File Transfer Cheatsheet: Windows and Linux
File transfer is a critical component in post-exploitation, penetration testing, and red teaming.
Last updated
Was this helpful?
File transfer is a critical component in post-exploitation, penetration testing, and red teaming.
Last updated
Was this helpful?
File transfer is a critical component in post-exploitation, penetration testing, and red teaming. Different environments require specific approaches, so it’s essential to have a versatile set of techniques at your disposal. This guide covers practical, step-by-step methods for transferring files on Windows and Linux, providing multiple options to ensure you’re prepared for any situation.
Setting up an isolated testing environment is key to safely practicing file transfers. Use VirtualBox, VMware, or cloud-based VMs to create separate Windows and Linux instances, and ensure they can communicate.
Example Lab Configuration:
Linux Server: IP 192.168.1.100
Windows Server: IP 192.168.1.101
Wget is a command-line utility available by default on Linux and can be installed on Windows. It’s especially useful for downloading files over HTTP, HTTPS, or FTP.
Linux to Linux or Linux to Windows:
Start a Python HTTP server on the Linux machine (explained in Section 13).
On the destination machine, download the file using wget:
Windows with Wget Installed:
Install Wget on Windows if it’s not already available.
Run the following command:
Curl supports various protocols, including HTTP, HTTPS, and FTP, and is pre-installed on Linux. On Windows, PowerShell includes a built-in alias for Curl.
Linux to Linux or Linux to Windows:
Start a Python HTTP server on the source machine.
On the target, use Curl to download:
Windows PowerShell:
Use the following command to download to a specified path:
Certutil is a built-in Windows tool commonly used for managing certificates, but it also supports file downloads, making it ideal in restrictive environments.
Start a Python HTTP server on the Linux machine.
On the Windows target, use Certutil to download the file:
Verify the file download by checking the destination directory.
BITSAdmin, another Windows utility, uses the Background Intelligent Transfer Service (BITS) to manage file downloads in the background.
On the Windows machine, open a PowerShell terminal.
Run the following command:
Check the Transfer Status:
PowerShell’s Invoke-WebRequest is another option for downloading files on Windows, useful for HTTP-based transfers.
Start a Python HTTP server on the source machine.
On the target Windows machine, use:
SMB (Server Message Block) is a network file-sharing protocol, and Linux machines can act as SMB servers using Samba.
On Linux (Setting up the SMB Server):
Install Samba:
Configure the smb.conf file to share a directory:
Restart Samba:
On Windows (Accessing the SMB Share):
Open PowerShell and map the SMB share:
Navigate to Z: and copy the file to your destination folder:
SCP (Secure Copy Protocol) is commonly used for secure file transfers over SSH.
Linux to Linux:
Run SCP with a remote destination path:
Linux to Windows (using OpenSSH on Windows):
Open PowerShell and run:
TFTP is a simple transfer protocol with limited functionality and no encryption, ideal for quick transfers in controlled networks.
On Linux (TFTP Server):
Install and start a TFTP server:
Place the file in the TFTP directory (e.g., /srv/tftp).
On Windows (TFTP Client):
Use the TFTP client to get the file:
FTP is a more robust option but lacks encryption by default.
On Linux (FTP Server):
Install and start an FTP server (e.g., vsftpd).
Place the file in the FTP directory (e.g., /srv/ftp).
On Windows (FTP Client):
Open a PowerShell terminal and connect:
Download the file using get file.txt.
The Python HTTP server is quick and efficient for short-term file sharing over HTTP.
On Linux (Start HTTP Server):
Start the server in the file directory:
On Windows (Download via Browser or PowerShell):
Netcat is a versatile utility that can transfer files directly over a TCP/UDP connection.
On Linux (Act as Server):
Run the following to listen on port 4444:
On Windows (Receive the File):
Use the following to connect and save the file:
For legacy support, Python 2 has a built-in SimpleHTTPServer module.
Start the server on the source machine (Linux or Windows) by running:
This approach works similarly to Python 3’s http.server, but keep in mind that Python 2 is deprecated and might not be available on all systems.
Some situations call for more secure or stealthy file transfer methods to avoid detection. Here are a few advanced approaches:
Obfuscate File Names and Extensions: Rename sensitive files to non-suspicious names, or change extensions (e.g., file.exe to file.jpg) to avoid automated security detection.
Use Encryption: Encrypt files using tools like gpg on Linux before transfer to add an extra layer of security:
On the destination, decrypt with:
Encoded Transfers in PowerShell: If restricted, use base64 encoding to transfer text-based data:
On the target, decode it:
Data Exfiltration via DNS Tunneling: For highly covert transfers, encode data in DNS requests using tools like dnscat2 or iodine, though this is often limited by network restrictions.
Issues can arise during file transfers, especially on restricted or locked-down environments. Here are some tips to address common problems:
Network Connectivity: Ensure that both machines are on the same network and that there are no firewall rules or network restrictions blocking the transfer ports.
Antivirus or EDR Detection: Rename files, change extensions, or zip/encrypt files to avoid triggering security alerts. Using PowerShell and Bitsadmin is generally less likely to be flagged than using certutil or nc.
Permissions: Ensure you have the necessary permissions on both source and destination directories. On Linux, use chmod to set permissions, and on Windows, check folder security settings.
Correct Paths and Commands: Double-check file paths, IP addresses, and syntax, especially on different platforms (Linux vs. Windows syntax).
File transfer methods vary widely, and knowing multiple techniques is essential for adapting to different operating environments and security restrictions. From simple HTTP servers to advanced tools like SMB and SCP, this guide equips you with practical, step-by-step instructions for nearly any file transfer scenario you may encounter. Remember to test and practice these methods in a controlled lab environment to familiarize yourself with each tool’s behavior and limitations.
Open a browser and navigate to to download, or:
On the target machine, use your preferred method (e.g., wget, curl, browser) to download the file from .