Windows

POWERSHELL

Base64 Encode & Decode Lin -> Win

  1. Check SSH Key MD5 Hash

md5sum id_rsa

  1. Encode SSH Key to Base64

cat id_rsa | base64 -w 0;echo

justimaginethisissomerandomhashbecauseyoudontcareandidontcare=

  1. Decoding SSH Key on Windows machine

PS C:\> [IO.File]::WriteAllBytes("C:\Users\Public\id_rsa", [Convert]::FromBase64String("justimaginethisissomerandomhashbecauseyoudontcareandidontcare="))

  1. Confirming the MD5 Hashes Match

Get-FileHash C:\Users\Public\id_rsa -Algorithm md5

  • Note: It's not always possible to use this method because cmd.exe has a maximum string length of 8191 characters. And also web shell may error because of this large strings.

Base64 Encode & Decode Win -> Lin

I explained above how to do encoding in Linux and decoding in Powershell, now I'll explain opposite: Encode in Powershell and decode in Linux

  1. Encode File Using Powershell

  1. Decode Base64 String in Linux

  1. Get & Check Hash

Web Downloads

In any version of PowerShell, the System.Net.WebClient class can be used to download a file over HTTP, HTTPS or FTP. The following table describes WebClient methods for downloading data from a resource.

  1. File Download

  1. PowerShell DownloadString - Fileless Method. Fileless attacks work by using some operationg system functions to download the payload and execute it directly. Instead of downloading a PowerShell script to disk, we can run it directly in memory using the Invoke-Expression cmdlet or the alias IEX

Common Errors

  • Internet Explorer Error

  • SSL/TLS Untrusted certificate error

PowerShell Web Uploads

PowerShell doesn't have a built-in upload fucntions, so we need to use Invoke-WebRequest. or Invoke-RestMethod. Also we can use uploadserver module for Python, to install it we should use:

  • Turn On Web Server with Upload

  1. PowerShell Script to Upload a File to Python Upload Server

  1. PowerShell Base64 Web Upload. Convert file to base64 and send it using Invoke-WebRequest with POST method.

SMB

Downloads

  1. Create the SMB Server

  1. Copy a File from the SMB Server

  • But in some scenarios there would be an error, which forbids us unauthentificated guest access, so we could creat a smb server with authentification

  1. Create the SMB Server with a Username and Password

  1. Mount the SMB Server with Username and Password

Uploads

SMB Uploads will be more tricky because companies usually block uploads to SMB, cause it could cause a huge problem. BUUUT we could use HTTP or HTTPS protocol in return. It's because when you use SMB, it will first attempt to connect using SMB protocol, and if there's no SMB share available, it'll try to connect using HTTP. But for this we need WebDav protocol, it enables a webserver to behave like a fileserver, which we need. First you need to install it

  1. Using the WebDav Python module

  1. Connecting to the Webdav Share. DavWWWRoot isn't a folder, it's a special keyword that tells WebDAV that we are connection to the root of WebDav server. You could use any existing directory when you are connecting, as example sharefolder

  1. Uploading Files using SMB

FTP

Downloads

  • Installing FTP Server python3 module

  1. Setting up a Python3 FTP Server

  1. Transferring Files from an FTP Server Using Powershell

  1. Create a Command File for the FTP Client and Download the Target File

Uploads

For this we would also use peftpdlib but we need to specify the option --write to allow clients to upload files to our attack host.

  1. Starting FTP Server

  1. Powershell Upload File

  1. Create a Command File for the FTP Client to Upload a File

CERTUTIL

File Transfer

File Encode

File Decode

PreviousFile TransfersNextLinux