555 on the local office. Of course,

we're going to do server sock.

Listen,

and we give it eight

server sock dot except

and that's where we're going to get user sock

and user info. User sock is the actual socket user in vote is the address information.

So we've created a thread for handle, connection,

direction. God, stick up here

and that's really where it is.

And we're going to

start that thread,

which we can do by, Well, first, your reaction to give it a name

so we'll do.

Con threat equals threading, not threat. And then we'll do con thread dot

started

and now threads up.

So you see, we're passing control of the user socking user and go off.

And then, of course, all we've got to do is

while true,

and this time a while True is acceptable, since it's the actual sort of

just general running. We've got plenty of different things that we could put an exit in if we want to for clothes here or whatever.

The reason the server doesn't actually have any exit exit spots

is because it's a server just because one client dies or one client tries to shut us down. We don't want that

so

we can just say, you know what? We're safe. Without a close on this, we'll just leave it run

so it creates a sock in it, binds a socket, listens except

and then starts a thread using that accepted socket.

They're using that accepted client.

Now, we're just gonna walk through the logic of our program.

So

starts handled connection in its own thread with user sock user info,

handle connection. Receives data

from the client.

Uh,

obviously,

either the client's going to tell it. Give me a command or we're going to sell it. Give me command.

Uh, I prefer the server does all the work in the client is nothing but sort of an interface to it.

So we will do send data

and the user sock

command

so that we received the command. Then we say, Okay, let's say it's a drive search.

So we're going to send the user file name asking for the file name,

and they're going to send back

hopefully

the file name,

and

that'll be the end of it. So we actually have to

do a little bit more work. So what A search. Dr Return.

Well, hopefully, sir, strive returns the path.

So if search Dr.

Well, actually going to first of all,

uh,

search results

variable

if search results.

People, Sequels, native one.

Then we're going to send data

on user sock

file, not found

else.

But it's something.

Then we're gonna go ahead and do essentially the same thing for do research.

All right, so now we've got download. So we've got our searches or now

robust. They're capable of saying, Hey, something worked. Something didn't work. Whatever.

So now we've got download, so we send them a file name

that they want to get from us,

and then we send them to file contents.

So if the file contents fail, do we have a condition where they might fail?

Well,

it's right here, So file contents has just send data.

Well, hang on a minute.

Now we look at it and we say, OK,

we send data.

Okay, so we send data for file name, and then we receive data for the actual file name,

user sock, user info.

Then we attempts to send them

the file contents, which again is just a send data user saw Creed file

read file, of course, takes us. And this is what happened when youse are functions, arguments, you can kind of get into some deep nests.

Read file. We have.

Theoretically, it works. We wrote it all out, so we assume it works now because that functions done We don't have to relive through it every time.

So download is done.

Upload.

They sent us a file name and again, we just make it work.

Sort of. Melissa things. Servers should be good to execute.

Well,

now we contest that as soon as we have a client, which is going to be sort of a faster

But if code

create a new

and you will actually already have the clients.

So pause for just one second as I write the basic code for that.

All right, so So quick coding later and the client is ready to go. You will have the client, of course, available to you right out of gate. You won't have to coat it because this is actually just the same code. There's some minor changes to it to make it a client's, but in general is pretty much the same code. There's no reason for you to write it twice.

So now that we've written it and I made some minor corrections for those who didn't notice if you were like me, just kind of

parents of the code not paying too much attention.

Um probably missed. This should be windy. DLL Colonel there to do close handle. Oops.

And then in our actual Dr Walker down here

in with Os, get current working director, we need to call.

So all right,

now then, of course, any other areas that come up just, you know, take care of you. I trust you. So we're going to a python final server, not pi. Takes no arguments going to start running.

We're going to Python

final client dot pie

and then that one we're going to give an argument of. Well, first, all you can see what happens. You give it no argument. It's gonna say, Hey, we need a dress.

So given are you move 1 to 70 years or one that rob runs pretty ugly, but 1 to 7.0 point 0.1 That's low. Closed I p nice and easy.

And now what's command?

So

if we give it a bad commands, it'll just tell us it's an invalid command. Not really, Andy. So one thing that we might want to add you might want out in your own code or later iterations is an actual command list.

But we already know the command list. We're gonna shoot a little So first, the 1st 1 we're going to do is gonna be a long one

in the same dry air in the same directory that has the client has your client and server code in it. You should have a test file.

The test file

just says this is a test document. If you're reading this in a new doctor program works

nice and easy is the first thing we're gonna do is we're going to do a drive search.

You can read that All capsule a row, case

whatever Weird combo you want,

Dr Search. And it's gonna ask for a file name. We're gonna test dot t x t again. This is case sensitive, and it does require the file extensions to make sure you give both of those

stop t x t.

And that's gonna hang out for what?

So a reminder is that this Dr search is going to go all the way through the city directory. Everything in see? It's going to look for it.

That is a slow, slow process.

And we kind of just wait for a little while.

And there it comes up.

So see users. Joe documents, Jeannie advanced test dot text is the 1st 1 I found. So that's where we run into

is already a test document from a different code,

doing much the same thing.

So we go back to our final projects and let's try that again.

