Serving Your Files

All the ways to host your files during an engagement.

Overview

So we need to get files from A to B. A being our computer, and B being whatever target we need. The most common way to do so is some file hosting using HTTP. However, there are other protocols like SMB we can take advantage of. Hosting on any port will “clog” that port. Remember this for when you are hosting your files on port 80 and also trying to get a reverse shell on that same port. The order of methods you can use host files are listed from my most popular to least.

HTTP

Overview

The fastest way to get up and running is to use the Python3 HTTP server. This does not have to run on port 80, in fact, if you do not include a port number it will default to 8000.

python3 -m http.server 80

Here we call a Python 3.X web server in the directory that you ran the command. Change the port number from 80 to any port you desire. If you change the port number from port 80, remember when fetching your files you will have to call it with http://192.168.1.1:8000 instead of just http://192.168.1.1. Port 80 is the default for HTTP, so in the previous example, http://192.168.1.1:80 will produce the same result. We can also use Python2 if we need to, however, I have never encountered a real use for this.

python2 -m SimpleHTTPServer 80

Again, the same rules of changing the port number apply here as well.

Tips

Unlike your VPN configuration, if you pause your VM and power it back on again, the Python HTTP server will still be intact in whatever directory you ran the command. For this reason, I set up a page specifically to run my web server, so I never have to turn it on when I need it. Additionally, I have also created a 'transfers' directory in which I run my server, where I keep commonly transferred programs and scripts like netcat and web shells.

SMB

Overview

If I find myself in a situation where I will be regularly transferring files, and my shell does not have an easy upload/download function, I will spin up an SMB server. There have also been a few times when a Python HTTP server is not behaving and SMB side steps the issue. An SMB Server is not my immediate go to as it requires setting up authentication. You can go the unauthenticated route, but especially on Windows machines you run into errors.

smbserver.py share . -smb2support -username $username -password $password

First, we start the SMB server using smbserver.py, which is from the impacket set of tools. The option share is whatever name we want or SMB share to be. You can change this to whatever you would like, just make sure to reflect it in commands to come. Next, . selects the directory we are currently in as the host for serving files. Change this as well if you need to select a different directory. -smb2support adds much needed compatibility. The -username and -password options both allow you to set what password and username to have access to this share. I highly recommend not running this SMB server anonymously as it can cause issues. Simply enter your desired username and password in the $username and$password fields, respectively.

FTP

Overview

In the same way we create the HTTP Python server, we can also create an FTP server. This specific module does not come preinstalled on Kali Linux, but you can download it with:

apt-get install python-pyftpdlib

By default, this will launch on port 2121, or, the default port of FTP twice. This is reminiscent of how a lot of SSH instances are hosted on port 2222.

python3 -m pyftpdlib -p 21 -w

We use Python3 to launch pyftpdlib (install instructions in Overview). Use the -p 21 flag to select which port you want to host FTP on. By default, pyftpdlib will host it on port 2121. This will launch the FTP in anonymous mode, where any user can log in with the credentials anonymous:anonymous. Additionally, the -w flag allows the anonymous user to write files as opposed to just read.

PreviousTransferring FilesNextTransferring Files To Linux

Last updated