File Transfer

Dangers of Transfering Attack Tools

Transferring attack tools to target machines could be dangerous.

Install Pure-FTPD

sudo apt update && sudo apt install pure-ftpd -y

It's a FTP server running on the attack machine, hosting files to be downloaded.

The Non-Interactive Shell

python -c 'import pty; pty.spawn("/bin/bash")'	# solution, run this after netcat connection to get a regular shell

Transferring Files With Windows Hosts

Windows machine don't usually have the necessary tools such as wget netcat or curl. Thus we need a method to transfer necessary tools to Windows machine.

Non-Interactive FTP Download

Windows has a pre-installed FTP client that can be used for file transfers.

Host a FTP server on the attack machine and download files from the attack machine on Windows.

Windows Downloads Using Scripting Languages

VB Script or PowerShell.

Run VB Script of PowerShell script to simulate a wget, and use the script to download files.

Use reverse shell to control target machine and create an executable.

Run the executable to download files from FTP server.

Windows Downloads with exe2hex and PowerShell

Windows Uploads Using Windows Scripting Languages

Upload files from target machine to attack machine.

Uploading Files With TFTP

sudo apt -y install atftp

Create a dir to serve files and configure its permissions.

sudo mkdir /tftp
sudo chown nobody: /tftp
sudo atftpd --daemon --port 69 /tftp

File Transfer

Dangers of Transfering Attack Tools​

Install Pure-FTPD​

The Non-Interactive Shell​

Transferring Files With Windows Hosts​

Non-Interactive FTP Download​

Windows Downloads Using Scripting Languages​

Windows Downloads with exe2hex and PowerShell​

Windows Uploads Using Windows Scripting Languages​

Uploading Files With TFTP​