During a pen-test engagement, we are all guilty of using this one-liner command python -m SimpleHTTPServer 80 to host and share our files. At a glance, this method seems efficient, as we are able to serve our content easily to other host with one line of code. However, you are actually transferring the content in clear text.
So anyone (especially from Security Operation Centre) could sniff the network traffic and read your content easily. This lowers your pen-testing effectiveness, as your every action can be monitored.
To demonstrate this, I will use wire-shark to monitor the network traffic.
Client retrieving a HTTP file from the Kali machine.
By monitoring the network traffic with wireshark, we are able to see the transferred content in clear text.
So if your pen-test engagement requires you to deploy certain public exploits, it will be flagged by Intrusion Detection System (IDS) easily due to its prominent signature. This gives your client a false sense of security that their IDS engine is effective in detecting malware.
To enhance your pen-test engagement, use a HTTPS server to host your files instead, which uses the Secure Socket Layer (SSL) protocol to encrypt your communication channel.
To setup, you will need to generate a self-signed certificate and do some socket programming. This may sound daunting but I have created a python script to automate this for you :)
Steps to deploy HTTPS server
- Change directory to your web folder (cd)
- Change to root (sudo su)
- Copy and paste one-liner command:
wget https://gist.githubusercontent.com/ohyicong/789662fc9c677b9dd30c8c5bad8bfa8c/raw/ad8c3a7b0e9d9fcea974ce35f076776e661b5d22/SimpleHTTPSServer.py -O SimpleHTTPSServer.py && python3 SimpleHTTPSServer.py 443
So with this one-liner command, you are able to serve your content securely. Let’s use wire shark to monitor the HTTPS traffic.
Conclusion
It is funny how a simple trick can be so hard to find on the internet. Nevertheless, I hope that this helps in your pen-testing journey. Cheers :)
