From 2dcdca24328da19e6e30a97e273aebbc3b63e8c1 Mon Sep 17 00:00:00 2001
From: infinition <37984399+infinition@users.noreply.github.com>
Date: Sat, 6 Jul 2024 01:27:01 +0200
Subject: [PATCH] Created steal_files_ssh.py (markdown)

---
 steal_files_ssh.py.md | 142 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 142 insertions(+)
 create mode 100644 steal_files_ssh.py.md

diff --git a/steal_files_ssh.py.md b/steal_files_ssh.py.md
new file mode 100644
index 0000000..f36b720
--- /dev/null
+++ b/steal_files_ssh.py.md
@@ -0,0 +1,142 @@
+# Steal Files SSH steal_files_ssh.py
+
+This document provides a detailed step-by-step explanation of how the `steal_files_ssh.py` script operates. This script connects to remote SSH servers using provided credentials, searches for specific files, and downloads them to a local directory.
+
+## Overview
+
+### Description
+- **Filename**: `steal_files_ssh.py`
+- **Purpose**: To connect to remote SSH servers using provided credentials, search for specific files, and download them to a local directory.
+
+## Initialization and Setup
+
+### Importing Modules
+The script imports the following modules:
+
+- **Standard Libraries**:
+  - `os`
+  - `paramiko`
+  - `logging`
+  - `time`
+  - `threading.Timer`
+  
+- **External Libraries**:
+  - `rich.console`
+  
+- **Custom Modules**:
+  - `SharedData`
+  - `Logger`
+
+### Configuring the Logger
+The logger is configured to log messages for `steal_files_ssh.py` at the DEBUG level, ensuring detailed logging of events and errors.
+
+### Defining Global Variables
+Global variables are defined to provide metadata about the class and module, including:
+- `b_class = "StealFilesSSH"`
+- `b_module = "steal_files_ssh"`
+- `b_status = "steal_files_ssh"`
+- `b_parent = "SSHBruteforce"`
+- `b_port = 22`
+
+## `StealFilesSSH` Class
+
+### Purpose
+The `StealFilesSSH` class manages the process of connecting to SSH servers, searching for specific files, and downloading them.
+
+### Initialization
+- **Attributes**: Initializes shared data and sets up the state for SSH and SFTP connections.
+- **Logger**: Logs the initialization process.
+
+### Methods
+
+#### `connect_ssh(ip, username, password)`
+- **Purpose**: Establishes an SSH connection to the specified IP using the provided username and password.
+- **Logging**: Logs the connection attempt and outcome.
+- **Returns**: An SSH client object if the connection is successful.
+
+#### `find_files(ssh, dir_path)`
+- **Purpose**: Searches for files in the specified directory on the remote server based on configuration criteria (file extensions and names).
+- **Logging**: Logs the number of matching files found.
+- **Returns**: A list of matching file paths.
+
+#### `steal_file(ssh, remote_file, local_dir)`
+- **Purpose**: Downloads a specified file from the remote server to a local directory.
+- **Logging**: Logs the download process and outcome.
+
+#### `execute(ip, port, row, status_key)`
+- **Purpose**: Orchestrates the file-stealing process by connecting to the remote server, searching for files, and downloading them.
+- **Logging**: Logs the overall process, including connection attempts, file searches, and downloads.
+- **Returns**: A status string indicating success or failure.
+
+## Detailed Execution Flow
+
+### Step 1: Initialization
+- The `StealFilesSSH` class is initialized with shared data, setting up necessary attributes and logging the initialization.
+
+### Step 2: Establish SSH Connection
+- The `connect_ssh` method attempts to establish an SSH connection using provided credentials.
+- Successful connections are logged, and an SSH client object is returned.
+
+### Step 3: Search for Files
+- The `find_files` method searches for specific files in a given directory on the remote server.
+- Files that match the configured criteria are logged and returned as a list of file paths.
+
+### Step 4: Download Files
+- The `steal_file` method downloads each identified file from the remote server to a local directory.
+- The download process and outcome are logged.
+
+### Step 5: Execute File Stealing
+- The `execute` method orchestrates the overall process, handling connection attempts, file searches, and downloads.
+- Credentials are retrieved from a pre-configured file, and each credential is tried sequentially.
+- A timeout mechanism ensures that the process does not hang indefinitely if an SFTP connection is not established.
+
+## Variables and Configuration
+
+### Target Files and Directories
+
+#### `self.shared_data.steal_file_extensions`
+- **Purpose**: Specifies the file extensions to look for when searching for files on the remote server.
+- **Type**: List of strings.
+- **Example**: `['.txt', '.log', '.conf']`
+
+#### `self.shared_data.steal_file_names`
+- **Purpose**: Specifies the file names (or parts of file names) to look for when searching for files on the remote server.
+- **Type**: List of strings.
+- **Example**: `['important', 'secret', 'config']`
+
+#### `self.shared_data.sshfile`
+- **Purpose**: The file that contains the SSH credentials (username and password) cracked from previous brute force attacks.
+- **Type**: String (file path).
+- **Example**: `'/path/to/sshfile.csv'`
+
+#### `self.shared_data.datastolendir`
+- **Purpose**: The directory where the stolen files will be saved locally.
+- **Type**: String (directory path).
+- **Example**: `'/path/to/datastolendir/'`
+
+### Example Configuration
+
+```python
+self.shared_data.steal_file_extensions = ['.txt', '.log', '.conf']
+self.shared_data.steal_file_names = ['important', 'secret', 'config']
+self.shared_data.sshfile = '/path/to/sshfile.csv'
+self.shared_data.datastolendir = '/path/to/datastolendir/'
+```
+
+## Integration with Orchestrator
+
+### Parent-Child Relationship
+The `StealFilesSSH` class is a child of the `SSHBruteforce` class in the orchestrator's workflow. This means that the file-stealing process is initiated only after the successful execution of the brute force attack managed by `SSHBruteforce`.
+
+### Method Call
+The `StealFilesSSH` class is called by the orchestrator via its `execute` method. The process involves:
+1. **Receiving Target Details**: The orchestrator provides IP, port, and credential details to the `StealFilesSSH` class.
+2. **Performing File Stealing**: The `execute` method connects to the remote server, searches for files, and downloads them.
+3. **Updating Orchestrator**: The status (success or failure) is returned to the orchestrator for further action.
+
+### Example Workflow
+1. **Initialization**: The orchestrator initializes the `StealFilesSSH` class.
+2. **Execution**: For each target IP and port, the orchestrator calls the `execute` method of `StealFilesSSH`.
+3. **Logging and Status Update**: The `StealFilesSSH` class logs each step and updates the status based on the outcome of the file-stealing process.
+
+By following these detailed steps, the `steal_files_ssh.py` script connects to SSH servers, searches for specified files, and downloads them to a local directory. It integrates seamlessly with the orchestrator for coordinated security operations, ensuring that file-stealing actions are performed only after successful brute force attacks.
\ No newline at end of file