search

🌐 Web Upload with HTTPS πŸš€

Securely upload files from a compromised Linux machine using a tool called uploadserver β€” a Python module that comes with a built-in file upload page! πŸ“‚πŸ”

hashtag
🐍 Step 1: Install uploadserver

We’ll use Python’s pip tool to install uploadserver locally on our box (Pwnbox in this case):

z3tssu@htb[/htb]$ sudo python3 -m pip install --user uploadserver

hashtag
πŸ“¦ You should see something like:

Collecting uploadserver
Successfully installed uploadserver-2.0.1

βœ… Boom! It's installed!

hashtag
πŸ” Step 2: Create a Self-Signed Certificate πŸ§ΎπŸ”’

We need a certificate for HTTPS. Here's how to create a quick self-signed one:

z3tssu@htb[/htb]$ openssl req -x509 -out server.pem -keyout server.pem -newkey rsa:2048 -nodes -sha256 -subj '/CN=server'

πŸ’‘ This generates a certificate and key, both saved in server.pem.

hashtag
πŸ—‚οΈ Step 3: Create a Folder for Your Web Server

Let’s keep things tidy by making a directory to serve the files from:

hashtag
πŸš€ Step 4: Launch the Web Server with HTTPS

Now, run uploadserver using your certificate on port 443 (HTTPS):

hashtag
🌍 You should see:

hashtag
πŸ“€ Step 5: Upload Files from the Target Machine πŸ’»βž‘οΈπŸŒ

From the compromised Linux machine, let’s upload two sensitive files:

⚠️ Why --insecure? Because we’re using a self-signed cert that isn't trusted by default. But it’s okay here β€” we trust it 😎.

PreviousUpload OperationsNextπŸ› οΈ Quick Web File Transfer Method

Last updated