Extracting data through HTTP requests
The first script we'll being creating will use a very simple technique to extract data from the target server. There are three basic steps: run the commands on the target, transfer the output through HTTP requests to the attacker, and view the results.
Getting Ready
This recipe requires a web server that is accessible on the attacker's side in order to receive the HTTP request from the target. Luckily, Python has a really simple way to start a web server:
$ Python –m SimpleHTTPServer
This will start a HTTP web server on port 8000, serving up any files in the current directory. Any requests it receives are printed out directly to the console, making this a really quick way to grab the data and are therefore a nice addition to this script.
How to do it…
This is the script that will run various commands on the server and transfer the output through a web request:
import requests import urllib import subprocess from subprocess import PIPE, STDOUT commands =...
