SANS Penetration Testing

Pen Test Poster: "White Board" - Python - Pythonic Web Server

Board Elements_clean_Pythonic Web Server

This is such a great little tip. I use this quite frequently during my day to day operations to transfer files back and forth between systems or to colleagues. This wonderful little command will start a web server and make the contents of the folder that the command is launched from available for download. I think once you've committed it to memory you will find it useful in many situations.

Here it is:

 

python -m SimpleHTTPServer <port number>

 

Here is an example that starts a web server listening on port 9000.

 

student@573:~$ python -m SimpleHTTPServer 9000

Serving HTTP on 0.0.0.0 port 9000 ...

 

Once you've run that command any computer that can reach your host via its IP address can access port 9000 with a web browser. In this example, the command 'python -m "SimpleHTTPServer" 9000' was run from my home directory so the user can see my .bash_history and all of the other files that are in my home folder.

 

Pythonic_WebServer01

 

This functionality is very useful for allowing other computers to download files from your computer. But this little web server can also be used to quickly setup a phishing website. The script will act as a normal web server if it finds a file called index.html file in the directory where it is launched. Here is a quick example. I'll use the echo command to create a file called "index.html" in my home directory and restart the server.

 

student@573:~$ echo "<HTML><BODY>IT WORKED</BODY></HTML>" > index.html

student@573:~$ python -m SimpleHTTPServer 9000

Serving HTTP on 0.0.0.0 port 9000 ...

 

Now I'll refresh my web browser to see the newly created page.

 

Pythonic_WebServer02

 

In fact, it did work perfectly! This command will work on Linux and Windows systems that are running Python 2 as their default interpreter. Today, according to Python PEP 394 all Linux systems should have Python 2 as their default interpreter. But, Python 2 is being retired in the year 2020 and you should be looking ahead at how to perform these actions on Python 3. Here is a version of the command that will work with Python 3.

 

student@573:~$ python3 -m http.server 9000

Serving HTTP on 0.0.0.0 port 9000 ...

 

You may be wondering, "what exactly does this little command do"? The Python help tells us the "-m" option will "run a module as a script". That is true, but it may be easier for you to think of it as a shortcut that asks Python to find the specified module within its PYTHONPATH and launch it. If you know the location of that module you could in fact run it as a script and get the same result.

 

student@573:~$ python /usr/lib/python2.7/SimpleHTTPServer.py 8000

Serving HTTP on 0.0.0.0 port 8000 ...

 

OR on Python 3 you could do this.

 

student@573:~$ python3 /usr/lib/python3.5/http/server.py 8080

Serving HTTP on 0.0.0.0 port 8080 ...

 

For more tips like this and details on the inner workings of Python modules check out SEC573: Automating Information Security with Python.

 

Mark Baggett

 

Upcoming SANS Special Event - 2018 Holiday Hack Challenge

KringleCon

SANS Holiday Hack Challenge - KringleCon 2018

  • Free SANS Online Capture-the-Flag Challenge
  • Our annual gift to the entire Information Security Industry
  • Designed for novice to advanced InfoSec professionals
  • Fun for the whole family!!
  • Build and hone your skills in a fun and festive roleplaying like video game, by the makers of SANS NetWars
  • Learn more: www.kringlecon.com
  • Play previous versions from free 24/7/365: www.holidayhackchallenge.com

Player Feedback!

  • "On to level 4 of the #holidayhackchallenge. Thanks again @edskoudis / @SANSPenTest team." - @mikehodges
  • "#SANSHolidayHack Confession — I have never used python or scapy before. I got started with both today because of this game! Yay!" - @tww2b
  • "Happiness is watching my 12 yo meet @edskoudis at the end of #SANSHolidayHack quest. Now the gnomes #ProudHackerPapa" - @dnlongen
kringle_02

Post a Comment






Captcha


* Indicates a required field.