Serving PoC Exploits with an HTTP Attack Server

Thu, Nov 14, 2019

Quickly serve your exploit files with Node.js-based http-server by http-party.

After testing several different http server scripts, this one fits my use case the best. It’s easy to deploy (no installation), activitely maintained on github, and provides live verbose logging of incoming requests. The logging is useful especially when you need to exfiltrate data from the victim.

How to deploy

On your machine/VPS, cd into the directory containing the file(s) you want to serve.

Deploy the server with npx to run the script on-demand without any installation:

npx http-server -c-1 [-p 1337]

Now your PoC file will be available at http://[your IP]:[specified port]/[filename].

Configuring firewall

By default, http-server runs on port 8080. Remember to open the ports in your firewall:

sudo ufw allow 8080

After you’re finished testing the PoC, you can close the port with:

sudo ufw status numbered
sudo ufw delete [#]