Author: xax007 @ know Chuangyu 404 scanv security service team author's blog: https://xax007.github.io/
In the red team penetration test, it is often necessary to maximize the use of the current environment to bypass the system's firewall, IDS, IPS and other alarm and monitoring systems for file transmission. This paper lists a variety of methods for file transmission using the default tools of the operating system.
Build HTTP server
Python
Python2:
The above command will start the HTTP service in the current directory, with port 1337
Python3:
The above command will start the HTTP service in the current directory, with port 1337
PHP 5.4+
When the PHP version is greater than 5.4, you can use PHP to start the HTTP service in the current directory, with port 1337
Ruby
The following command will start the HTTP service in the current directory, with port 1337
Ruby 1.9.2+
Perl
Thanks to: http://stackoverflow.com/questions/8058793/single-line-python-webserver
busybox httpd
From LVM
Download files from HTTP server
Here are several ways to download files from HTTP server using the system's own tools under windows and Linux systems
Windows
PowerShell
Download and execute:
Certutil
Download and execute:
Bitsadmin
Download and execute:
Bitsadmin is slow to download
Regsvr32
Linux
Curl
Wget
Awk
When downloading files using awk, start an HTTP server with any of the commands listed above
Effect:
Setup HTTP PUT server
Here are some ways to upload files to HTTP server
Using nginx to build HTTP put server
Using Python to build HTTP put server
The following code is saved to httputserver.py file:
HTTPutServer.py
Operation method:
Upload files to HTTP put server
Linux
Curl
Wget
Windows
Powershell
File transfer using bash / dev / TCP
First you need to listen to the port
File receiver:
File sender:
File transfer using SMB protocol
Build a simple SMB server
To build a simple SMB server, you need to use the smbserver.py file of the impacket project
smbserver.py
Impacket is installed in Kali Linux system by default
Impacket
syntax: impacker-smbserver ShareName SharePath
impacker-smbserver ShareName SharePath
Effect:
Download files from SMB server
Upload files to SMB server
File transfer using whois command
/etc/passwd
Host A
Host B
Receiver host B:
Sender host a:
Effect:
Using ping command for file transfer
Secret.txt
Sender
Reciver
Sending end:
Receiver:
The following code is saved to ping_receiver.py
ping_receiver.py
Execution method:
Effect
Using the dig command for file transfer
/etc/passwd
Sender
Reciver
Sending end:
Receiver:
The following code uses Python's scapy module and needs to be installed manually
scapy
Save the code to the file dns_receiver.py
dns_reciver.py
Operation method:
Effect:
Using netcat for file transfer
1.txt
A:10.10.10.100
B:10.10.10.200
Receiving end:
Sending end:
perhaps
In extreme environments, if there is no NC at the receiving end, bash's / dev / TCP can be used to receive files:
Reference link
- Ippsec’s HackTheBox - Mischief Video
- Micropoor
- Simple Local HTTP Server With Ruby
- Big list of http static server one liners
- Penetration technique -- multiple methods of downloading files from GitHub
This article was published by seebug paper. If you need to reprint it, please indicate the source. Address: https://paper.seebug.org/834/