Back in 2016 I blogged about how to do simple HTTP or HTTPS servers with python. You need to use these if you want to temporarily host files, and to investigate SSRF issues properly. There my skills sat until recently the user-agent that was making the SSRF request was actually verifying the certificate. How rude!… Continue reading Letsencrypt certificates for your python HTTP servers
A penetration tester often needs to share files with machines that they are enumerating. If you have managed to obtain a web shell, or a reverse shell, your next step is to do a little dance to praise the shell gods. After that you want to sit back down and check for information to enable further attacks.