Let's see if it's going to find a different one. And again

it takes a little while running. Nice thing about this is because you're running it in a python interpreter. It actually remembers the commands. You give it

pretty quick and easy. Pretty handy Drive, search

file name,

test, that text

thing

and we wait.

We're all awaiting Those of you interested in this sort of security worker and security work in general may check out some of the other class here inside. We're not I ti umm of course, one of them I taught, which is the post exploitation hacking. It's sort of a tool demo,

um, for a lot of the different things that you would use in the post extradition process.

Turns out, while I was talking, it finished. And now it found it in the photo we looking in that is one of the dangerous is that with this regular expression it on Lee looks for the first iteration of a file.

There are tricks associate with that ways to avoid it. But again, this is a pretty simple, basic project.

We don't want to go too far overboard, So Okay, now we know test that text exists.

So let's try

downloading it.

And the plan will ask you for a local file name so that if you're testing on one machine, you don't just override it and you wouldn't be able to tell if it works. So you're gonna download, test that text into test one dot text and we just hit enter

and look at that

test one was created.

We're going to try uploading,

and that's going to be

test one. Got text

into tests,

two

got text,

and there you go.

So now we've got three different test files, all which you can see we're properly created. So we know those functions work.

Obviously, we still want to do do research. Just make sure that works.

Sure enough, the show's immediately were test out. Texas.

So what happens if we give it

a bad file name?

Well, first of all, I could give it about file naming the command's list. It's gonna tell us? No.

During surgery, you had a bad file name. It's a file not found.

We're not gonna do that with Dr Story because it will search for a very long time and try and find it for us.

What if we did? Ah, download

on a bad file name?

Look at that. So it says there's a breakdown here. Something didn't work that we wanted it to

and everything falls apart.

So we found an issue. We found a bug,

and this is one of those insidious bugs that's really hard to track down,

but we're gonna have a go at it.

So we know that the data went all the way here and we see that the air came up in line 60 and send data. So what called that line 82.

Send file contents.

Is this right Here?

Read. File. File name.

There's no data.

Ah, well,

that's one of the air conditions.

Problem is that we didn't actually give it

anything to do with that air condition.

Send file contents right now is a pretty empty

function.

So

pretty easy to fix. That

date is now going to equal

the return from Reed file.

If data

data

people see

just killing python, there s so if if data equals negative one,

we're going to return. We're going to send find found. Otherwise, we're just going to send the data.

So we do Python final serve it up. I

by the final client not pie

command

download,

and it doesn't seem to work.

Well, why is that

so, David, who's equals negative one? We're gonna send data

that seems right.

Planet served up high line 85. Lyon 85 is the issue.

Okay, read file. File name.

So we're going to try and open the file. But I was not there. Then we return negative one.

If it can't read the file here,

return negative one.

So it seems the returning a good one.

Well, obviously, the easiest way to figure that out for sure is just going to be

to print what

that returns.

So we're just gonna print data

and again we're gonna do our little

Tess killed.

I am python dot xy

f

handy trick,

but the final server python pile client

download.

Right.

So we look, it sure is negative. One prints, negative one. So what's the issue?

Data equals equals negative one. We should send a file not found.

And yet for some reason, we're not

interesting problem.

Ah, well,

who's to say for sure that we're not?

In reality? What's happening is that whether or not we send data file, not found or not,

we don't return. We have an issue there, so we need to return Negative one.

This is the sort of thing that you're going to get used to when you're doing testing on software,

tons and tons of quick changes and see if it works

areas. Now, I've got a print file not found,

and it doesn't work down here.

The reason for that is

wrong

folder there,

Jeannie Dance Project

is that it did create the local file.

So that's a bit of a bug in the code. But if we open the local file with

anything

new, we're gonna see us is filing a pound.

So it's still spits out the air and everything works. So now the server is

functional again, and it's saying, Hey, there's a problem.

Awesome.

So we're not going to get sent data that doesn't exist when I can have a breakdown on that.

Obviously, we know,

uploading is sort of the clients job. So you're not gonna have to worry about that. Any bugs and that in your server, other than making sure you actually

do created which we make major of earlier.

So with that, the surface is actually done.

Now, there are some clean up things that you can do to make it a little bit prettier. Um, change what? Your commands are taking more commands, that sort of thing.

But with that, you've actually completed the server. And with the server, you've completed the final task in this class

on the final

primary task.

So to sort of recap what we did in this in this server recovered sockets we cover multi is threating,

which was actually ended up being quite a bit easier than you might have expected. We cover multi threading we covered.

See types, file creation, all sorts of things.

Um, if you have any questions about this there any question about any of the class I've taught or any of those videos in this class Or if you'd like more information, please. Police police were called for you to contact me on my page on cyberia. Got I T.

Uh,

if you've enjoyed this class, recommend it to your friend shared on Facebook's and emails how you communicate smoke signals. I don't judge whatever works for you. Works for us.

Just get the word out and let other people learn how to be python security professionals, just like you now are.

So congratulations on completing the course.

Thank you for taking the time to watch it. Thank you for taking the time to do these

practice exercises if you did them. Thank you for watching if you didn't

and as always, do your best to get out there and break some stuff.