⭕Other Methods
netcat
push files from client to listener (and vice versa):
netcat HTTP server
this will serve a single webpage.
Powercat File Transfers
ncat Secure Transfer
WHOIS Data Exfiltration
Cancel Data Exfiltration
Rlogin Data Exfiltration
Notepad Dialog Box File Download
If you have access (RDP, physical, etc.) to a machine, but your user permissions do not allow you to open a web browser, this is a trick you can use to quickly download a file from a URL or a Universal Naming Convention (UNC) path. This also works well when you are breaking out of a locked-down application being run on a terminal.
Open notepad
Go to file – open
in the File Name box near the bottom, type in the full URL path to your file
Notepad is kind enough to go out and grab the contents of this file for you.
debug.exe
This is a crazy technique that works on windows 32 bit machines. Basically the idea is to use the debug.exe program. It is used to inspect binaries, like a debugger. But it can also rebuild them from hex. So the idea is that we take a binaries, like netcat. And then disassemble it into hex, paste it into a file on the compromised machine, and then assemble it with debug.exe.
Debug.exe can only assemble 64 kb. So we need to use files smaller than that. We can use upx to compress it even more. So let's do that:
Now it only weights 29 kb. Perfect. So now let's disassemble it:
Now we just copy-past the text into our windows-shell. And it will automatically create a file called nc.exe
LOLBines For Windows
check out these windows native tools/utilities for file transfer (download)
Last updated
